Privacy Statement

Last updated on April 17, 2026

This Privacy Statement (the "Statement") sets out how we, Society of Corporate Compliance & Ethics (SCCE) (DBA Health Care Compliance Association (HCCA) and/or Compliance Certification Board (CCB)) headquartered at 6462 City West Parkway Eden Prairie, MN 55344 and our group companies, subsidiaries and associated offices worldwide ("SCCE"/”HCCA”/"CCB", "we", "us", "our", etc.), collect, use, disclose, and otherwise process personal information in connection with our websites, memberships, events, certifications, and related services. Where required by law, we will obtain your consent for specific processing activities. In other cases, we process information based on contractual necessity, legitimate interests, or legal obligations.

Summary

We collect only the information needed to manage your membership, deliver the products and services you request, and keep you informed about conferences, education, resources, and job opportunities relevant to your interests.

You control what emails you receive. After creating an account, you are asked to choose which association emails and newsletters you want. You can update these choices or unsubscribe at any time.

We do not sell personal information for monetary compensation. Certain disclosures involving advertising technologies or voluntary attendee networking/sponsor-sharing selections may constitute “sale” or “sharing” under California law. We may share personal information for cross‑context behavioral advertising as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”), and we do not use your data for cold sales outreach. We use trusted service providers, including HubSpot, to send emails, manage preferences, and support our communications in a secure and compliant way. California residents may have additional privacy rights described below. We use the term personal information to refer to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual. Where applicable law uses the term personal data, that term has the same meaning unless otherwise stated.

Collection of your Personal Information

We collect personal information, such as your e-mail address, first and last name, position, employer details, home or work address or telephone number and other information. We also collect non-identifying demographic information, which is not unique to you, such as your ZIP code, gender, preferences, interests and favorites.
There is also information about your computer hardware and software that is automatically collected by us. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used by us for the operation of our services, to maintain quality of the services, and to provide general statistics regarding use of our websites.

If you use our services, such as interactive services, we may collect information about you or other individuals included in your posts, materials, messages or other contributions (as defined in our Terms of Use) which you may share with other Users or the public. We ask that you respect the data privacy rights of any individuals who are referred to, or whose personal information is included in, your contributions.

AI‑Enabled Tools (Including AI Answer and Chat Features)

If you choose to use our AI‑enabled tools (such as on‑site AI answer, search, or chat features), we process information you voluntarily submit in order to provide responses and operate these features.

Information Collected Through AI Features

When you interact with AI‑enabled tools, we may collect and process:

• AI inputs, such as prompts, questions, or other information you submit;
• AI‑generated outputs, meaning responses produced by the AI tool;
• Interaction and technical data, including timestamps, usage patterns, device and browser information, IP address, and log data used to support functionality, security, performance monitoring, and quality control.

AI inputs may include personal information if you choose to provide it.

How We Use This Information

We use AI‑related information to:

• Provide, operate, and maintain AI‑enabled features;
• Generate responses to your requests;
• Monitor performance, prevent misuse, and maintain the security and integrity of our systems;
• Evaluate, maintain, and improve AI‑enabled services and user experience.

AI Vendors and Processing

AI features are supported using third‑party technology providers that process information on our behalf under contractual obligations designed to protect confidentiality and limit permitted use. These providers process information to deliver, support, and improve the AI functionality we make available.

Model Training and Service Improvement

AI interaction data may be used by us to evaluate, maintain, and improve AI-enabled features. Unless otherwise disclosed, third-party AI providers are contractually restricted from using submitted data to train their general-purpose models on our behalf.

We do not require users to provide personal or sensitive information for AI interactions, and improvement activities are conducted in accordance with applicable privacy requirements and contractual safeguards.

Human Review

To support quality assurance, system improvement, safety, and compliance, a limited number of authorized personnel or service providers may review AI interactions, subject to access controls, confidentiality obligations, and appropriate safeguards.

Sensitive Information Notice

Please do not submit sensitive personal information through AI‑enabled tools, including information such as health data, financial account numbers, government identification numbers, or other highly sensitive details.

Retention

AI‑related information is retained only for as long as reasonably necessary to operate, secure, and improve AI‑enabled services, or as otherwise required by law. Where appropriate, information may be aggregated or de‑identified for analytics and service improvement.

