Privacy Notice
Last Updated: November 3, 2025
ABOUT THIS NOTICE
The purpose of this Privacy Notice (hereinafter “the Notice”) is to describe how Vanderbilt University (“VU”), 2201 West End Ave, Nashville, TN 37235 (hereinafter referred together as “we”, “our” or “us”) collects, processes and protects personal data of individuals (hereinafter “you”, “your”) participating in the 2026 ICN NP/APN Network Conference (“Conference”) or visiting the websites that direct to this Notice. This Notice supplements the Vanderbilt University Privacy Policy.
DATA CONTROLLER
For purposes of the EU General Data Protection Regulation, 2016/679 (the “GDPR”), UK General Data Protection Regulation (the “UK GDPR”), and certain other applicable law(s) (hereinafter “Applicable Laws”), VU is acting as data controller for the personal data concerned in this Notice.
PERSONAL DATA COLLECTION
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to that natural person.
We collect your personal data via the Conference website: https://icn-npapn-2026.com/, registration website: https://icn-npapn-2026.com/, exhibitor/sponsor website: https://mma-inc.ungerboeck.com/prod/app85.cshtml?aat=47516677396539482b776d3159645375587a61555a66616748684e5242414c44692f6b7447303247494d413d, and other Conference sites (collectively, the “Website”) either directly from you, typically through registration forms on the Website, or indirectly during your interactions with us (please see below section “Cookies and Similar Technologies”).
Regarding data collected directly from you, we indicate all mandatory information on our forms with an asterisk. If you do not answer the mandatory questions, you will not be able to register for the Conference or apply as an exhibitor/sponsor, respectively.
The following list of data could be collected while you visit the Website, including via your registration or exhibitor/sponsor application for the Conference:
| Category | Description |
|---|---|
| Participant account information | Registration number; e-mail address; date of birth |
| Participant contact information | Full name; phone number; address; e-mail address; company name; company address; and additional information submitted by the Participant and/or their organization |
| Participant registration information | Educational, employment and professional background such as title, license, role and industry, professional expertise, abstract, documentation or proof of a professional status (if required for a special fee); gender; where applicable, passport information, including country of issue, number, and expiration; and when applicable travel grant request and accessibility and dietary requirements; identification photo |
| Exhibitor/sponsor information | Full name, title, email address, company name, company phone number, company address, and additional information submitted by the Exhibitor and/or their organization |
| Payment and purchase data | Personal data that the third-party payment provider, with servers located in the US, to be able to collect payment for tickets (this data collection only applies to events that have paid tickets), such as credit card number, expiration date, and security code |
| Other information | With respect to a speaker or a lecturer, additional information may be processed such as the content of the lecture and a recording of the lecture during the event |
| Device and usage information | Date and time of access; information about what pages you visit and how you navigate the Website; and your general location, Internet Protocol (IP) address, device identifier, device type, operating system, and browser type |
| Cookies and similar technologies | Please see the “Cookies and Similar Technologies” section of this Notice for more information. If you choose to disable cookies and similar technologies, some areas and features of the Website may not work properly. |
OUR PURPOSES FOR USING YOUR PERSONAL DATA
The table below sets out:
- Our purpose for processing your personal data
- Our legal justifications (each called a “legal basis”) under data protection law, for each purpose
Categories of personal data which we use for each purpose
| Purpose for processing your data | Legal basis that permits the purpose | Categories of personal data used for purpose |
|---|---|---|
To organize and manage your participation in the Conference; to communicate with you |
Legitimate Interest Performing services you requested Consent (for pictures, accessibility and dietary requirements only) |
Participant account information Participant contact information Participant registration information Exhibitor/sponsor information Payment and purchase data Other information |
To promote the Conference; to provide user support; to ensure the privacy and security of our Website and services; to serve you the content and functionality you request; to inform you about similar conferences or events that may be of interest to you |
Legitimate interest |
Participant account information Participant contact information Participant registration information Exhibitor/sponsor information Payment and purchase data Other information Device and usage information Cookies and similar technologies |
To comply with legal obligations and law enforcement requests |
Compliance with legal obligations Legitimate interest |
Participant account information Participant contact information Participant registration information Exhibitor/sponsor information Payment and purchase data Other information |
Other Processing Activities. We may also process personal information when necessary for the following:
- Accomplishing another purpose described to you when you provide the information, for which you have consented, or for which we have a legal basis under law.
