to main content Privacy & Cookies Statement | The Joint Commission

Privacy & Cookies Statement

This Privacy & Cookies Statement explains how The Joint Commission, The Joint Commission Resources, Inc. (JCR) with its division Joint Commission International, (collectively, “The Joint Commission,”) (with contact details below) collects, uses, shares, and otherwise processes individually identifiable data obtained about visitors to our website, as well as contact persons for our accredited organizations, distributors, sales representatives, end users, and suppliers (“Personal Information”). This Privacy & Cookies Statement pertains to Personal Information that we collect through our public websites, mobile applications, and other online properties (each, a “Site”) as well as through trade shows and offline means.

Summary of Key Points

Collection

As a business to business (“B2B”) organization, we collect names, business contact details, and other Personal Information related to our commercial relationships.

Use

We use Personal Information to perform transactions and respond to inquiries, to manage accounts and maintain business operations, to provide relevant marketing, and to fulfill other business and compliance purposes.

Sharing

We share Personal Information as necessary to perform transactions and respond to requests, for our own administration and management, and to fulfill other business and compliance purposes.

Marketing choices

You have control on how we use Personal Information for marketing.

Cookies and tracking

We use cookies, scripts, and other tracking mechanisms and on our Sites, and provide choices on use of cookies, including third party targeting and advertising.

Data subject rights

You have certain rights to request access, rectification, deletion, objection, or other actions regarding your Personal Information where required by applicable law. Please complete the Data Subject Access Request Form with any request related to your Personal Information.

Data security

We maintain technical and organizational measures to protect Personal Information from loss, misuse, alteration, or unintentional destruction of Personal Data.

Cross-border data transfers

We provide appropriate protections for cross-border transfers where specified by law.

Other issues

We provide other information in this Privacy & Cookies Statement about: (i) the legal basis for our collection and processing of Personal Information, (ii) the consequences for not providing Personal Information, (iii) automated decision-making, (iv) do-not-track (DNT) signals, (v) data retention, (vi) links to third party websites, (vii) employee and contractor issues; and (viii) changes to this Privacy & Cookies Statement.

Contact us

Please contact us as detailed below with any questions.

 

Collection of Personal Information

We collect the following categories of Personal Information about Site visitors, accredited organizations, distributors, sales representatives, end users, and suppliers:

Basic data:

Name, title, company, job responsibilities, phone number, mailing address, email address, and contact details.

Compliance data:

Government identifiers, passports, beneficial ownership data, and due diligence data.

Registration data:

Newsletter requests, subscriptions, downloads, and username/passwords.

Job applicant data:

Data provided by job applicants or others on our Sites or offline means in connection with employment opportunities.

 

Transaction data:

Transaction history, payment details, and performance data.

 


 

Marketing data:

Data about individual participation in marketing campaigns including webinars, trade shows and conferences, credentials, associations, product interests, and preferences.

 

Device data:

Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Sites (Usage Data). Note, however, we do not consider Device Data to be Personal Information except where we link it to you as individual or where applicable law provides otherwise.

Specific Collection Points of Personal Information

When you visit our site, we may ask you for any of the above information. We may also ask you to create a password for your account and to provide demographic data in certain circumstances as described below. The specific areas where Personal Information is collected includes:

  • Websites:

    There are places on Sites where information is collected when you sign up to received information about the services and products.
  • Webstore:

    Each individual who creates a webstore account to become registered and purchase products or services will have a username and password. For reasons of security and privacy, as a user, you are responsible for not sharing your username and password. Those who are registered can purchase products and/or services for yourself or on behalf of others, access your web order history and reorder, create and maintain your own address book, manage a wish list that you can send to colleagues, setup reminders, request e-mail announcements, view saved orders and expedite your checkout process. We will capture and retain email address, name, accredited organization affiliation, professional title (optional), company (optional), country, billing address, shipping address phone number and, as applicable, Tax-Exempt document (including any identifiable information contained therein) to accurately process your order.
  • E-mail alerts/Newsletters and Journals:

