Privacy Policy

Last updated July 10, 2024

Who we are

The Medical Library Association, Inc. (MLA), is a not-for-profit 501(c)3 educational organization. This privacy policy explains how MLA collects, uses, and safeguards information you provide to us.

Scope of the MLA Privacy Policy

This policy applies to your use of the or conference registration websites (MLA Sites) or their paper equivalents (e.g., forms, ballots), which are operated by or on behalf of MLA. This policy does not apply to your use of other websites to which MLA Sites may link.

Personal Information MLA collects is used to help us better serve our members and the health science library community and to improve your user experience. We collect or store only Personal Information that our members and visitors provide. MLA does not collect Personal Information from casual public users browsing MLA Sites.

In the event of a security incident or breach, MLA will notify you without delay after becoming aware of the incident and will provide you with our next steps to protect your Personal Information.

Personal Information We Actively Collect

  • Profile. When you create a user profile or log in to MLA Sites, we ask you to provide us with your name and email address. We use this information to provide you with the service(s) from us that you choose to use. You may also provide optional details about your organization, address, communication preferences, picture, biographical information, and social media identifiers. You may update your profile information by logging into MLANET any time.
  • Purchases. We collect information on products and services you purchase, including membership, products, education courses and webinars, credentialing, and MLA meeting attendance.
  • Education. We collect evaluation information on your experience(s) with MLA education. This information is only individually visible by you and MLA Headquarters staff unless you choose to release it to others, such as with an education transcript or a certificate that you completed a course or earned MLA continuing education credit. We may provide aggregate course evaluation information in reports to instructors or member groups that assess use and satisfaction with MLA education; we do not share individually-identifiable responses.
  • Email. We collect and store email you send to forums and email lists MLA hosts or sponsors. Your email to these lists may be visible to the public (MEDLIB-L), be restricted to the list’s group, or be restricted to MLA’s members. We also collect email that is sent to you automatically by our system; this is visible to you from your profile.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Information Our Systems and Websites Collect

  • Log data. When you use MLA Sites or sites from our affiliate providers for MLA meeting registration or content, our servers log information (“log data”), including information that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it. This log data includes your Internet Protocol (IP) address, the address of and activity on MLA Sites, searches, browser type and settings, the date and time of your request, how you used MLA Sites, cookie data and device data. This data gives us aggregate and anonymized information about pages you access on MLA Sites and other details about your visit.
  • Device information. In addition to log data, we collect information about the device you’re using to access MLA Sites, including the type of device, operating system, and device identifiers. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or a PC, or an iPhone or Android phone. You can find out more about what information your device makes available to us by checking the policies and settings of your device manufacturer, software provider, or your preferred browser.
  • Other data. We collect additional website data from logged-in MLA members, MLA meeting registrants, and guests to improve or provide MLA services and support. Such information remains confidential to MLA Headquarters and will not be released except as aggregate data. For some email sent in HTML format by MLA to its members through its email discussion lists, electronic newsletters, or marketing programs, MLA may identify whether a recipient opens a message or clicks through to links provided in the message.


If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How We Use Your Information

  • Provide you MLA activity history. When you provide Personal Information to MLA, join MLA, receive email from MLA groups, volunteer for MLA groups or committees, take MLA surveys, apply for awards or grants, apply for credentialing, or purchase other MLA products or services, you transactions may be recorded in your personal profile. You may access and view this information at any time.
  • Website traffic and analysis. MLA uses outside third-party services (Google, OpenTracker) and internal cookies (Higher Logic, Conduent, CadmiumCD, Convention Data Services) to analyze web traffic and to make changes and improvements to MLA Sites. For information on how these services protect your website use information, please refer to their privacy policies (see web links below). By using MLA Sites and accepting MLA Site cookies, you consent to the processing of data by these parties in accordance with their privacy policies.

