Reading Preference
Introduction

The International Association of Privacy Professionals is a professional membership association for people who work in the field of information privacy and data protection. We do not knowingly attempt to solicit or receive information from children.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes the IAPP’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

The IAPP is headquartered in New Hampshire, in the United States. The IAPP has appointed an internal data protection officer for you to contact if you have any questions or concerns about the IAPP’s personal data policies or practices. The IAPP’s data protection officer’s name and contact information are as follows:

Rita Heimes
IAPP
75 Rochester Avenue
Portsmouth, New Hampshire, USA
dpo@iapp.org
+1 603-427-9200

How we collect and use (process) your personal information

The IAPP collects personal information about its members and other customers. With a few exceptions, this information is limited to the kinds of information that can be found on a business card: first name, last name, job title, employer name, work address, work email, and work phone number. We use this information to provide members and customers with goods and services, including membership services, privacy and data protection content, certification, training, and the like. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of IAPP services.

How we collect and use (process) your personal information close
  1. Personal information you give to us:

    1. Membership

      When you become an IAPP member, we collect information about you including (but not limited to) your name, your employer’s name, your work address (including your country location), and your email address. We may also collect your personal email address, a personal mailing address, and a mobile phone number. We ask members to voluntarily provide additional information in their membership profile, such as information about their educational background, number of years in privacy, and the like. Members may edit their profile at any time to change, add, or remove personal information.

      We process your personal information for membership administration, to deliver member benefits to you, and to inform you of IAPP-related events, content, and other benefits or opportunities associated with your IAPP membership. The IAPP may also use this information to help the IAPP understand our members’ needs and interests to better tailor our products and services to meet your needs.

      Members often participate in local KnowledgeNet chapter meetings. These meetings are organized by volunteers (KnowledgeNet chapter chairs) and take place at various locations that donate their space for the meetings. The IAPP collects registration information from IAPP members and their guests, which it shares with the KnowledgeNet chapter chairs and location hosts for purposes of verifying registration and to ensure only registered guests are allowed attendance.

    2. Live events and web conferences

      The IAPP hosts many events throughout the year. These include in-person conferences like the Global Privacy Summit and the Data Protection Congress, for example, as well as live web conferences (collectively “events”). If you register for one of our events and you are a member, we will access the information in your member account to provide you with information and services associated with the event. If you are not a member and you register for one of our events, we will collect your name and contact information, which we will store in our database(s) and use to provide you with information and services associated with the event.

      If you are a presenter at one of our events, we will collect information about you including your name, employer and contact information, and photograph, and we may also collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances.

      We keep a record of your participation in IAPP events as an attendee or presenter. This information may be used to provide you with membership and certification services (such as, for example, keeping track of your Continuing Privacy Education (CPE) credits, or to tell you about other events and publications). It may also be used to help the IAPP understand our members’ needs and interests to better tailor our products and services to meet your needs.

      In association with attending one or more of our conferences, you will have the option to download the “IAPP Events App” to help you navigate the conference and plan your schedule. The IAPP Events App may require the device identifier associated with your device but does not collect or use any other personal data.

      Some of our events are sponsored. The IAPP provides an attendee list to sponsors, co-sponsors and exhibitors of our events. The IAPP may also allow sponsors, co-sponsors and/or exhibitors to send you material by mail once per sponsored event, in which case the IAPP engages a third-party mailing house and does not share your mailing address directly with the sponsor/exhibitor. If you do not wish to have your information included in an attendee list or to receive information from sponsors, co-sponsors and/or exhibitors, you can express your preferences when you register for events or you may contact the IAPP directly at dpo@iapp.org.

    3. Publications

      The IAPP offers a great deal of content for our members. In addition to producing original content, the IAPP also subscribes to news feeds and blogs produced by others, which we often link to from our website. This means you may find yourself on the IAPP website or reading an email from the IAPP publications team and we will offer you a link to another organization’s website where you will find content on privacy or data protection that we find relevant and useful to you. At these times, you will be leaving the IAPP website. The IAPP is not responsible or liable for content provided by these third party websites or personal information they may happen to gather from you.

      You may wish to subscribe to the IAPP’s publications without becoming a member of the IAPP. For example, many people sign up to receive the IAPP’s Daily Dashboard even though they are not IAPP members. To receive IAPP newsletters by email, you will need to create a “profile” with us which involves providing the IAPP with at least your first name and last name, an email address, and the country in which you live. The IAPP does not share this information with any third party other than to store the information in our cloud-hosted databases.

      You may manage your IAPP subscriptions by subscribing or unsubscribing at any time. Please note that if you have set your browser to block cookies, this may have an impact on your ability to unsubscribe. If you have any difficulties managing your email or other communication preferences with the IAPP, please contact us at dpo@iapp.org.

      The IAPP uses Google Analytics to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our members find useful or interesting, so we can produce the most valuable content to meet your needs.

      We also conduct surveys that we use to produce original research on the privacy profession. We do not track individuals but look at information in the aggregate only. Participation in surveys is voluntary.