    You can sign up to receive e-mail alerts, newsletters or journals. We capture and retain name, organization and e-mail address to provide the information you specifically request.
  • Public Comment on Standards/Measures:

    Periodically, The Joint Commission seeks public comment on draft standards, performance measures or other matters. This is usually accomplished through the use of an electronic survey tool. In order to validate the comment, The Joint Commission requests some demographic information in the survey. Completion of this section is optional to you. Should you submit the requested demographic data this information will be retained until no longer necessary for the purpose of the study.
  • Registration to the Joint Commission Connect or JCI Direct Connect Extranets:

    Each individual who registers to use the Joint Commission Connect will have a username and password. For reasons of security and privacy, as a user, you are responsible for not sharing your username and password. For additional information about Joint Commission Connect see Log In Help.
  • Blogs/News and Discussion Boards: 

    If you sign-up to participate on blogs and discussion boards, we capture name and e-mail address to allow posting of comments to the Site.
  • Speakers Bureau Form:

    By completing the electronic form to retain a Joint Commission speaker, you provide name, e-mail address, city, state, zip and phone. This information is captured and retained for securing Joint Commission Speakers.
  • Events/Podcasts/Audio-conferences:

    If you chose to sign-up for any event, podcast or audio-conference, we may capture and retain the name, business title, business company, phone number, state and e-mail address for registration.
  • Business Development:

    If you complete a form requesting additional information about an accreditation or certification program, we capture and retain the name of the individual, the organization, the e-mail address and demographic data for the purpose of responding to your questions on accreditation and/or certification. This information is not shared outside The Joint Commission.
  • Tools and online applications:

    There are tools (e.g., TST® and Oro® 2.0) whether provided for purchase or at no additional cost are available to accredited organizations where user’s name, password and email address are collected for the purpose of facilitating your use of the tool. There are application specific privacy statements available on each. JCR has several online applications available for purchase (e.g., Tracers with AMP®, E-dition®, Joint Commission Perspectives® and Digital Learning Center) each which collect first name and last name, username, password and email addresses for the purposes of facilitating use of the tool, and to provide system/tool status updates.

We may use your Personal Information to provide you with information of interest and other marketing communications via email. You may opt-out of receiving such marketing communications at any time through the use of the subscription center or by completing the unsubscribe form or by responding to the instructions in any marketing communication.

  • Other sources – Personal information may be obtained from other sources, such as publicly available databases, or information purchased from personal information aggregators or through the provision of services to you.

Use of Personal Information

The purposes for which we use Personal Information which is collected as identified above include:

  • To perform transactions and respond to inquiries we use basic data, registration data, transaction data, and device data.
  • To manage accounts and maintain business operations we use basic data, registration data, transaction data, and device data.
  • To make our Sites more intuitive and easy to use we use device data.
  • To protect the security and effective functioning of our Sites and information technology systems we use basic data, registration data, transaction data, and device data.
  • To provide relevant marketing we use marketing data, basic data, registration data, transaction data, and device data, some of which is obtain through publicly available sources.
  • To provide accredited organizations with updates, reminders, or other information about products and services that they have ordered or that may interest them we use marketing data, basic data, registration data, transaction data, and device data.
  • To address compliance and legal obligations we use compliance data, basic data, registration data, transaction data, and device data.
  • To protect us and our accredited organizations from fraudulent transactions and investigate inappropriate or unauthorized use of The Join Commission Enterprise services, products, accounts, intellectual services or other assets we use compliance data, basic data, registration data, transaction data, and device data.
  • To consider individuals for employment and contractor opportunities and manage on-boarding procedures we use job applicant data and compliance data.
  • Where needed for corporate audits or to investigate or respond to a complaint or security threat we use compliance data, basic data, registration data, transaction data, and device data.

