Privacy and Cookie Policy

Last updated: 15 December 2022


This Privacy Policy (“Policy”) describes how CITI Program, a division of the Biomedical Research Alliance of New York LLC (“Company,” “we,” and “our”) collects, uses and shares personal data we obtain through our affiliated websites (the “Sites”). This Policy applies when you visit the Sites and/or use our related services (the “Services”). Please read the following information carefully to understand our views and practices regarding your personal data and how we treat it.

Particularly Important Information

WHO WE ARE: For the purpose of applicable data protection legislation, the data controller of your personal data is CITI Program, a division of Biomedical Research Alliance of New York LLC, with offices at 1981 Marcus Avenue, Suite 210, Lake Success, NY 11042. Our Data Protection Officer (Privacy Officer) can be contacted at

MUST READ SECTIONS (EEA RESIDENTS): We draw your attention in particular to the sections entitled “International Data Transfer” and “Your Rights.”

CHANGES TO THIS POLICY: We will post any modifications or changes to the Policy on our Sites. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last Updated” date above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will post a notice on our Sites prior to such changes(s) taking effect.

1. Purposes of Processing

What is personal data?

We collect information about you in a range of forms, including personal data that includes information which, either alone or in combination with other information we hold about you, identifies you as an individual. This includes, for example, your name, postal address, email address(es), and telephone number(s).

Why do we need your personal data?

We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to our Services. If you create a profile/register with us, you will be asked to agree to provide this information in order to access the Services. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this Policy, please do not use our Services.

2. Collecting Your Personal Data

We collect information about you in the following ways:

Information You Give Us

This includes:

  • the personal data you provide when you register to use our Services, including your‎ name, postal address, email address(es), telephone number(s), username, password and demographic information (such as your gender);
  • the personal data you provide when you report a problem with our Services or when we provide you with customer support;
  • the personal data you provide when you make a purchase thorough our Sites; and
  • the personal data you provide when you correspond with us by phone, email, or by other means.

Information We Get from Others

We may also obtain information about you from other sources. For example, if you are part of an organization that has an agreement with us for the use of our Services, we may receive some identifiable information from the organization, such as your name, title, email address(es), and phone number(s). We may add this to information provided by you.

Information Automatically Collected

We automatically log information about you and your computer or mobile device when you access our Services. For example, when visiting our Services, we log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing our Sites, pages you viewed on the Sites, how long you spent on each page, and other related information about your use of and actions with respect to our Services. We collect this information about you using tracking technologies such as “cookies.” Please refer to the sections on cookies and tracking technologies below.

Automated Decision Making and Profiling

We do not generally use your personal data for the purposes of automated decision-making. However, we may do so in order to fulfil obligations imposed by law, or as part of preserving the security of our Sites, in which case we will inform you of any such processing and provide you with an opportunity to object.

3. Cookies and Related Tracking Technologies

What are cookies?

We may collect information using tracking technologies such as “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Sites.

We use two broad categories of cookies: (1) first party cookies, issued directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are issued by service providers on our Sites, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.

Cookies we use

Type of cookie Purpose 
Essential Cookies     These cookies are essential to provide you with Services available through our Sites and to enable you to use their features fully. For example, they allow you to log in to secure areas of our Sites.  Without these cookies, the Services that you have asked for cannot be provided, and we only use these cookies to provide you with those Services.
Functionality  Cookies These cookies allow us to remember choices you make when you visit our Sites, such as remembering your language preferences, and remembering your login details. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use our Services.
Analytics and Performance Cookies These cookies are used to collect information about traffic to our Sites and how users use Services. The information gathered does not identify any individual visitor, though it includes IP addresses that can be used to do so. It includes the number of visitors to each Site, the websites that referred them to that Site, the pages visited and for how long, the time of day of that session, whether this is a new or repeat visit, and other similar information.   We use this information to help operate our Sites more efficiently, to gather broad demographic information, and to monitor the level of utilization of all our Services.
Social Media Cookies These cookies are used when you share information using a social media sharing button or “like” button related to our Services, or you link your account or engage with our content on or through a social networking website such as Facebook, Google+, LinkedIn or Twitter. The social media site will record that you have done this.


Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help,” “tools,” or “edit” facilities). Many browsers are set to accept cookies until you change your settings. NOTE: Many of our Sites will not function unless cookies are enabled, and you may be prevented from accessing a Site until cookies are enabled.

Further information about cookies, including which cookies we use, how to see what cookies have been set on your computer or mobile device and how to manage and delete them, see our Cookie FAQ and Cookie Listing in the CITI Program Support Center.

4. Pixel Tags and Related Tracking Technologies

We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Sites to track the actions of users of our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Services, so that we can manage our content more effectively. The information we collect using pixel tags may be linked to your personal data.

5. Advertising

We currently do not use other companies to serve third-party advertisements when you visit and use the Services.

We may use Remarketing with Google Analytics, Facebook, or other social media remarketing tools to advertise online. This enables third-party vendors, including Google and Facebook, to show our ads on sites across the Internet. Such third-party vendors, may use first-party cookies and third-party cookies together to inform, optimize, and serve ads based on your past visits to our Site. These remarketing tools do not identify you to use personally unless you respond to an advertisement that you received directly from the service. For information on how you can opt out of a third-party vendor’s use of cookies for interest-based ads please visit the Network Advertising Initiative opt-out page or control the use of your device identifiers by using your device’s settings options.