    4. Training

      If you participate in IAPP training, you may sign up directly through the IAPP in which case we collect your name and contact information directly from you. You may, alternatively, sign up for training – or be signed up for training – by or through a third party such as one of our training partners, or your own employer. We may also use independent contractors to conduct the training and third parties to provide the training venue. Your personal information will be stored in our database (hosted by cloud service provider) and may also be shared with our training partners, trainers, and/or the venue hosting the event (to verify your indentity when you arrive). The IAPP’s training partners, trainers, and training venue hosts have agreed not to share your information with others and not to use your personal information other than to provide you with IAPP products and services.

    5. Certification

      When you sign up to take one of the IAPP’s certification exams, we will collect your name and contact information. We will also collect and store information you provide to us about your need for special accommodations. This information may be shared with our computer-based exam hosting service. The computer-based exam hosting service may also share with us information you provide to them to verify your identity in taking the exam. The IAPP will collect your exam results and, in conjunction with maintaining your certification(s), your record of participation in continuing privacy education. Only authorized employees within the IAPP have access to your certification exam scores and personal information pertaining to any special accommodations you may request.

    6. Your correspondence with the IAPP

      If you correspond with us by email, the postal service, or other form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of IAPP conferences, publications, or other services; or to keep a record of your complaint, accommodation request, and the like. As always, if you wish to have the IAPP “erase” your personal information or otherwise refrain from communicating with you, please contact us at dpo@iapp.org.

      Note: if you ask the IAPP not to contact you by email at a certain email address, the IAPP will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request.

    7. Purposes for processing your data

      As explained above, the IAPP processes your data to provide you with the goods or services you have requested or purchased from us, including membership services, events, publications and other content, certification, and training. We use this information to refine our goods and services to better tailor them to your needs and to communicate with you about other services the IAPP offers that may assist you in your career or otherwise help you do your job as a privacy professional.

    8. Payment card information

      You may choose to purchase goods or services from the IAPP using a payment card. Typically, payment card information is provided directly by users, via the IAPP website, into the PCI/DSS-compliant payment processing service to which the IAPP subscribes, and the IAPP does not, itself, process or store the card information. Occasionally, members or customers ask IAPP employees to, on their behalf, enter payment card information into the PCI/DSS-compliant payment processing service to which the IAPP subscribes. We strongly encourage you not to submit this information by email. When IAPP employees receive payment card information from customers or members by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.

  2. Personal information we get from third parties

    From time to time, the IAPP receives personal information about individuals from third parties. This may happen if your employer is a corporate member of the IAPP and signs you up for training, certification, or membership. One of our third-party training partners may also share your personal information with the IAPP when you sign up for training, certification or membership through that training partner.

  3. What happens if you don’t give us your data

    You can enjoy many of the IAPP’s services without giving us your personal data. Much of the information on our website is available even to those who are not IAPP members. You can even enter only the minimal amount of information (name and contact information) to your IAPP member profile if you wish, and you can edit your profile at any time. Some personal information is necessary so that the IAPP can supply you with the services you have purchased or requested, and to authenticate you so that we know it is you and not someone else. You may manage your IAPP subscriptions and you may opt-out of receiving marketing communication at any time.

Use of the iapp.org website

As is true of most other websites, the IAPP’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of the IAPP’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. The IAPP’s website also uses cookies and web beacons. It does not track users when they cross to third party websites, does not provide targeted advertising to them, and therefore does not respond to Do Not Track (DNT) signals.

Use of the iapp.org Website close

As is true of most other websites, the IAPP’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of the IAPP’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. The IAPP’s website also uses cookies and web beacons. It does not track users when they cross to third party websites, does not provide targeted advertising to them, and therefore does not respond to Do Not Track (DNT) signals.

  • Cookies and web beacons

    Cookies are pieces of data that a Web site transfers to a user's hard drive for record-keeping purposes. Web beacons are transparent pixel images that are used in collecting information about website usage, e-mail response and tracking.

    The Site uses cookies and Web beacons to provide enhanced functionality on the site (e.g., user ID and password prompts, and conference registration) and aggregate traffic data (e.g., what pages are the most popular). These cookies may be delivered in a first-party or third-party context. The IAPP may also use cookies and web beacons in association with e-mails delivered by the IAPP. Our Site also captures limited information (user-agent, HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to our Site; we may use this information to analyze general traffic patterns and to perform routine system maintenance. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies and web beacons, please consult the privacy features in your browser.

    This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using the IAPP website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

    The IAPP also uses a marketing database management program that deploys a cookie when a user interacts with a marketing communication, such as a marketing email or a marketing-based landing page on our website. This cookie collects personal information such as your name, which pages you visit on the IAPP website, your history arriving at the IAPP website, your purchases from the IAPP and the like. We use this information to evaluate the effectiveness of our marketing campaigns. You may set your browser to block these cookies.

