Privacy Policy

Version 1.2, Dated 5/12/25, Approved by WSLHA Board 6/7/25

1. Purpose:

This Privacy and Security Policy outlines how the Washington Speech-Language Hearing Association (WSLHA) collects, uses, shares, and safeguards personal information. It ensures compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the American Speech Language-Hearing Association (ASHA) Continuing Education Provider Standard 1.2.4, which mandates the protection of participant and user data. This policy applies across all WSLHA activities, including continuing education, website operations, communications, digital platforms, and third-party services such as social media.

2. Scope:

This policy applies to all personal data collected, processed, or stored by WSLHA in any capacity, including:

• Registration and participation in CE courses

• Website visits and user interactions

• Email communications and newsletters

• Social media interactions and advertising

• Online event platforms and learning management systems

• Payments or transactions

• Surveys, contact forms, and user feedback

3. Data Collection

WSLHA collects personal information in the following contexts:

• When individuals register for events or CE activities

• When users interact with our website or digital content

• When users submit contact forms, surveys, or support inquiries

• When users follow or engage with WSLHA on social media platforms

Collected data may include:

• Name, email address, phone number, and mailing address

• ASHA account number or professional license data (for CE reporting)

• Payment or billing information (via secure processors)

• IP address, device type, browser, and cookies (via website analytics)

• Social media identifiers (if users engage through those channels)

4. Use of Data:

WSLHA uses personal data to:

• Provide continuing education services

• Manage event registration, attendance, and CEU reporting

• Improve website functionality and user experience

• Send newsletters and professional updates

• Respond to inquiries or support requests

• Conduct surveys

• Conduct limited, targeted outreach on social media or email platforms

WSLHA does not sell personal data to third parties.

5. GDPR Compliance:

In accordance with the General Data Protection Regulation (GDPR), WSLHA ensures that individuals have the right to:

• Access and correct their personal data

• Request data erasure (“right to be forgotten”)

• Restrict or object to data processing

• Receive a copy of their data in a portable format

• Withdraw consent at any time (where processing is based on consent)

6. CCPA Compliance:

WSLHA complies with the California Consumer Privacy Act (CCPA) by providing individuals the right to:

• Know what personal information is collected and how it is used

• Request access to or deletion of personal information

• Opt out of the sale of personal information (WSLHA does not sell data)

• Be protected from discrimination for exercising their privacy rights

7. Use of Cookies and Tracking Technologies:

WSLHA’s website may use cookies and similar technologies to enhance user experience, collect analytics, and deliver relevant content. Users may manage cookie preferences via their browser settings. Third-party tools (e.g., Google Analytics, Meta/Facebook Ads) may collect anonymized data for statistical purposes.

8. Third-Party Services and Social Media:

WSLHA may link to or use services provided by third parties (e.g., ASHA CE, ESD #113 for processing OSPI Clock Hours, Zoom, Facebook, Instagram, TikTok, LinkedIn, etc.). Users should review those platforms' respective privacy policies.

WSLHA limits data sharing with third-party services and ensures that contracts or agreements include appropriate data protection measures.

9. Data Transport and Portability:

When participant information must be transported—physically or electronically— WSLHA takes all reasonable steps to maintain data security. These measures include:

• Using encrypted storage devices or password-protected files when data must be physically transported (e.g., on laptops or flash drives)

• Ensuring cloud-based data access is secured via HTTPS protocols and two factor authentication

• Considering privacy and security measures through the transport of sensitive participant data through unsecured channels such as limiting this information through WSLHA volunteer personal email addresses or unsecured USB drives and instead utilizing WSLHA’s secure shared drive

• Limiting transport of physical records to essential personnel with a need-to know basis

• Documenting when and how data is transported, particularly for large datasets or CE reporting archives These procedures are intended to minimize the risk of data loss, unauthorized access, or misuse during any form of transit.

10. Opt-In and Opt-Out Options:

WSLHA respects participants’ right to control their personal data and communications. Individuals have the following choices:

• Opt-In: Participants may voluntarily opt in to receive email newsletters, announcements about future CE events, or surveys. Opt-in requests must be explicit and recorded via a checkbox, written request, or email confirmation.

• Opt-Out: Participants may opt out of any non-essential communications at any time by clicking the "unsubscribe" link in emails, or by contacting WSLHA directly via 253.525.5162 or office@wslha.org.

• Data Sharing with Partners: If WSLHA ever seeks to share limited participant information with third-party collaborators (e.g., co-hosted events), an explicit opt-in will be required. No personal data will be shared without prior consent. WSLHA maintains a record of consent changes and ensures preferences are honored promptly.

11. Data Accuracy and Participant Review:

WSLHA is committed to maintaining accurate and current participant information. To support this:

• Participants may review and request corrections to their stored personal data at any time by contacting WSLHA via 253.525.5162 or office@wslha.org.

• When registering for CE events or updating contact information, participants are encouraged to review details for accuracy.

• WSLHA periodically audits data for errors, duplicates, or outdated entries and corrects them as appropriate.

• CEUs reported to ASHA will use the most current and verified information provided by the participant at the time of event registration. Efforts to maintain accurate records help ensure reliable CEU reporting and effective communication.

12. Data Security Measures:

WSLHA uses administrative, technical, and physical security controls to protect personal data, including:

• Secure servers with encrypted access

• Password-protected internal systems

• Limited access to sensitive data on a need-to-know basis

• Staff training on data protection best practices

• Regular review of systems and protocols to prevent breaches

• Encrypted storage and secure methods of transport for physical and digital data when necessary

13. Data Retention:

WSLHA retains personal data only as long as necessary to fulfill legal, operational, and reporting requirements. Data no longer needed is securely deleted or anonymized.

14. Individual Rights and Transparency:

Participants have the right to request access to, correction of, or deletion of their data. WSLHA will respond to such requests in a timely manner.

To maintain transparency, participants will be informed of their data rights at registration and in our Privacy Notice.

15. Policy Communication and Updates:

This policy is shared with participants during CE registration and posted publicly on the WSLHA website. It is reviewed annually by the WSLHA Board and the WSLHA Bylaws and Advocacy Committee and updated as needed to reflect legal, technological, or organizational changes.

16. Record Retention (per ASHA CE Provider Standard 1.2):

In accordance with the ASHA Continuing Education Provider 2025 Standard 1.2, WSLHA maintains detailed records for all continuing education activities and participants for a minimum of 4 years for the typical ASHA certification maintenance cycle plus 1 year (and for 7 years prior to 2025 according to previous ASHA CE Provider Standards). These records include: • Course planning documentation (e.g., learning outcomes, needs assessments, instructional strategies, course completion records)

• Presenter qualifications and disclosures

• Participant registration and attendance records. This 4-year retention period begins after the end date of the last course offering.

• CEU records and ASHA reporting documentation. This 4-year retention period begins after the end date of the course offering for which the participant was reported.

• Participant feedback or evaluations, post course surveys and learner assessment questions

• Participant appeals received

• Promotional and instructional materials

• Complaints received and the outcomes of each complaint resolution process.

Key retention procedures include:

• All CE records are securely stored in encrypted digital systems, with backups maintained in accordance with WSLHA’s data security protocols.

• Access is limited to authorized personnel only when necessary.

• Records are organized to ensure timely response to any ASHA audit or learner request.

After the 4-year retention period (or the 7-year retention period prior to 2025 CE information), records are securely deleted or destroyed in a manner that protects participant confidentiality.

17. Contact Information:

For questions, requests, or concerns related to this Privacy and Security Policy, contact us at: 253.525.5162 or office@wslha.org.