Effective 15 September 2020
“Personal Data” is any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. Such information which has been de-identified or aggregated is not considered Personal Data.
REVISIONS TO THIS NOTICE
From time to time, we may amend this Notice by posting it to the Site. Your continued use of the Site and our services following the posting of any changes shall constitute your acceptance of the revised Notice.
HOW TO CONTACT US
For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the Data Controller is BICSI.
Our Vice President of Administration and Chief Financial Officer, Betty Eckebrecht, CAE, is responsible for overseeing questions in relation to this Notice for the purposes of the GDPR.
You can contact us by phone at +1 813.979.1991 or 800.242.7405 (USA and Canada toll-free), by sending an email to firstname.lastname@example.org or by mail at 8610 Hidden River Parkway, Tampa, FL 33637.
HOW WE COLLECT PERSONAL DATA
Personal Data that you give us
We may collect and process the following Personal Data:
- Contact information, which you provide when corresponding with us by phone, e-mail or otherwise. This includes information you provide when you participate in discussion boards or other social media functions on our Site and when you report a problem with our Site. The information you give us may include your name, address, e-mail address, phone number, and/or financial information.
- Membership information, about your membership including your name, contact details such as address, phone number and email address (business or personal), age, gender, job title, year of admission and any other information related to your membership. Membership information may be provided by you during the registration process, or by your employer on your behalf.
- Dues payment information, including financial information and account numbers used to register or renew your membership.
- Purchase information, relating to purchases made by members and non-members of training, conference and event participation, books, reports, journals or newsletter subscriptions either in-person or via our Site. Purchase information will include financial information as well as information concerning the content and time of the purchase.
- Disciplinary information, relating to ethics/disciplinary programs in which complaints against members are adjudicated, with the result being possible suspension/expulsion from membership. This may include extensive information about a member's business or professional activities, including employment information, and similar information relating to other individuals involved in the investigation, though would usually not include financial information.
- Certification information, relating to certification programs, in which members are granted certification if they meet specified educational/employment experience requirements and/or pass an exam. This may include extensive information about the experience/performance of those certified or accredited. Where the certification concerns an institution or business, this may include similar information identifying employees and other members of staff including volunteers.
How we collect Personal Data
With regard to each of your visits to the Site we will automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Information about your visit, including pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and
- Location information
Personal Data we collect from others
We may receive information about you from publicly available and third-party databases or services that provide information about businesspeople that we believe will help us identify provide products and services that may be of interest to you. We will obtain your consent before contacting you if required by the law of the country in which you are located.
We collect information that is sent to us automatically by your web browser and we may use this information to generate aggregate statistics about visitors to our Site, including, without limitation:
- IP addresses
- Browser type and plug-in details
- Device type (e.g., desktop, laptop, tablet, phone, etc.)
- Operating system
- Local time zone
We employ "cookies" to collect information about you and your usage of the website. A cookie is a small text file that is placed on your computer and collects information about how you use our website. We also gather information about your individual use of our services, such as types of data accessed, times and volume of use, duration of sessions and other similar usage or system data. If you are not logged into our website but are browsing the website's public areas, we log IP addresses and domain names. We cannot use this technical non-personally identifiable information to identify you personally. Please check your web browser if you want to learn what information your browser sends or how to change your settings.
HOW WE USE YOUR PERSONAL DATA
We will only process your Personal Data, including sharing it with third parties, where (1) you have provided your consent, which can be withdrawn at any time, (2) the processing is necessary for the performance of a contract to which you are a party, (3) we are required by law, (4) processing is required to protect your vital interests or those of another person, or (5) processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your rights and interests. Such legitimate interest purposes may include:
- fraud prevention
- ensuring network and information security
- indicating possible criminal acts or threats to public security, including enhancing protection of our community against spam, harassment, intellectual property infringement, crime, and security risks of all kind, and enforcing legal claims, including investigation of potential violations of our Terms and Conditions
- when we are complying with legal obligations
- processing employee or visitor, member, attendee, or registrant data
- performing the function or service you requested of us
- providing our services and their functionality to you where such processing is necessary for the purposes of the legitimate interests pursued by us or by our service providers related to the services
- direct marketing
- the relevant and appropriate relationship we have with you
- analytics, e.g., assess the number of visitors, page views, use of the Site, etc., in order to understand how our Site and services are being used, to optimize the Site and/or future communications, and to develop new services and Site features
- updating your information and preferences
- offering and improving our services
- enforcing legal claims, including investigation of potential violations of applicable Terms and Conditions
Personal Data that you give us
We may use Personal Data that you provide directly to us for the following purposes:
- to carry out our obligations arising from your membership, or any other contract entered into between you and us and to provide you with the information, products and membership services that you request from us;
- to organize events that you have purchased or registered for, and to provide you with information, and other materials, relating to the content of the event, the speakers, sponsors and other attendees;
- to provide our newsletter and other publications, provided you have given your consent;
- to respond to your questions and provide related membership services;
- to provide you with information about other events, products and services we offer that are similar to those that you have already purchased, provided you have not opted-out of receiving that information;
- to provide you, or permit selected third parties to provide you, with information about events, products or services we feel may interest you, provided you have given your consent;
- to notify you about changes to our membership service; and
- to ensure that content from our Site is presented most effectively for you and your computer.
