The ClinicalPosters store is hosted on Shopify Inc. They provide the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application on a secure server behind a firewall.

This page details the measures ClinicalPosters has in place to protect visitor and customer data. As a USA company, ClinicalPosters is bound by Federal and state laws affecting user privacy and taxation. Other parties cooperating to deliver the unique browsing experience reside in other parts of the world. ClinicalPosters endeavors to handle customer data as securely and responsibly as possible. For specifics, see topics below.

SECTION 1 - What we do with your information

How are cookies used? +

Cookies, or little bits of text, that help this website interact with visitors are saved on your computer. You may adjust built-in browser privacy settings but cookie duration is automatically set to optimize your browsing experience on this site. Shopify cookies are disclosed in a separate document.

ClinicalPosters endeavors to minimize use of cookies where possible. Other cookies may be used Google, third-party developers or social media accounts you may have joined and payment processing companies to improve customer experience and for important notifications. JavaScript is required to render pages and navigation menus properly.

What visitor activity is tracked? +

Like most sites, ClinicalPosters uses Google Analytics for aggregating site activity based on visitor IP addresses. This reveals the number of visits, page views, sales, types of devices for specified time periods, and total visits from various regions. A Google option to use visitor cookie data for marketing on other websites and platforms is disabled.

Local tracking during site visits helps protect user data from unauthorized access and determine whether there are clear paths to customer checkout.

For the purpose of Pinterest conversion tracking, information will be shared with third parties to measure ad effectiveness. You may opt out of most advertiser tracking through your browser’s Do Not Track feature or your social media settings.

What personal data is stored? +

As you browse our store, we automatically receive your computer’s Internet protocol (IP) address to help us learn about your browser and operating system. This allows pages to be formatted correctly and for individual preferences or shopping cart contents to be preserved.

Data Retained

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. A basic Customer Account is created to securely preserve this information. Contact information and recent order history are accessible during customer login.

How is data secured? +

ClinicalPosters is hosted behind multiple firewalls on an e-commerce platform that is compliant with Payment Card Industry Data Security Standard (PCI DSS) and GDPR. Admin data access requires password by individuals with appropriate security clearance. A dynamic audit trail of record access and edits is maintained. Programmers work around the clock to provide admin with realtime status updates. Suspicious user agent and IP patterns are monitored both dynamically and against blacklists.

How is my credit card information secured? +

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption, meeting all 6 categories of PCI standards:

  1. Maintain Secure Network
  2. Maintain Vulnerability Management Program
  3. Regularly Monitor and Test Networks
  4. Protect Cardholder Data
  5. Implement Strong Access Control Measures
  6. Maintain an Information Security Policy
How long is data stored? +

In accordance with local tax laws, ClinicalPosters retains customer order history at least 5 years. Third-party processors may maintain data for as short as 6 months for EU customers to 18 months. Most do not retain any personal information.

To facilitate reorders and customer logins, customer account data is retained indefinitely by ClinicalPosters or until deletion request is received. During customer login, addresses and phone numbers may be added or edited. Use the Contact form to request copies of invoices or verified email changes.

When and how will I be notified in the event of a data breach? +

ClinicalPosters does not have direct access to credit card data, which has additional layers of security. In the unlikely event of a breach, third parties (those that actually store financial data) or ClinicalPosters will prioritize email notification of identified European customers within 72 hours of discovery with a status report.

FedEx Data Breach, Revealed February 15, 2018 — Data from Bongo International (acquired 2014, relaunched 2016 as FedEx Cross Border, shuttered 2017) was exposed on an Amazon Web Services (AWS) cloud storage server that was not secured with a password.

FedEx issued the following statement: “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated, and will continue our investigation.”

This notification is provided for transparency. No ClinicalPosters customers are affected by it. Contact FedEx or select another delivery option during checkout if you have concerns that this Bongo breach affects you.