- The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.)
- Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (The legal basis for this processing is our legitimate interest in the proper administration of our business.)
- Purposes that are consistent with, related to and/or ancillary to the purposes and uses described in this Notice for which your personal information was provided to us.
HOW WE SHARE YOUR PERSONAL DATA
When we are acting as the data controller or where permitted by Applicable Law, we may share your personal information in the following contexts.
| International Council of Nurses (ICN) |
VU may share your personal data with ICN located in place Jean Marteau, 1203 Geneva, Switzerland for ICN to manage operations of the association, including to further the goals of the association, statistical analysis, promotion of future educational initiatives and developing the association membership. |
| Legal Obligations and Rights | We may disclose information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws, including to meet national security or law enforcement requirements. We may also share information in order to establish or exercise our legal rights or claims; to defend against a legal claim; and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contracts or terms. We may also disclose personal information as needed to protect vital interests. |
| Service Providers and Advisors |
We may share information with our service providers and professional advisors (accountants, attorneys, etc.) that need access to information to provide services on our behalf. |
| Disclosures with Your Consent | We may ask if you would like us to share your personal data with unaffiliated third parties who are not described elsewhere in this Notice. We will only disclose your personal information in this context with your consent. |
| Deidentified and Aggregated Data | We may share with third parties aggregated information and anonymous or de-identified that does not identify any specific individual, such as groupings of demographic data or user preferences. |
YOUR PERSONAL DATA RIGHTS AND CONTROLS
Individual Rights. You may have certain rights relating to your personal data under local data protection laws, and we discuss the rights provided in various jurisdictions below. We honor individuals’ rights where required under Applicable Law, and, depending on the applicable laws, these rights may include the right to:
- Access your personal data;
- Know more about how we process your personal information;
- Rectify inaccurate personal data and, taking into account the purpose of processing the personal information, ensure it is complete;
- Erase or delete your personal data;
- Restrict our processing of your personal data;
- Transfer your personal data to another controller, to the extent possible;
- Object to certain processing of your personal data;
- Opt-out of certain disclosures of your personal data to third parties;
- Not be discriminated against for exercising your rights described above;
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
- Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.
RESIDENTS OF EU/EEA/UK and SWITZERLAND
Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; and the recipients or categories of recipient to whom the personal data have been or will be disclosed. We will provide a copy of your personal information in compliance with applicable law.
Right of Rectification. Our goal is to keep your personal information accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.
Right to Erasure. In some cases, you have a legal right to request that we delete your personal information when (1) it is no longer necessary for the purposes for which it was collected; (2) consent has been withdrawn in certain instances; (3) you have objected to the processing in certain instances; (4) the personal information has been unlawfully processed; (5) the personal information has to be erased for compliance with a legal obligation; and (6) the personal information was collected in relation to the offer of information society services. However, the right is not absolute. When we delete personal information, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it. We may also retain your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Right to Restrict Processing. You have the right to restrict the processing of your data when (1) the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the personal data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the personal information, pending resolution of the objection.
Right to Object. In certain circumstances, you have the right to object to the processing of your personal information where the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object where personal data are processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your personal information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal information for the provision of our services.
Right to Complain. If you believe we have not processed your personal information in accordance with applicable law, we encourage you to contact us using the “Contact Us” information in this Notice. You may also have the right to make a complaint to an applicable Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities for residents of the EU or EEA is available at: https://edpb.europa.eu/about-edpb/board/members_en. UK residents may contact the UK Supervisory Authority here: https://ico.org.uk/make-a-complaint/data-protection-complaints/. Residents of Switzerland may contact the Federal Data Protection and Information Commissioner at https://www.edoeb.admin.ch/en/report-form-data-subjects. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law.