  • Do not track

    The IAPP tracks users when they cross from our primary public website (iapp.org) to our “IAPP community” portion of the site (my.iapp.org) by logging in with their user name and password, as well as when visitors to our website enter through a marketing landing page (pages.iapp.org). The IAPP does not track its customers when they cross to third party websites, does not provide targeted advertising to them, and therefore does not respond to Do Not Track (DNT) signals.

When and how we share information with others

Information about your IAPP purchases and certification status are maintained in association with your membership or profile account. The personal information the IAPP collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, the IAPP engages third parties to mail information to you, including items like books you may have purchased, or material from an event sponsor.

When and how we share information with others close

Information about your IAPP purchases and certification status are maintained in association with your membership or profile account. The personal information the IAPP collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, the IAPP engages third parties to mail information to you, including items like books you may have purchased, or material from an event sponsor.

We do not otherwise reveal your personal data to third-parties for their independent use unless: (1) you request or authorize it; (2) it’s in connection with IAPP-hosted and IAPP co-sponsored conferences as described above; (3) the information is provided to comply with the law (for example, to comply with a search warrant, subpoena or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf; and (7) through the IAPP Member Directory. We may also gather aggregated data about our members and Site visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers and/or other third parties for marketing or promotional purposes.

The IAPP website uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to "like" or share information from the IAPP website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.

  • Member Directory

    The IAPP makes member information available through the IAPP Member Directory to other IAPP members using this Site. Members are invited to opt-in to having their information shared in the Member Directory.

Transferring personal data from the EU to the US

The IAPP has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. The IAPP relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, the IAPP collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of the IAPP in a manner that does not outweigh your rights and freedoms. The IAPP endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with the IAPP and the practices described in this Privacy Notice. The IAPP also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.

Data subject rights

This Privacy Notice is intended to provide you with information about what personal data the IAPP collects about you and how it is used. If you have any questions, please contact us at dpo@iapp.org.

If you wish to confirm that the IAPP is processing your personal data, or to have access to the personal data the IAPP may have about you, please contact us at dpo@iapp.org.

Data subject rights close

The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office.

This Privacy Notice is intended to provide you with information about what personal data the IAPP collects about you and how it is used. If you have any questions, please contact us at dpo@iapp.org.

If you wish to confirm that the IAPP is processing your personal data, or to have access to the personal data the IAPP may have about you, please contact us at dpo@iapp.org.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside the IAPP might have received the data from the IAPP; what the source of the information was (if you didn’t provide it directly to the IAPP); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by the IAPP if it is inaccurate. You may request that the IAPP erase that data or cease processing it, subject to certain exceptions. You may also request that the IAPP cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how the IAPP processes your personal data. When technically feasible, the IAPP will—at your request—provide your personal data to you or transmit it directly to another controller.

Reasonable access to your personal data will be provided at no cost to IAPP members, conference attendees and others upon request made to the IAPP at dpo@iapp.org. If access cannot be provided within a reasonable time frame, the IAPP will provide you with a date when the information will be provided. If for some reason access is denied, the IAPP will provide an explanation as to why access has been denied.

Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of this Site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Data storage and retention

Your personal data is stored by the IAPP on its servers, and on the servers of the cloud-based database management services the IAPP engages, located in the United States. The IAPP retains data for the duration of the customer’s or member’s business relationship with the IAPP. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact the IAPP’s data protection officer at dpo@iapp.org.

Changes and updates to the Privacy Notice

As our organization, membership and benefits change from time to time, this Privacy Notice and Conditions of Use is expected to change as well. We reserve the right to amend the Privacy Notice and Conditions of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice and Conditions of Use at this Site. We may e-mail periodic reminders of our notices and terms and conditions and will e-mail IAPP members of material changes thereto, but you should check our Site frequently to see the current Privacy Notice and Conditions of Use that is in effect and any changes that may have been made to it.

Changes and updates to the Privacy Notice close

By using this Site, you agree to the terms and conditions contained in this Privacy Notice and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this Site or any IAPP benefits or services. You agree that any dispute over privacy or the terms contained in this Privacy Notice and Conditions of Use, or any other agreement we have with you, will be governed by the laws of the Commonwealth of Pennsylvania. You also agree to arbitrate such disputes in Pennsylvania, and to abide by any limitation on damages contained in any agreement we may have with you.

As our organization, membership and benefits change from time to time, this Privacy Notice and Conditions of Use is expected to change as well. We reserve the right to amend the Privacy Notice and Conditions of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice and Conditions of Use at this Site. We may e-mail periodic reminders of our notices and terms and conditions and will e-mail IAPP members of material changes thereto, but you should check our Site frequently to see the current Privacy Notice and Conditions of Use that is in effect and any changes that may have been made to it. The provisions contained herein supersede all previous notices or statements regarding our privacy practices and the terms and conditions that govern the use of this Site.

Questions, concerns or complaints

Please contact the IAPP’s data protection officer:

Rita Heimes
IAPP
75 Rochester Avenue
Portsmouth, New Hampshire, USA
dpo@iapp.org
+1 603-427-9200