6. Using Your Personal Data

We will not share, sell, rent, or trade your personal data with other parties without your express consent. We may use your personal data as follows:

  • to operate, maintain, and improve our Sites, and our Services delivered via those Sites;
  • to manage your account, including to communicate with you regarding your account, if you have an account for one of our Services;
  • to respond to your comments and questions, and to provide customer service;
  • to send information including technical notices, updates, security alerts, and support and administrative messages;
  • with your consent, to send you marketing e-mails about upcoming promotions, and other news, including information about products and services offered by us and our affiliates, including products and services offered by other divisions of the Biomedical Research Alliance of New York LLC. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out.” Please note, even if you opt out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include those about your account with us (if you have one) and our business dealings with you;
  • to process payments for our Services that you make via our Sites;
  • to link or combine user information with other personal data;
  • as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our policies; and (d) to protect our rights, privacy, safety or property, and/or that of you or others who use our Services; and
  • as described in the “Sharing of Your Personal Data” section below.

7. Sharing Your Personal Data

We may share your personal data as follows:

  • Organizational Sponsors. When an organization (educational institution, government, research sponsor, etc.) pays for or otherwise sponsors your account or use of our Services, the sponsor will be able to see your profile information and your activities, such as enrollment, participation, progress, results and completions status of training and other user information. Organizational Sponsors will also be able to see your name (not only your username) as well as your email address(es) and other contact information if you include such data in your account profile.
  • Third Parties Designated by You. We may share your personal data with third parties but only when you have provided express consent to do so.
  • Our Third Party Service Providers. We may share your personal data with our third party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data.
  • Affiliates. We may share some or all of your personal data with our affiliates, including other divisions of Biomedical Research Alliance of New York LLC, in which case we will require our affiliates to comply with this Policy. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.
  • Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
  • Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce this Policy or related policies; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.

8. Anonymous Data

When we use the term “anonymous data,” we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party.

We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies or other tracking technologies. We convert personal data into anonymous data by excluding information (such as your name), and modifying any other elements that are reasonably likely to make the data personally identifiable. We use this anonymous data to analyze usage patterns in order to make improvements to our Sites and Services.

9. Third Party Sites

Our Sites may contain links to third-party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features, or policies. Please read their privacy policies before you submit any data to them. If you believe a link has been placed on our website incorrectly, please email us at, or you can contact our website management company, Proper Noun.

10. User Generated Content

If you provide feedback to us, we may use and disclose such feedback on our Sites, provided we do not associate such feedback with your personal data or other identifying information. If you have provided your consent to do so, we may, with your approval, post your first and last name along with your feedback about our Services on our Sites.

11. International Data Transfer

Your information, including personal data that we collect from you, may be transferred to, stored, and processed by us and our affiliates and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Services, you agree to this transfer, storing or processing. If you are a resident of the EEA, you will be required to confirm your acceptance of such transfer, storing or processing when you create your user account. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. Please check your account settings to confirm that you have selected the security profile that best suits your needs.

12. Security

We endeavor to use reasonable organizational, technical, and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that any interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at or by using the details in Section 18 below.

13. Retention

We will only retain your personal data for as long reasonably required for us to provide you with our Services or until you close your account/cancel your subscription, unless a longer retention period is required or permitted by law (for example for regulatory purposes), or as required by the sponsoring organization paying for your access to our Services.

14. Our Policy on Children

Our Services do not knowingly create accounts for nor collect information from minors under 18 years of age without parental consent or parental notification. Subscriber Organizations creating CITI Program accounts are solely responsible for ensuring age and permission requirements for their Affiliated Learners. If you are a secondary school Subscriber Organization, please see our Secondary School Amendment at  If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us using the details in Section 18 below. We will delete such information from our files as soon as reasonably practicable. Our accounts are not knowingly provided to any persons under 13 years of age under any circumstances.

15. Sensitive Personal Data

Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through our Sites or otherwise to us. We do not actively collect sensitive personal data.

If you send or disclose any sensitive personal data to us when you submit user generated content to our Services, you consent to our processing and use of such sensitive personal data in accordance with this Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user generated content to our Services.

16. Your Rights

  • Opt-out. You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of sensitive personal data; (iv) any new processing of your personal data that we may carry out beyond the original purpose; or (v) the transfer of your personal data outside the EEA. Please note that your use of some of the Services may be ineffective upon opt-out.
  • Access. You may access the information we hold about you at any time via your profile/account or by contacting us directly.
  • Amend. You can also contact us to update or correct any inaccuracies in your personal data.
  • Move. For the subset of your personal data that is portable, you have the flexibility to move that data to other service providers as you wish.
  • Erase and forget. (Applicable to EEA and California residents only) In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data. Your request may be denied if the sponsoring organization paying for your access to our Service requires us to retain your information.

If you wish to exercise any of these rights, please contact us using the contact information in Section 18 below. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the name and particular email address(es) that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

If you are a resident of California, please click here for information regarding your rights under the California Consumer Privacy Act.

17. Complaints

We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at or using the contact information in section 18 below. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local, regional, or national data protection supervisory authority.

18. Contact Information

We welcome your comments or questions about this Policy. You may contact us at:

Privacy Concerns:

Security Concerns:<

Telephone: 888.529.5929 (U.S.) or +1.305.907.3351 (outside U.S.)

Postal Address:
CITI Program, a division of BRANY
101 NE 3rd Avenue, Suite 320
Fort Lauderdale, FL 33301

Other Legal