All requests should be sent to the contact details noted in the “Contact Us” section of this Notice. Your personal data may be processed in responding to these rights.
DATA RETENTION AND DELETION
We will keep your information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements.
We take reasonable steps to delete the personal information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your personal information if we believe it is incomplete, inaccurate, or that our continued storage of your personal information is contrary to our legal obligations or business objectives. When we delete data, it will be removed from our active servers and databases, but it may remain in our archives when it is not practical or possible to delete it.
We may retain and use anonymous, de-identified, or aggregated information for as long as is permitted under applicable law.
SECURITY AND CONFIDENTIALITY OF YOUR DATA
We implement appropriate measures to preserve the security and confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties. Further, we do not authorize the use of spamming, phishing, junk emails, or any other form of inappropriate or illegal form of external communication.
But, no security system is perfect, and no data transmission is 100% secure. Although we strive to protect personal information, we cannot guarantee or warrant the security of any information transmitted to or from the Website. Your use of the Website is at your own risk. We cannot guarantee that your data will remain secure in all circumstances.
If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.
INTERNATIONAL TRANSFER OF YOUR DATA
We have operations in the United States, and personal data may be transferred to, stored, and processed in the United States as well as other countries in which we or our, affiliates, partners, service providers, or agents maintain facilities. By sending us personal information for the purposes described in this Notice you agree and consent to the processing of your personal data in locations such as the United States, which may not offer the levels of protection required in other countries. We rely on recognized legal mechanisms in accordance with Applicable Law, including standard contractual clauses and other safeguards when transfer is necessary for us to deliver services pursuant to an agreement, or when the transfer is subject to safeguards that assure the protection of the personal information.
COOKIES AND SIMILAR TECHNOLOGIES
What are first and third-party cookies? A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your device and remain there until they expire at the end of your browsing session. “Persistent” cookies remain stored on your device until they expire or are deleted by you. Local shared objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you are visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.
What are “similar technologies”? In addition to cookies, there are other data collection technologies, such as Internet tags, web beacons, pixels (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as you navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about your browsing, such as which advertisement, page, or publisher sent you to the receiving website.
What Cookies and Similar Technologies Are in Use and Why Do We Use Them?
Other third-party technologies. Some third parties may use data collection technologies to collect information about you when you browse the Internet. We do not control these third parties’ technologies or how they may be used. If you have questions about targeted content, you should contact the responsible party directly or consult their privacy policies.
Choices about cookies and similar technologies. Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may set your browser to refuse all or some types of cookies or to alert you when cookies are being stored. These settings may affect your enjoyment of the Website’s functionality. Adjusting the cookie settings may not fully delete all of the cookies that have already been created. To delete them, you should review your web browser settings after you have changed your cookie settings. The links below provide additional information about how to disable cookies or manage the cookie settings:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac and https://support.apple.com/en-us/HT201265
You may learn more about internet advertising practices and related resources at https://youradchoices.com/control, https://thenai.org/about-online-advertising/faq, and http://www.networkadvertising.org/choices.
THIRD-PARTY SITES AND SERVICES
This Notice only applies to the Website. It does not apply to any websites, applications, or services from third parties.
The Website may include links to, or content from, third parties. These links are to external resources and third parties that have their own privacy policies. It may not always be clear which links are to external, third-party resources. If you click on a third-party link, you will be redirected away from the Website. You can check the URL to confirm whether you have left the Website.
We cannot and do not (1) guarantee the privacy or security practices of third parties or any content provided by third parties; (2) control third parties’ collection or use or your information; or (3) endorse any third-party information, products, services, applications, or websites.
Any information provided by you or collected from you by a third party will be governed by that party’s privacy policy and terms of use. You should review their privacy policy and terms of use carefully.
CHANGES TO THIS NOTICE
We may update this Notice from time to time, with the most recent revision date listed at the top. When we make material changes to this Notice, we’ll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Website or send you an email or device notification.
HOW TO CONTACT US
For any questions and concerns regarding this Notice, you may contact Vanderbilt University by emailing DPO@vanderbilt.edu.