    Aggregate data provided by these third parties are only used for internal and marketing purposes and do not provide any information that would identify you.
  • Email notices and e-marketing. We may use Personal Information you provide in your profile to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your Personal Information in this way, please check the relevant box(s) located in your email preferences area profile or the link included with each of these email messages. If you do not want to receive MLA announcements about changes to our websites but continue to use MLA Sites after any changes to our Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is collected.
  • Profession-related materials and research. MLA may provide the name, physical mailing address or public email address of members, registrants, or attendees to not-for-profit educational organizations, librarian researchers, or other MLA units for use in encouraging participation in continuing education (CE) programs, to conduct research, or to offer specific profession-related materials. We govern this temporary use of member and website guest Personal Information with specific license agreements to ensure protection of your data.
  • Mailing lists. Advertising support is one way MLA supports programs and services that are relevant to members. We may rent membership, guest, and meeting registration lists that include your name and physical mailing address for single use to exhibitors and vendors. You may choose to allow us to provide Personal Information to exhibitors or vendors by selecting the appropriate box in your profile or at time of meeting registration. At MLA annual meetings, you may also decide to provide certain Personal Information, including your name, physical address, and telephone, by allowing meeting exhibitors to scan your annual meeting badge or by providing your business card.
  • Completing MLA purchases. We use financial information you provide to MLA, such as credit card numbers, for billing purposes, to fill orders, to provide services, or for meeting registration. This information is not stored on our servers or accessible to us after the completion of a transaction. Any physical transmission of credit card information is destroyed after we complete your authorized transaction.

    For MLA purchases and for annual meeting registration, you provide your credit card number securely through our designated business partners, and Credit card numbers are only used to process the transactions you request.

How Long MLA Retains Personal Information

The MLA retains Personal Information regarding members indefinitely and guest data for at least seven years as dictated by business, use, and legal requirements. You may access, update or correct your Personal Information or remove it from MLA Sites by making a request to us at the contact information provided below.

For users that register on our website, we also store the personal information you provide in your user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). MLA website administrators can also see and edit that information.

Requests typically receive a response within thirty (30) days. If access or removal cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied.

If you are in a country subject to the General Data Protection Regulation (GDPR), please see the section below for information on your specific rights in relation to the Personal Information we hold about you.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

EU Members and Guests

Scope. This section applies if you are an individual located in the European Union (“EU”). For these purposes, our reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland.

Data Controllers

  • MCI Group acts as data processor on behalf of MLA for personal information that resides on MLANET or MEDLIB-ED, and for personal information that resides on the MLA meeting registration site. MLA is managed by MCI USA and the MLA privacy policy includes MCI data processing for registration.
  • acts as data processor on behalf of MLA for personal information that resides on the annual conference website and app for MLA conference submissions, reviews, and content.
  • Authorize.Net and acts as data processor on behalf of MLA for financial transactions for MLA sites, for meeting registration, and for meeting exhibit fees.

Links to data processor privacy agreements above open in a new tab or window.

Your Rights

Subject to applicable law, you have the following rights in relation to your Personal Information:

  • Right of access: If you ask us, we will confirm whether we have your Personal Data and, if so, provide you with a copy of that Personal Information (along with certain other details). If you require all data to be provided to you in the same format, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Information is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Information with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Information and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Information in certain circumstances, such as when you contest the accuracy of that Personal Information or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Information with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.
  • Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Information from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Information, and we will do so: If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or if we are processing your Personal Data for direct marketing.
  • Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Information, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
  • Right to withdraw consent: If we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Information, you can report it to the data protection authority that is authorized to hear those concerns.

You may exercise your rights by contacting us as indicated under “Contact Us” section below.


  • Legitimate Interest. “Legitimate interests” means the interests of the Medical Library Association in conducting and managing our organization. For example, we have a legitimate interest in processing your Personal Information to analyze how our websites, apps, and products and services are being used by you, and to ensure network and information security, as described in this Privacy Policy. When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Information for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section above.

Changes to Privacy Policy

As our organization, membership benefits, and data collection may change from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the online Privacy Statement at any time, for any reason. MLA will provide notice of Privacy Policy changes on our MLANET home page and in email messages to users.