The purpose of this section is to document the policies and procedures governing the Healthcare Businesswomen’s Association’s affiliates, chapters and regional volunteer committees with regards to European regulation protecting member’s personal data and currency conversion of membership and event pricing.
The HBA strives to adhere to all laws and policies protecting our members, volunteers, staff and the association. Policies and procedures are established to educate volunteers and staff of legal requirements and to protect the association from legal action. It is the HBAs expectation that all volunteers and staff adhere to established policies and follow procedures for the legal and financial protection of the HBA.
Nycole Joiner, finance and operations, senior director
HBA affiliates, chapters and regional committee and council volunteers who have access to or use member personal data as a function of their committee roles and responsibilities.
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European, regulation passed in April 2016 (effective May 2018), governing the collection and sharing of personal information of individuals within the European Union. Personal data is defined as any information that can be used to distinguish one person from another (name, phone number, address, email, etc.). The HBA acknowledges and abides with all legal requirements protecting members’ personal data and does not significantly affect required business operations.
It is the policy of the HBA to not share personal information outside of the association. All committees are required to respect member’s personal data and only use the method of contact the member has selected as their preference to receive communication from the HBA.
Committees may be required or need to export or download data from licensed HBA software or systems, to perform assigned job functions. All data downloaded from HBA approved software and systems, must be permanently deleted within seven days of downloading. If data is not deleted or destroyed within the specified timeline, and a breach occurs, the committee member may be personally liable for any legal damages incurred from the data breach.
Emails and Faxes:
Committees work both virtually and in-person. When data is shared electronically, it is the responsibility of the sender and receiver to ensure the data is permanently deleted from the computers within seven days of sending and receiving the data. Data should be deleted from the emails and the computer’s hard drives.
Data received via fax are subjected to the same seven-day disposal and destroy timeline. If data is not deleted or destroyed within the specified timeline, and a breach occurs, the committee member may be personally liable for any legal damages incurred from the data breach.
If at any time a member’s personal information is compromised or believed to have been accessed without permission (misplaced attendee list, hacked email accounts, etc.), committees are to immediately contact the HBA’s Data Protection Officer at firstname.lastname@example.org. HBA central will issue a notice to the membership in accordance with the breach communication plan.
Should the committees have or receive any questions from members regarding the collection, sharing or protection of personal data, please reference a copy of the HBA’s Data Protection policy posted on the association’s website https://www.hbanet.org/hba-data-protection-statement.
The HBA currently accepts Euros and USD. The Euro Currency conversion rates are updated twice a year, January 1 and July 1, using rates listed on www.oanda.com. If deemed necessary, membership rates will be updated twice a year to reflect the change in the currency translation.