Sharing of Personal Information

We share Personal Information with the following categories of recipients:

  • Employees and Affiliates:

    We share Personal Information with our employees and within the Company group of affiliated companies as necessary for the purposes identified above. The list of affiliates within the Company group includes: The Joint Commission, and Joint Commission Resources, Inc. (JCR) with its division Joint Commission International (JCI), and the National Quality Forum (NQF).
  • Distributors and sales representatives:

    We share Personal Information with distributors and sales representatives in order to: perform transactions and respond to inquiries; manage accounts and maintain our business operations; provide relevant marketing; and address compliance and legal obligations.
  • Suppliers and service providers:

    We share Personal Information with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above. We require such parties by contract to provide reasonable security for Personal Data and to use and process such Personal Information on our behalf only.
  • Auditors, advisors, and financial institutions:

    We share Personal Information with auditors for the performance of audit functions, with advisors for the provision of legal and other advice, and with financial institutions in connection with payment and other transactions.
  • Mandatory disclosures and legal claims:

    We share Personal Information in order to comply with any subpoena, court order or other legal process, or other governmental request. We also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
  • Contractors:

    We may disclose Personal Information to contractors to help us support our Site or perform other functions on our behalf. We require such parties by contract to only access Personal Information to the extent needed to provide the functions on our behalf, to maintain appropriate security controls to protect the data, and to use the data for the purposes specified in the agreement.

We do not sell your Personal Information for purposes of allowing others to use such information for their own marketing purposes. If you have questions about the parties with which we share Personal Information, please contact us as specified below.

De-Identified Aggregate Data

We may also use the information you provide in a de-identified format as to both individual and organization, for research, quality improvement, or benchmarking purposes, and may provide this information in the aggregate to third parties. For example, we might inform other users regarding the number of users to the Site.

Marketing Choices

You have control regarding our use of Personal Information for directing marketing. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, you can choose to not receive such communications at any time. Please follow the unsubscribe link in the relevant communication, or contact us as per below.

Cookies and Tracking

We may collect information about your browser and usage activity on our Site using cookies, trackers, web beacons, scripts and other technologies. In particular, we may obtain: the IP address of the computer you are using; the name of the domain you use to access the Internet (e.g., gmail.com); the date, time and length of your visit, device, browser, and the pages you visited. We use this information in order to present relevant content to a user for both marketing and informational value, to assist with diagnosing and solving problems with our server, and to assist with the administration of our Site.

The Joint Commission uses cookies for Site navigation, to promote relevant content, and for advertising. “Cookies” are bits of text data sent from a Web server to a user's computer to be retrieved later for purposes of identification. The Joint Commission uses temporary cookies which are deleted at the end of each user session. For purpose of improving the site performance, The Joint Commission also uses web beacons, which monitor the traffic pattern of users from one page to another, “Web beacons” are electronic images placed in the code of a webpage, application, or email. We also allow third parties to view, edit, or set their own cookies and technologies for remarketing purposes. The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Privacy & Cookies Statement.

Cookies on our Sites are generally divided into the following categories:
  • Essential Cookies:

    These are required for the operation of our Sites. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies that are erased when you close your browser. These cookies and scripts are essential for enabling a user to move around the website and use its basic features, such as accessing secure areas of the website, opening navigation, displaying content.
  • Analytics: 

    These allow us to recognize and count the number of users of our Sites and understand how such users navigate through our Sites. This helps to improve how our Sites works, for example, by ensuring that users can find what they are looking for easily. These cookies are session cookies which are erased when you close your browser. We use Google Analytics, and to learn more about the use of cookies for Google analytics and to exercise choice regarding such cookies, please visit tools.google.com/dlpage/gaoptout. These cookies and scripts are not essential to the functioning of the web site but are used to identify (in aggregate) how visitors use the web site, which pages are most popular, where traffic originates from, and how long visitors spend on each page of the website. Alternatively, some analytics providers primarily serve the purpose of tracking system health, identifying technical issues with the web site, and reporting errors.
  • Marketing:

    These improve the functional performance of our Sites and make it easier for you to use. For example, cookies are used to remember that you have previously visited the Sites and asked to remain logged into it. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. These cookies and scripts allow for the delivery of advertisements more relevant to visitors and their interests. They may also be used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Advertising networks usually place them on the page with the website operator’s permission.
  • Personalization: 

    These record your visit to our Sites, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the Sites and other websites you visit. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. See below for further details on how you can control third party targeting cookies. These cookies and scripts allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
Below is a summary of most but may not be all of our cookies, trackers, and analytics technologies.