SECTION 2 - Consent

Age of consent? +

This website is not intended for minors. Measures taken to minimize exposure of inappropriate content to minors are not foolproof. By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

How is my email captured? +

Email addresses are voluntarily submitted within subscription links, through a specific email field at the bottom of ClinicalPosters website pages, when subscribing to ClinicalPosters blogs or recurring services, and during checkout on this website, Pinterest or eBay.

Names and email addresses within Contact form message are not automatically added to our mailing list and do not create a Customer Account unless specifically expressed within the message.

Historical email addresses from a previous ClinicalPosters shopping cart system were merged with those from MYanatoMYstore.

In what ways is my email address used? +

We use email to respond to any feedback or support emails you send us. We also notify you of important account-related matters, such as security or billing problems. Emails generally fall into two categories:

  1. Transactional email is required for customer login, and communication regarding pending or recent orders. This is the preferred method of communication for security announcements.
  2. Our marketing email includes the monthly A Bit More Healthy newsletter that summarizes recent ClinicalPosters News and Health articles. Opting out of marketing (unsubscribing) blocks these newsletters but not other transactional communication.

Data Retained
Amazon or eBay orders are received with email addresses masked. These customers are unable to login and view customer history on the ClinicalPosters site and are excluded from promotional marketing.

Email marketing (A Bit More Healthy newsletter): With your permission, we may send you emails about our store, new products and other updates. When an order is fulfilled or historical data is transferred (to another company or hosting service), you may receive notification regardless of marketing preferences.

What happens if I opt-out of the mailing list? +

If you fail to opt in while providing email address during checkout, your Customer Account information will remain at ClinicalPosters, flagged not to receive marketing messages. About 70 percent of Health blog pages are only visible to logged in subscribers.

Marketing emails include an unsubscribe link. This does prevent transactional emails deemed necessary to fulfill a contract such as notification of shipping, delivery confirmation, order followup and account security information.

How is my phone number used? +

A customer phone number is recommended but optional. FedEx always requires it and USPS Priority Mail requests it for international shipments. Absence of a recipient phone number can hinder delivery. During checkout, it is possible to request SMS order updates. (Data usage rates may apply.)

Customers may periodically receive phone calls from ClinicalPosters to determine satisfaction, update account information, and share or demonstrate important site features.

How are my street addresses used? +

Billing address is a credit card validation to prevent fraud. It is included on optional printed invoices but not packing slips. ClinicalPosters currently has no postal mail marketing program but reserves this option to disseminate important transactional or promotional samples when necessary.

Shipping address is required to deliver merchandise. It may be securely validated with third-party technology against postal databases to prevent undeliverable packages. Shipping addresses are shared with some vendors to facilitate direct manufacturer product shipping if deemed most expedient. Customers have secure access to Google geolocation map while packages are in transit. Addresses are user-editable when logged into ClinicalPosters.

What are the 6 basis for processing under the GDPR? +
  1. Consent: The data subject has freely given consent for their information to be processed for a specific purpose.
  2. Contract: Processing is necessary due to the fulfillment of a contract.
  3. Legal Obligation: Processing is necessary to comply with the law.
  4. Vital Interest: Processing is necessary to save or protect an individual’s life.
  5. Public Tasks: Processing is necessary to perform a public interest in official functions. (Primarily applies to government agencies.)
  6. Legitimate Interests: Processing is necessary to legitimate interests of organization or third-party affiliate.
What are examples of unambiguous consent? +

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. Some consent is implied by the very nature of the user action performed to capture such information.

The Checkout page and Customer Account page, accessible when logged in, include an identical summary of how private data is used along with a link to opt out of our mailing list. Below are some situations that may have obvious intent at the point of capture.