Important Note About AI Outputs

AI‑generated responses are provided for informational purposes only and may be inaccurate, incomplete, or not tailored to your specific circumstances. AI outputs should not be relied upon as legal, compliance, medical, or other professional advice.

The information described above may constitute personal information or personal data under applicable law.

Please keep in mind that if you directly disclose personal information through our public discussion or message boards, this information may be collected and used by others.

Use of your Personal Information

We will only process your personal information, in accordance with applicable law, for the following purposes:

• to operate our websites and deliver the services you have requested, including, without limitation, our interactive services which you use;
• sending you personalized marketing communications to inform you of other products or services available from us and our affiliates, exhibitors and partners;
• to contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered;
• responding to your queries;
• to confirm registrations and purchases
• to include your name, title, employer, phone number and mailing address voluntarily shared in our Members’ Directory for access by other members;
• to create marketing materials including images or video footage of you as an attendee of our conferences
• to verify attendance, eligibility, or examination results with authorized testing centers
• handling any job application that you may make to us;
• enabling our suppliers and service providers to carry out certain functions on our behalf, including statistical analysis, verification, technical, logistical or other functions;
• ensuring the security of our business, preventing or detecting fraud or abuses of our website;
• developing and improving our products and services, for example, by reviewing visits to our website and its various subpages to ascertain demand for specific content; and
• to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
• depending on the context, we process personal information based on one or more lawful bases, including contractual necessity, legitimate interests, legal obligations, and consent where required. However, we may also rely on other legal grounds, for example, where the processing is necessary:
• to fulfill a contract that we may have in place with you;
• for the legitimate business interests of us and our affiliates, exhibitors or partners; or
• for compliance with our legal obligations.

Under the General Data Protection Regulation (GDPR), our legal bases for processing personal data include:

• Consent — for marketing emails, newsletters, and optional communications
• Contractual necessity — to administer membership, registrations, purchases, certifications, and required service communications
• Legitimate interests — to improve our services, communicate with members about relevant offerings, and maintain the security and integrity of our systems
• Legal obligations — where processing is required by law

Transactional or service-related emails (such as account creation, confirmations, receipts, and required notices) are sent regardless of marketing preferences, as they are necessary to provide the services you request.

Email Communications, Consent, and Preference Management

We use HubSpot to manage email communications and subscription preferences. HubSpot acts as a data processor on our behalf and processes personal information only according to our instructions.

When you create an account, you will receive an initial email asking you to select which communications you would like to receive. These may include:

Association Emails

• HCCA Emails — Conferences, products, and resources tailored for healthcare compliance professionals
• SCCE Emails — Conferences, products, and resources tailored for corporate compliance professionals
• Member Exclusive Emails
• Certified Exclusive Emails
• Third Party Emails

Newsletters

• CWN or CCWN
• HCCA or SCCE Job Board Email 
• RMC, RRC, RPP Premium Newsletters

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”), provides you with certain rights regarding your personal information. These rights apply to personal information we collect about you as an individual and describe how you may exercise those rights.

Subject to certain legal limitations, California residents have the right to:

• Know what categories of personal information we collect, use, disclose, and share, and the purposes for which we do so;
• Access the personal information we have collected about you;
• Correct inaccurate personal information;
• Request deletion of certain personal information;
• Limit the use and disclosure of sensitive personal information, where applicable;
• Opt out of the sale or sharing of personal information; and
• Not be discriminated against for exercising any of your privacy rights.

Sale or Sharing of Personal Information

We may sell or share personal information as those terms are defined under the CPRA, including:

• Sharing personal information for cross‑context behavioral advertising; and
• Voluntary attendee-selected disclosures of professional profile information (such as name, title, company, city, and state) to conference attendees, sponsors, or exhibitors. 

In these situations, personal information is shared or provided subject to contractual restrictions that limit how the information may be used and require recipients to protect its confidentiality and security.

California residents have the right to opt out of the sale or sharing of their personal information at any time as set out in the Your Privacy Choices and Requests section.

