American Dental Coders Association | Dental Billing & Coding Certification Online

Certifying Dental Billing and Coding Professionals Nationwide

Data Protection Policy

Data Protection Policy

Published by the American Dental Coders Association

1. Policy Statement

The American Dental Coders Association (ADCA) is committed to ensuring the privacy, confidentiality, and security of personal and professional data it collects and processes. This Data Protection Policy outlines how ADCA handles personal data in compliance with applicable laws, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, and other relevant data privacy laws in the United States.

2. Purpose

The purpose of this policy is to:

  • Ensure personal data is handled lawfully, transparently, and securely.
  • Protect the rights of members, students, employees, contractors, and stakeholders.
  • Demonstrate accountability and adherence to data protection standards.
  • Prevent unauthorized access, disclosure, alteration, or destruction of personal data.

3. Scope

This policy applies to:

  • All employees, contractors, volunteers, and board members of ADCA.
  • All systems, platforms, and services where personal data is collected, stored, or processed.
  • All third-party vendors and partners who process data on behalf of ADCA.

4. Definitions

  • Personal Data: Any information that can identify an individual (e.g., name, email, address, phone number).
  • Sensitive Data: Information such as social security numbers, payment details, health or disability status.
  • Processing: Any operation performed on personal data (e.g., collection, storage, use, deletion).
  • Data Subject: Any individual whose personal data is processed by or on behalf of ADCA.
  • Data Controller: ADCA, which determines the purposes and means of processing personal data.
  • Data Processor: Any entity or individual processing data on behalf of ADCA.

5. Types of Data Collected

ADCA collects and processes the following types of data:

  • Contact information (e.g., name, email, phone, mailing address).
  • Certification and training records.
  • Employment or professional background (for certification eligibility).
  • Payment and billing information.
  • Technical data (IP address, browser, location for site security and analytics).
  • Communications (support tickets, Ask-The-Coder queries, emails, etc.).

6. Lawful Basis for Processing

ADCA processes personal data under the following lawful bases:

  • Consent: When users provide explicit permission for data use (e.g., subscribing to updates).
  • Contractual necessity: For processing data to fulfill membership, training, or certification agreements.
  • Legal obligation: To meet legal or regulatory requirements.
  • Legitimate interests: For administrative, educational, or operational purposes that do not override individual rights.

7. Data Subject Rights

Under applicable data protection laws, individuals have the following rights:

  • Right to Access: Request a copy of the data we hold.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of data when it is no longer necessary.
  • Right to Restriction: Request limitation of data processing.
  • Right to Data Portability: Obtain and reuse their personal data.
  • Right to Object: Oppose processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time (when applicable).

Requests to exercise these rights should be sent to: privacy@adcaonline.org

8. Data Retention

ADCA retains personal data only as long as necessary to:

  • Provide membership and certification services.
  • Fulfill legal, tax, and audit obligations.
  • Maintain historical certification records for verification and reinstatement.

Data is periodically reviewed, and records no longer needed are securely deleted or anonymized.

9. Data Security Measures

ADCA employs the following safeguards to protect personal data:

  • Secure Sockets Layer (SSL) encryption on all web pages collecting sensitive information.
  • Role-based access controls to limit data access.
  • Regular security audits of systems and websites.
  • Secure cloud-based storage with encryption at rest and in transit.
  • Strong password protocols and multi-factor authentication.
  • Routine employee training on cybersecurity and privacy best practices.

10. Third-Party Sharing

ADCA does not sell personal data. Personal data may be shared with trusted partners or service providers only when:

  • Necessary to provide services (e.g., exam hosting platforms, payment processors).
  • Required by law or court order.
  • Covered under written data processing agreements.

All third parties are required to adhere to equivalent data protection standards.

11. Data Breach Response

In the event of a data breach:

  • ADCA will investigate the incident promptly.
  • Notify affected individuals and regulatory authorities within required timelines.
  • Implement corrective and preventive measures to address the breach.
  • Document and assess the breach for future risk mitigation.

A breach notification plan is in place in accordance with applicable laws.

12. Policy Review and Updates

This policy is reviewed annually or upon major regulatory or operational changes. Updates will be published on www.adcaonline.org. Data subjects will be notified of significant changes via email or website announcement.

Last Reviewed: June 4, 2025
Next Review: June 2026

13. Contact Information

For any questions or concerns related to this policy, please contact:

Data Protection Officer (DPO)
American Dental Coders Association
Email: privacy@adcaonline.org
Website: www.adcaonline.org

Corporate Profile

American Dental Coders Association
9015 W Union Hills Dr Ste 107 #314
Peoria, AZ 85382
1-833-469-2322

American Dental Coders Association BBB Business Review