Information we collect about you
We will use Personal Data that we have collected about your use of our Site:
- to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Site to ensure that content is presented most effectively for you and your computer; as part of our efforts to keep our Site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them.
Personal Data we receive from other sources
We will combine this information with information you give to us and information we collect about you. We will use this information and the combined Personal Data for the purposes set out above (depending on the types of information we receive).
We may use non-Personal Data for various business purposes such as providing customer service, fraud prevention, market research, and improving our Site.
WHEN WE SHARE AND WHO CAN ACCESS YOUR PERSONAL DATA
We may share your Personal Data for the purposes described in this Notice with:
- a member of our organization
- partners, service providers, suppliers and sub-contractors, for the performance of obligations arising from your membership, our services, or any other contract we enter into with them or you or to provide you with the information, products and membership services that you request from us
- analytics and search engine providers that assist us in the improvement and optimization of our Site
- trusted third-party companies and individuals to help us provide, analyze, and improve the Site and our membership services (including but not limited to data storage, maintenance services, database management, web analytics and payment processing)
- exhibitors, for their marketing and commercial purposes (including, but not limited to, their sending you marketing and related communications), but only if you have both registered for a conference and either had your attendee credentials scanned by the exhibitor at its booth or enter an exhibitor’s booth virtually online (this does not apply to casual website visitors or conference attendees who are not registered to enter the exhibit hall)
- service providers who manage our conferences
- By registering, attending and/or participating in the BICSI Conference and Events, you consent to and grant to BICSI, the unrestricted, perpetual, worldwide, royalty-free and transferable right and license to use and to distribute (both now and in the future) your image and/or voice in photographs, videotapes, electronic reproductions, and audiotapes (both live an on demand) of the BICSI Conferences and Events.
- You shall not photograph, audio, or video record any and all portions of the BICSI Conference and Events without the prior written consent of BICSI.
- We will only transfer your Personal Data to trusted third-parties who provide sufficient technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
Required Disclosures: Except as otherwise described in this Notice, we will not disclose your Personal Data to any third party unless required to do so by law, court order, legal process, or subpoena, including to respond to any government or regulatory request, or if we believe that such action is necessary to: (a) comply with the law, comply with legal process served on us or our affiliates, subsidiaries, contracted vendors, or affinity partners, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) enforce our Terms or customer agreement (including for billing and collection purposes); (c) take precautions against liability; (d) investigate and defend ourselves against any third-party claims or allegations; (e) assist government enforcement agencies or to meet national security requirements; (f) to protect the security or integrity of our Website, our Services, or any software we provide related thereto; or, (g) exercise or protect the rights, property, or personal safety of us, our users or others.
We will attempt to notify you about these requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon us, our users, our Site, or our services. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact if we determine in good faith that we are no longer legally prohibited from doing so and that no risk scenarios described in this paragraph apply.
It is likely that the identity and categories of such third parties will change during the life of your account. We require that our third-party service providers only use your Personal Data as necessary to provide the requested services to us and each service provider is subject to a set of terms consistent with the applicable portions of this Notice.
SELLING YOUR PERSONAL DATA
We will never sell your Personal Data to third parties without your opt-in consent. You consent to our disclosure of your Personal Data and other information to a potential or actual buyer of our company or other successor for the purpose of considering a merger, divestiture, restructuring, reorganization, dissolution, change in control, or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or other court proceeding, in which Personal Data held by us is among the assets transferred. You agree to and do hereby consent to (and shall not object to) our assignment, conveyance, transfer, and/or license (whether by contract, merger or operation of law) of any or all of our rights to your Personal Data and your consents, in whole or in part, and other information, with or without notice to you and without your further consent. You also acknowledge and consent to our providing your Personal Data to conference exhibitors (as described above), which action may be as a quid pro quo for an exhibitor’s registration fee for a conference.