Direct Mail Retargeting and Online Identifiers

Where we offer direct mail retargeting, it is supported through the use of a first party, cookie based or tag based technology deployed on our websites. This technology allows us and our marketing service providers to identify devices that have interacted with our websites and determine whether those devices can be associated with a mailable household address through third party data networks.

We do not use IP address based matching, IP derived geolocation, or device graph enrichment to identify a visitor’s mailing address for direct mail retargeting. IP addresses may be collected as online identifiers for security, fraud prevention, analytics, and service operations, but they are not used as the mechanism to identify mailing addresses.

Matched mailing addresses are used solely for the purpose of fulfilling the intended mailing and are not retained by, transferred to, or returned to SCCE/HCCA as a reusable mailing list following fulfillment.

Categories of Personal Information Shared

Categories of personal information that may be shared for these purposes include identifiers (such as online identifiers or cookie IDs), internet or network activity information, and limited household‑level information where permitted by law.

You may also opt out by using the ‘Do Not Sell or Share My Personal Information’ link as set out in the Your Privacy Choices and Requests section.

Opting out of sale or sharing will not affect your ability to receive transactional, service‑related, or legally required communications.

Sensitive Personal Information

We may collect and use Sensitive Personal Information (“SPI”) as defined by the CPRA only for purposes permitted by law, such as providing requested services, ensuring security, preventing fraud, and complying with legal obligations. California residents have the right to limit the use and disclosure of Sensitive Personal Information to those purposes reasonably expected by an average consumer. To limit the use of Sensitive Personal Information, use our ‘Limit the Use of My Sensitive Personal Information’ option (or submit a request via the form/email) set out in the Your Privacy Choices and Requests section.

Your Privacy Choices and Requests

Depending on your location, you may have rights to access, correct, delete, or obtain information about your personal information, or to opt out of certain uses or disclosures.

• Submit requests through our online form:
  https://www.hcca-info.org/privacy-policy-request-form
• Email: helpteam@hcca-info.org
• Where applicable, enabling an opt‑out preference through our digital preference tools

We honor Global Privacy Control signals where required by law.

Verification

To protect your information, we may need to verify your identity before processing your request. If you have an account with us, verification may be completed through your login credentials. If you do not have an account, or if we cannot reasonably verify your identity, we may request additional information. If we cannot verify your identity, we may deny or limit the request as permitted by law.

Authorized Agents

You may designate an authorized agent to submit a request on your behalf. We may require proof that the agent is authorized to act for you and may also require you to verify your identity directly.

Response Timing

We will respond to verifiable consumer requests within the timeframes required by applicable law.

Non‑Discrimination

We will not discriminate against you for exercising any of your rights under the CCPA/CPRA.

Opt-out

You may subscribe or decline each category individually. Your selections are stored and honored through our preference center in HubSpot.

You can update your email preferences or unsubscribe at any time using links included in our emails or by request to helpteam@hcca-info.org. If you are contacted by our exhibitors or our partners please opt out with them directly and where such request is received by us, we will endeavor to pass on to such partners.

Opting out of promotional mailings will not affect delivery of required transactional or service-related communications. Email preference controls manage communications preferences and do not replace your California privacy rights described above.

Advertising, Retargeting, and Analytics

We may use HubSpot and integrated platforms to support retargeting and look-alike advertising campaigns on social media and digital platforms. These activities help us promote association programs and services to relevant audiences.

• We do not use this data for unsolicited sales outreach
• Advertising audiences are based on aggregated or pseudonymized data where possible

You can manage advertising cookies and tracking through our Cookie Policy.

Use of Cookies

Please see our Cookie Policy.

Disclosure of your Personal Information

There are circumstances where we wish to disclose or are compelled to disclose your personal information to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:

• to our subsidiaries
• to our exhibitors and other partners who request a voluntary conference attendee list on a one-time basis for marketing purposes. All such third parties are prohibited from using your personal information, except for specific and limited marketing purposes and to provide services to us, and they are required to maintain the security and confidentiality of your information. Please opt out if you no longer consent to your information being shared in this way; if applicable
• to our exhibitors who you permit to scan your badge at a conference, if applicable
• to other event attendees through our virtual event platforms where participants may view name, job title and other personal information of other participants
• to our members accessing our voluntary Members’ Directory; (access restricted to members only)
• to other Users or the public as you may request using our interactive services, or as is necessary in order to resolve any disputes in relation to your contributions to our websites and services;
• to our outsourced service providers or suppliers to facilitate the provision of our services, for example, the disclosure to our database hosting provider for the safe keeping of your personal information, webhosting provider through which your personal information may be collected;
• to third party testing centers to facilitate your attendance of exams; if applicable
• to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
• to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal information will be permanently transferred to a successor company;
• to public authorities where we are required by law to do so; and
• to any other third party where you have provided your consent.

