Ethics & Law in Medicine Society (ELM Society)
Effective Date: January 20, 2026
Last Updated: January 20, 2026
This Privacy Policy explains how ELM Society collects, uses, discloses, stores, and protects personal information when you interact with us online or through our educational programming.
ELM Society is a Canadian-based, not-for-profit, student-focused educational society with chapter-based operations at universities across Canada, the United States, and the Caribbean. This Policy reflects recognized Canadian privacy principles (including PIPEDA) and widely accepted privacy and cybersecurity best practices applicable to student organizations using cloud-based tools.
This Policy is provided for transparency and operational clarity. It is not legal advice.
ELM Society (Ethics & Law in Medicine Society) is an educational, academic interest group focused on ethics, professionalism, and medico-legal education for medical students and affiliated academic communities.
ELM Society operates through a national organization and locally administered student chapters at participating universities. Personal information collected through ELM Society platforms and programs is overseen by the national organization, with limited access provided to authorized chapter leadership solely for legitimate chapter administration and programming purposes.
This Policy applies to personal information collected through:
This Policy does not apply to third-party websites or services not controlled by ELM Society, even if linked from our platforms.
"Personal Information" means information that identifies you or could reasonably be used to identify you, including:
Aggregated or de-identified information that cannot reasonably identify an individual is not considered Personal Information.
We may collect information when you choose to:
Participation in ELM Society activities and submission of personal information are voluntary. Choosing not to provide certain information may limit our ability to administer specific activities (e.g., event reminders or certificates), but participation is never required for academic standing or institutional benefit.
When you visit our websites or use our online tools, limited technical information may be collected, such as:
This information is used to maintain functionality, security, and performance.
If you register or participate through third-party tools (e.g., event platforms or academic partners), we may receive limited information necessary to administer your participation, such as your name, email address, registration status, or attendance confirmation.
Some events may include photography, audio, or video recording for educational or archival purposes. Where recording occurs, notice will be provided in advance or at the event. Attendance after notice constitutes consent to incidental capture. Reasonable alternatives (such as camera-free participation) will be offered where feasible.
ELM Society does not intentionally collect sensitive personal information and discourages its submission unless explicitly requested for a clearly defined purpose.
ELM Society does not want or request identifiable patient information. If such information is submitted, we will take reasonable steps to limit access and remove it where feasible.
We use personal information only for purposes appropriate to an educational, not-for-profit student society, including:
In Canada, personal information is generally collected, used, and disclosed with your knowledge and consent, except where permitted or required by law. Consent may be express or implied depending on context and sensitivity.
In other jurisdictions, we apply consistent principles of transparency, data minimization, and reasonable safeguards.
ELM Society does not sell or rent personal information.
We may share information in limited circumstances:
We use reputable third-party, cloud-based service providers for website hosting, communications, event registration, document storage, and payment processing. These providers act on ELM Society's instructions and are expected to maintain appropriate confidentiality and security safeguards. We do not permit service providers to use personal information for their own marketing purposes.
Relevant information may be shared with authorized chapter and national leadership strictly for legitimate administrative and programming needs.
Information may be disclosed where required to comply with law, respond to lawful requests, or protect the safety and integrity of ELM Society and its community.
Aggregated or de-identified data may be used for reporting, planning, or improvement purposes.
ELM Society does not operate or maintain its own servers. All personal information is processed and stored within secure, third-party cloud environments.
Because ELM Society operates across multiple regions, personal information may be processed outside your province, state, or country. Where required, we take reasonable steps to ensure appropriate safeguards are in place for cross-border processing.
Our websites may use cookies and similar technologies to support functionality, security, and performance. You can control cookies through your browser settings; blocking cookies may affect site functionality.
ELM Society does not operate a targeted advertising business model and does not knowingly share personal information for cross-context behavioral advertising.
You may opt out of non-essential communications by using unsubscribe links or contacting us at hello@elmsociety.org. Essential administrative communications may still be sent where necessary.
We take reasonable administrative, technical, and organizational measures to protect personal information, including access controls, authentication practices, encryption where appropriate, and vendor security considerations. No system is perfectly secure, but we continuously work to improve protections.
If a security incident occurs, we will assess, contain, and remediate the issue. Where required by law, we will notify affected individuals and regulators and maintain appropriate records of incidents.
Personal information is retained only as long as reasonably necessary for program administration, continuity, and legal or compliance purposes. When no longer needed, information is securely deleted or de-identified.
Individuals may request access to or correction of their personal information, subject to applicable law and reasonable verification of identity.
ELM Society programming is intended for university-level audiences. We do not knowingly collect personal information from children under 13.
ELM Society is not responsible for the privacy practices of third-party sites linked from our platforms.
We may update this Policy periodically. Updates will be posted with a revised effective date.