Although we use security measures to help protect your Personal Data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of information transmitted to us over the internet.
All information you provide to us is stored on secure servers.
Any payment transactions will be encrypted using SSL technology.
TRANSFER OF PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA ("EEA") AND INTERNATIONAL USES
We are headquartered in the United States. Your Personal Data may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If you are visiting our Site from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated. By using our Service, you consent to any transfer of this information.
HOW LONG WE STORE YOUR PERSONAL DATA
We will store your Personal Data, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Data is processed. We may retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it. Consistent with these requirements, we will try to delete your Personal Data quickly upon request.
We will retain your information for as long as your account is active or as needed to provide you with our Site. If you wish to cancel your account or request that we no longer use your information to provide you service, contact us at email@example.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We maintain one or more databases to store your Personal Data and may keep such information indefinitely.
WHERE WE STORE YOUR PERSONAL DATA
The Personal Data that you provide to us is generally stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that once your Personal Data is submitted through our Site, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place.
Our Sites are not directed to children under the age of 13, if you are not 13 years or older, do not use our Site. We do not knowingly collect Personal Data from children under the age of 13. If we learn that Personal Data of persons less than 13 years-of-age has been collected through our Site, we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child or a minor under the age of 13 has posted, submitted or otherwise communicated Personal Data to our Site without your consent, then you may alert us at firstname.lastname@example.org so that we may take appropriate action to remove the minor's Personal Data from our systems.
LINKS TO THIRD PARTY SITES AND SERVICES
Our Sites may contain links to third party websites, applications and services not operated by us. These links are provided as a service and do not imply any endorsement by us of the activities or content of these sites, applications or services nor any association with their operators. Company is not responsible for the privacy policies or practices of any third party including websites or services directly linked to our Service. We encourage you to review the privacy policies of any third party site that you link from our Service.
Correction and removal
If any of the information that we have about you is incorrect, you may change it by visiting your BICSI Profile.
If you wish to have information (including Personal Data) removed from our records, please contact us at email@example.com.
Additionally, if you prefer not to receive marketing messages from us, please let us know by clicking on the unsubscribe link within any marketing message that you receive or by updating your email preferences under your BICSI Profile.
By providing us with your email address (including by “following,” “liking,” linking your account to our Website or Service or other services, etc., on a third party website or network), you consent to our using the email address to send you Service-related notices by email, including any notices required by law, in lieu of communication by postal mail. You also agree that we may send you notifications of activity regarding the Site to the email address you give us, in accordance with any applicable privacy settings. We may use your email address to send you other messages or content, such as, but not limited to, newsletters, additions or changes to features of the Site, our services, or for other purposes. If you do not want to receive such email messages, you may opt out by emailing us your opt-out request or, where available, by clicking “unsubscribe” at the bottom of our e-newsletter. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or offers. You may not opt out of Service-related emails.
Your European Rights
FOR EUROPEAN RESIDENTS ONLY. You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you (before collecting your Personal Data) if we intend to use your Personal Data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Data. You can also exercise the right by contacting us using the Contact Us section on our Site.
Under European data protection law, in certain circumstances, you have the right to:
- Request access to your Personal Data. You may have the right to request access to any Personal Data we hold about you as well as related information, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making.
- Request correction of your Personal Data. You may have the right to obtain without undue delay the rectification of any inaccurate Personal Data we hold about you.
- Request deletion of your Personal Data. You may have the right to request that Personal Data held about you is deleted.
- Object to processing of your Personal Data. You may have the right to prevent or restrict processing of your Personal Data.
- Request restriction of processing your Personal Data Request transfer of your Personal Data. You may have the right to request transfer of Personal Data directly to a third party where this is technically feasible.
- Withdraw your consent
In addition, where you believe that BICSI has not complied with its obligations under this Notice or European law, you have the right to make a complaint to an EU Data Protection Authority, such as the UK Information Commissioner’s Office.
You can exercise any of these rights by contacting us using the Contact Us section on our Site.
CHANGES TO THIS NOTICE
If we make any material changes to this Notice or the way we use, share or collect personal Data, we will notify you by revising the “Effective Date” at the top of this Notice, prominently posting an announcement of the changes on our Site, or sending an email to the email address you most recently provided us (unless we do not have such an email address) prior to the new policy taking effect.
Any changes we make to this Notice in the future will be posted on this page and, where appropriate, notification sent to you by email. Please check back frequently to see any updates or changes to this Notice.