 

COOKIE PROVIDER TYPE

 

Control Over Cookies

You can review your internet browser settings, typically under “Help” or “Internet Options” to exercise choices you have for Cookies on your computer or device.

To learn more about the use of cookies for Google analytics and to exercise choice regarding such cookies, please visit tools.google.com/dlpage/gaoptout.

To learn more about certain cookies used for interest based advertising by third parties, including through cross-device tracking, and to exercise certain choices regarding use of such cookies for personalized advertising, please visit the Digital Advertising AllianceNetwork Advertising InitiativeDigital Advertising Alliance-CanadaEuropean Interactive Digital Advertising Alliance or your device settings for if you have the DAA or other mobile app. You can also delete all cookies that are already on your computer's hard drive by searching for and deleting files with “cookie” in it. If you disable or delete certain cookies in your Internet browser settings, you might not be able to access or use important functions or features of this Site, and you might be required to re-enter your log-in credentials. More information about cookies and how they work is available at www.allaboutcookies.org


Consent Management

When you browse our websites, they may collect or retrieve information about you through technologies like cookies. These cookies serve various purposes, including supporting the basic functionality of the website. However, you also have the option to disable specific types of cookies, which might impact your overall browsing experience. The Joint Commission employs a Consent Management Platform (CMP) which is a solution that enables you to provide consent for cookies in accordance with data protection laws and regulations. You can adjust the consent cookie settings by selecting the cookie icon located in the lower right-hand corner of the browser window. A cookie preferences window will appear that will allow you to manage which types of cookies are enabled or disabled.


Data Subject Rights

Where required by applicable law, you have the right to obtain confirmation of the existence of certain Personal Information relating to you, to verify its content, origin, and accuracy, as well as the right to access, review, rectify, obtain a copy, port, delete, or to block, or withdraw consent to the processing of certain Personal Information (without affecting the lawfulness of processing based on consent before its withdrawal), by completing the Data Subject Request Form.  Additionally, you have the right to object to our use of Personal Information for direct marketing and in certain other situations at any time. Contact us using the Data Subject Request Form for more details.  Please note that we need to retain certain Personal Information as required or permitted by applicable law.


Data Security

We maintain technical and organizational measures in place to protect Personal Information from loss, misuse, alteration or unintentional destruction. Although we make every reasonable attempt to secure your information, there is always some risk in transmitting information across the internet. No security measure can guarantee against compromise. We cannot guarantee that the Personal Information we collect will never be disclosed in some manner not consistent with this Privacy & Cookies Statement. We also cannot protect against any misuse, loss, or alteration of any user-editable content. You also have an important role in in protecting Personal Information. You should not share your username and password with anyone, and you should not re-use passwords across more than one site. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.


Email Security

“Phishing” is a common email scam where your email address is used to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that The Joint Commission is committed to keeping credit card and social security information out of emails. So, if you are ever asked for this information, please contact us as detailed below.