  • Create account to receive newsletter — You are enrolled on mailing list
  • Create Wishlist — Selections are saved until you remove them or request deletion
  • Include address on order — This may be validated shared with couriers to complete delivery
  • Provide phone number and request SMS updates during checkout — You will receive SMS updates
  • Reply to blog — Comments are made public until you request deletion
  • Request to placed on mailing list during checkout — You are enrolled on mailing list
  • Write product review — Comments are made public until you request deletion

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

SECTION 3 - Third-Party Services

Are third parties bound by this Privacy Policy? +

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which these providers will handle your personal information.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Which third parties carry out legitimate interests? +

Some vendors are granted API access to specific functions by virtue of a contract with ClinicalPosters or have legitimate interests to help fulfill contracts with customers.

  • 3B Scientific — Order fulfillment
  • Amazon — Optional login and payment processing
  • American Express — Credit card authorization
  • Apple Pay — Optional digital payment processing
  • Chase Bank ACH bank transfers
  • Discover — Credit card authorization
  • ePacket — Global package delivery
  • FedEx — Package delivery
  • Google Analytics — General marketing information
  • Google Pay — Optional digital payment processing
  • JCB — Credit card authorization
  • MasterCard — Credit card authorization
  • Oberlo — Merchant liaison
  • PayPal — Optional payment processing
  • Pinterest — Social media plugin for sharing images
  • Seguno — Email newsletter processing
  • Shopify — Default payment processing
  • Twitter — Social media plugin
  • USPS — Global package delivery
  • VISA — Credit card authorization
  • Wolters Kluwer — Occasional order fulfillment
  • Zelle — Optional digital payment processing
  • Couriers and border customs officials have access to consignee name, address and, for international delivery, package contents. ClinicalPosters may use a remote incremental data backup system to preserve integrity of the site as a protection against unexpected system failures or accidental data deletion.

    † 18-month address retention or until deletion request.
    ‡ 6-month EU email address retention or until deletion request.

    Video: How to Use Apple Pay on the Web
    Do third-party vendors have appropriate security? +

    Affiliates and third-party Sub-processors assist in providing the Services outlined within this document. Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

    Privacy and GDPR-Compliance Links for ClinicalPosters Vendors
  • Adobe, California, USA
  • Akamai, Massachusetts, USA
  • Amazon, Washington, USA
  • Apple, California, USA
  • Booster Apps, California, USA
  • Disqus, California, USA
  • eBay, California, USA
  • Facebook, California, USA
  • FedEx, Tennessee, USA
  • eNom, Washington, USA
  • Google, California, USA
  • MailChimp, Atlanta, USA
  • Microsoft, Washington, USA
  • PayPal, California, USA
  • Pinterest, California, USA
  • QuickBooks, California, USA
  • Shopify, Toronto, Canada
  • Seguno, Durham, NC
  • Squarespace, New York, USA
  • Stripe, California, USA
  • Twitter, California, USA
  • Wolters Kluwer, Netherlands
  • Facebook account holders sometimes post links to ClinicalPosters pages.

    USPS is a United States government agency that delivers mail throughout the world. It has not disclosed GDPR compliance.

    SECTION 4 - Changes to This Privacy Policy

    Will this policy be modified? +

    We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

    If our store is acquired or merged with another company, your information may be transferred to the new owners so that we (ClinicalPosters) may continue to sell products to you.

    Where can I find additional GDPR or privacy information? +

    A link to our Privacy notice can be found within the footer of the ClinicalPosters website. Your attorney, accountant and digital security consultants can provide further assistance.

    If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at privacy-[at]-clinicalposters.org, use the Contact form or mail request to ClinicalPosters Privacy Compliance, PO Box 451051, Los Angeles CA 90045-8509.

    Update 11th of May 2019: MailChimp discontinued in favor of Seguno, a third-party service that manages email within Shopify without duplication of customer list. Dwolla, Google Plus, Persistent Cart, Postmates and Wishlist services removed. Update 23th of April 2019: Blog access limitations for customers who unsubscribe included in section 2. Update 23th of July 2018: Amazon login information included within section 3. Update 17th of September 2018: New third-party vendor was added to section 3 and language simplified. See separate Terms of Service.