Managing Your Information Preferences
Information We Collect
Student Educational Records
PAEA’s assessment services for educational programs require the collection, processing, use, storage and disclosure of student educational records covered by the U.S. Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). Any educational program using PAEA’s assessment services authorizes PAEA to collect and store the data on behalf of the program for the sole purpose of PAEA providing the assessment services. Programs that use PAEA’s assessment services are responsible for limiting access to PAEA’s assessment services to only those individuals who need to use them and revoking access when those individuals no longer require access.
Usage Data, Site Activity and Location Information
The PAEA assessment system collects data generated by users of the Services that are capable of identifying users of PAEA assessments. User interactions in PAEA’s assessment system are logged with a unique identifier which links back to a separate data file that includes Personal Information. User interaction data are linked to user Personal Information in order to generate test scores, and to make a record of test behavior and proctor monitoring, both of which are critical features to the secure administration of PAEA assessments. Score information and student identity data are primarily available to authorized users at the program within the PAEA assessment system. Personal Information may be accessed by PAEA when programs make inquiries for assistance related to an assessment administration, for the investigation of assessment system technical problems, for investigations of suspected or reported testing irregularities, and in order to deliver PAEA assessments to students.
Cookies and Web Beacons
How We Use Information and When We May Share and Disclose Information Generally
We may use your Personal Information for the purpose for which it was provided, including without limitation for the purposes described further below:
- Provision and Monitoring of the Services: We will collect, use, process, store, transmit, and share your Personal Information as necessary to deliver the Services and support and monitor your use of the Services, in accordance with all applicable PAEA policies and any agreements entered with PAEA that govern the use of the Services. Some of the data we collect to provide the Services, for example, your birthday, are required as account security measures and user authentication data.
- Surveys and Other Special Offers: From time to time, we may offer our users the opportunity to participate in surveys and other special offers. If you elect to participate in these services, you will need to provide certain Personal Information.
- Questions and Requests: If you contact us by e-mail or otherwise, we will use the Personal Information you provide to answer your question or resolve your problem. If You do not have a User Account, we do not regard any information submitted by You as a question or request as private or confidential and will use and share such information in its sole discretion, as necessary for the Association’s business purposes.
- Contacting You About Other Products, Services and Events: PAEA and, if you opt-in, third parties may use your Personal Information to contact you in the future to tell you about products, services, and events that may be of interest to you.
- Research and Data Analysis: In an ongoing effort to better understand and serve the users of the Site and the Services, and in the service of academic research in the field of PA education, PAEA may conduct research on its users’ demographics, interests, and behavior based on Usage Data and other information provided by users and third parties. This data may be compiled and analyzed on an aggregate basis, and PAEA may share this data with researchers, member programs, business partners, publications, and other third parties. This information will not identify you or users personally. PAEA may use deidentified aggregate application data you submit to CASPA and admissions decisions your designated PA programs submit to CASPA for use in educational research and statistical reports following procedures to ensure that you are not identified. The purpose of such research and reporting is to improve PA education and admissions and all results are reported in aggregate only. Deidentified aggregate application data may include, but are not limited to, summaries of applicant demographics, application and matriculation rates, and average GPAs, all of which data are not capable of being used to identify you personally.
- Service Improvement: We may use your Personal Information, aggregated Personal Information, and other non-personally identifiable information collected through the Site and Services to help us improve the content and functionality of the Site, to better understand our users, and to improve the Services.
- Order Fulfillment: We may use your Personal Information that you provide to fulfill any orders you may place for Services offered by PAEA.
Information You Make Available to Others
By using the Site or Services, including creation of a profile on PAEA, submission of public queries, or making public comments in parts of the Site where that is possible, you may make certain of your Personal Information available to others, such as your name or username, and you may voluntarily enter and make available comments and other content that includes additional Personal Information. Such information may be accessed by users who use the Site or Services and may be accessed by commercial search engines such as Google, Yahoo!, and Bing to the extent that such engines are permitted to access the Site or Services. You may also provide and upload and direct third parties to provide and upload Personal Information that you expressly direct us to share with designated third parties in order to participate in Services offered by us. If you direct us to share your Personal Information with designated third parties in connection with our delivery of the Services, we will do so in accordance with your consent and direction in the scope of our delivery of the Services.
From time to time, we may establish a business relationship with other businesses that we believe to be trustworthy and have privacy practices consistent with ours (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, accounting, data analytics and data storage and management, assessment-related activities, Internet-based platforms, and marketing and promotions. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Information other than as specified by PAEA.
We may share Personal Information and Usage Data with businesses controlling, controlled by, or under common control with PAEA. If PAEA is merged, acquired, or sold, or in the event of a transfer of some or all of our assets or equity, we may disclose or transfer Personal Information and Usage Data in connection with such transaction.
Compliance with Laws and Law Enforcement
PAEA will cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and any other content and information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to or comply with legal requests (including court orders and subpoenas), to protect the safety, property, or rights of PAEA or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
Be Careful When You Share Information with Others Exclusions
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of Personal Information and other information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Site or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk.
We do not knowingly collect Personal Information from children under the age of 13. If we become aware that we have inadvertently received Personal Information from a child under the age of 13, we will delete such information from our records.
California Privacy Rights
When California customers provide personal information to a business, they have the right to request certain disclosures if that business shares personal information with third parties for the third parties’ direct marketing purposes. Once per calendar year the customer may request that the business provide a list of companies with which it shares personal information for those companies’ direct marketing purposes, and a list of the categories of personal information that the business shares. PAEA generally does not share personal information with third parties for the third parties’ direct marketing purposes without Your explicit consent and direction. However, if you receive a solicitation from a third party that you believe obtained Your information from the PAEA without your consent, You may request information about our compliance with this law by contacting us at:
Physician Assistant Education Association
Attention: Privacy Compliance Officer
655 K Street, N.W., Suite 700,
Washington, D.C. 20001-2399
Any such inquiry must include “California Privacy Rights Request” in the first line of the description and include Your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.
Note to International Users
European Union General Data Protection Rights
Information about the European Union General Data Protection Regulation (GDPR) can be found here. GDPR outlines subject access rights of individuals in relation to their personal data. If you are a resident of the European Union or the United Kingdom and would like to exercise any of Your rights under GDPR, Your rights and the actions you can take are summarized below.
Right to Access: You can access most of the data we have about you through your account. You can request a complete report on what personal information we have about you.
Right to Rectification: We strive to keep records and all data accurate. If you would like to modify an inaccurate record of Your personal data, in most cases you can edit the data yourself through your account. However, if you are unable to make a correction yourself, you can request that we make the correction for you.
Right to Data Portability: You can request a copy of your personal data to be transferred to a new system or platform.
Right to Object: You can object to our processing of your personal data in certain limited circumstances that are not related to our provision of the Services.
Right to Restrict Use: You can request that we restrict the processing of your personal data in certain limited circumstances that are not related to our provision of the Services.
Right to Erasure: You can request that we delete your personal data in certain extremely limited circumstances that are not related to our provision of the Services.
All GDPR subject access rights requests must be sent via email to firstname.lastname@example.org and include the specific details for your request and the basis for making the request. We will respond to all valid subject access rights requests within 30 calendar days of receiving the request; however, it may take longer to fulfill your request. If you are unsatisfied with how we handle your request, you can find the contact information for your local data protection authority here.
Links to Additional Data and Privacy Practices Information for Specific PAEA Services
PAEA Assessments — PACKRAT, End of Rotation Exams, and End of Curriculum Exams