Cross-Border Data Transfers

We transfer Personal Information to jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. In particular, if you reside outside the United States (“US”), you should note that The Joint Commission is a controller that operates this Site in the US and therefore maintains Personal Information in the US. Regarding transfers from the European Economic Area (“EEA”) to the United States, or other jurisdictions with GPDR like laws, we rely on your consent for the transfer or the derogations for transfers which are necessary to perform the transaction with you and other grounds. We also implement standard contractual clauses approved by the European Commission, and other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the General Data Protection Regulation. For transfers from the EEA to countries not considered adequate by the European Commission, we have ensured that adequate measures are in place, including by ensuring that the third-party recipient is bounded by EU Standard Contractual Clauses, as may be updated, binding corporate resolutions, or an EU-approved code of conduct or certification, to protect personal information of EU residents. Where required by law, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below. If you reside in other non-US jurisdictions outside the EEA, your use of the Site or provision of any Personal Information constitutes your consent for the transfer of such data to the United States for the purposes identified above. If you have questions about cross-border transfers, please contact us as detailed below. You may also have rights to contact your local supervisory data authority with any questions.

Other Issues

(i) What is the legal basis of processing?
 
Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Information. We have several different legal grounds on which we collect and process Personal Information, including: (a) as necessary to perform a transaction (such as when we respond to your requests); (b) as necessary to comply with a legal obligation (such as when we use Personal Information for record keeping to substantiate tax liability); (c) consent (where you have provided consent as appropriate under applicable law); and (d) necessary for legitimate interests (such as when we act to maintain our business generally). With respect to legitimate interests, given that we are a B2B company, we typically collect and process limited Personal Information about accredited organization contacts and other individuals acting in their business capacities, as part of our overall effort to reduce the privacy impact on individuals.
 
(ii) What are the consequences of not providing Personal Information?
 
You are not required to provide all Personal Information identified in this Privacy & Cookies Statement to use our Sites or to interact with us offline, but certain functionality will not be available if you do not provide Personal Information. If you do not provide Personal Information, we may not be able to respond to your request, perform a transaction with you, or provide you with marketing that we believe you would find valuable.
 
(iii) Do we engage in automated decision-making without human intervention?
 
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
 
(iv) Do the Sites honor do not track (“DNT”) signals sent via browsers? 
 
Given the divergent practices of organizations that offer browsers and the lack of a standard in the marketplace, we generally respond to some but cannot honor all DNT signals at this time.
 
(v) How long do we retain Personal Information?
 
We typically retain Personal Information related to marketing activities for as long as you accept marketing communications from us, and we will securely delete such data in accordance with applicable law upon request. For Personal Information that we collect and process for other purposes, we typically retain such Personal Information for no longer than for the period necessary to fulfill the purposes outlined in this Privacy & Cookies Statement and as otherwise specified in applicable record retention policies and procedures.
 
(vi) Are third party websites governed by this Privacy & Cookies Statement?
 
This Site contains links and references to other websites administered by unaffiliated third parties. This Privacy & Cookies Statement does not apply to such third party websites. When you click a link to visit a third party websites, you will be subject to that websites' privacy practices. We encourage you to familiarize yourself with the privacy and security practices of the linked third party websites before providing any Personal Information on that websites.
 
(vii) How does the Company handle employee and contractor privacy issues?
 
Personal Data about our employees and contractors are addressed through internal company policies and procedures, and are outside the scope of this Privacy & Cookies Statement.
 
(viii) How will we handle any changes to this Privacy & Cookies Statement?
 
We will review our Privacy & Cookies Statement on a regular, periodic basis, but may also update when and if our services and/or privacy practices change. The effective date of our Privacy & Cookies Statement is posted below, and we encourage you to visit our Sites periodically to stay informed about our privacy practices. We will post the updated version of the Privacy & Cookies Statement on our Sites, and ask for your consent to the changes if legally required.
 

Children Under Age 18

While the content of our website may be suitable for an audience of any age, the Site is not designed for children and we do not knowingly collect, use or disclose any personally identifiable information from those under the age of 18, without the consent of a parent or guardian. By accessing and using our Site, you hereby represent that you are at least 18 years of age.

Contact Us

For questions or suggestions regarding anything on this page, please Contact us.


Data Subject Access Request

For requests regarding your Personal Information, please complete the Data Subject Access Request.

 

 
Last Updated: 5 April  2024