Where required by law, our service providers and partners process personal information solely on our behalf and are contractually restricted from using such information for purposes other than providing services to us.

International transfer of Personal Information

We may transfer your personal information to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In particular, your personal information may be transferred throughout our group and to our outsourced service providers located abroad.

In these circumstances we will, as may be required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organizational, contractual or other lawful means. If you are located in the European Economic Area, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

Retention of Personal Information

Your personal information will be retained for as long as is reasonably necessary for the purposes listed above or as required by applicable local law. Please contact us for further details of applicable retention periods.
We may keep an anonymized form of your personal information, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

Security of your Personal Information

We have implemented appropriate technical and organizational measures in accordance with industry standards to safeguard your personal information. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Transport Layer Security (TLS) protocol. However, no security measure is completely secure (e.g. from malicious intrusion) and we are unable to guarantee complete security of your personal information.
In order to improve the security of your personal information and your User account, we advise you use a strong unique password and enable multi-factor authentication where available. Furthermore, you must exit from your User account at the end of each session, not allow your browser to save your login details and secure and limit access to your personal devices.

Monitoring and Use of Services

We may monitor the use of our websites and services, including interactive and communications features, solely for legitimate and limited purposes, such as maintaining the security and integrity of our systems, preventing fraud or misuse, ensuring compliance with applicable laws and our policies, investigating reported issues, and supporting service operations.

Monitoring activities are conducted in a proportionate manner, are limited to what is reasonably necessary for these purposes, and are subject to appropriate access controls and safeguards. Monitoring does not override applicable privacy rights or legal protections, and we comply with local laws governing privacy, confidentiality of communications, and employee or member protections.

Where required by law, we do not monitor or access the content of private communications except where necessary to meet legal obligations, ensure system security, or respond to lawful requests. Access to monitored information is restricted to authorized personnel with a legitimate need to know.

Interactive Services Complaints Procedure

If you believe that a User contribution posted on any of our interactive services is inaccurate or otherwise infringes upon your data privacy rights, please notify us by email to helpteam@hcca-info.org.

A notice will be valid if it includes:

• documentation sufficiently confirming your identity;
• your contact details;
• a screenshot of the infringing material with a time and date stamp;
• a signed statement explaining how the material infringes upon your data privacy rights; and
• your suggestions as to how the infringing User should remedy his/her infringement.

Upon receipt of a valid notice, we will review your complaint and reply within 21 days. In our reply we may ask you for further information or inform you of what steps we have taken to resolve the matter.

Links to other websites
You should be aware that when you are on our website, you could be directed to other websites that are beyond our control. There are links to other sites from our website that may take you outside our service. We cannot guarantee that the privacy statements of these websites meet our standards. As always, we recommend reading the privacy statements of any new website you go to online.

Additional International Privacy Rights

In certain countries, data protection law provides individuals with numerous rights, including the right to access, rectify, erase, restrict or object to the processing of, their personal information. For more information about your rights, including your right to lodge a complaint, please visit the website of your local data protection authority.
If for any reason you wish to access, review, correct or delete the personal information collected about you, you may do so by emailing: helpteam@hcca-info.org. You must be able to provide sufficient proof of your identity. Once identified, we will be happy to review, update or remove your information, as appropriate.

Children

Our services are not directed to children, and we do not knowingly collect personal information from individuals under 16. Certain services require users to be 18 or older. 

Changes to this Statement

We will occasionally update this Privacy Statement to reflect company and customer feedback. We encourage you to periodically review this Statement to be informed of how we use your information.

Contact Information

If you notice any unlawful use of personal information or if you believe that we have not adhered to this Statement, please contact us by email to helpteam@hcca-info.org.