- how NCA collects and uses personal information across various platforms;
- how and when NCA provides personal information to others;
- how NCA stores and secures personal information; and
- the choices individuals have about what NCA does with their personal information.
- HOW NCA COLLECTS AND USES PERSONAL INFORMATION
NCA collects a wide variety of personal information in many different ways. By way of example, an individual that would like to attend an NCA event will be asked by NCA, or its vendor, to provide personal information, to the extent necessary, to register for the conference. NCA may also ask an individual to provide personal information in order to attend a training event, join a committee or working group, or to obtain information which may include NCA developments, NCA membership notices, or NCA industry newsletters. Such information may be collected through NCA’s web properties (or its vendors’ web properties) through online forms, over the phone, or in person. This information is usually provided to us or our vendors by the individual voluntarily, and typically includes the person’s name, title, and place of employment, employer address, and other contact information, including telephone and email. NCA may also receive personal information from other sources, such as a business partner that is assisting us with marketing one of our events. NCA occasionally purchases trade customer contact lists from trade publications and/or other sources. Before the data is added to our database, all records are held for verification by a third party. As part of the verification process, the third-party contacts the individual on behalf of NCA to obtain consent to receive specified communications from the association. NCA’s web properties (which include candyusa.com, sweetsandsnacks.com, and alwaysatreat.com) employ user tracking cookies, automatically downloaded to a visitor’s web browser, for the purpose of retargeting individuals with marketing and communications content. Other than the usage data required for digital ad retargeting, no personal information is recorded about the individual by our system. The usage data is deleted from the system within 90 days of their last visit to an NCA web property.
USE AND LEGAL BASIS FOR USE
NCA primarily uses personal information to communicate with individuals who work for our member companies about industry updates and our membership offerings. We also communicate with representatives of non-member companies regarding offerings available to non-member participants. NCA makes all reasonable efforts to limit uses of personal information for such communications to that which is reasonably necessary for our legitimate business interests. NCA does engage various third-party vendors for functions that it does not have the capacity to conduct with our own staff, which often necessitates sharing personal information with those third parties. Such functions include marketing NCA events, preparing speakers and presenters for our events, and creating mobile applications for conferences and events. These third parties will only use this personal information for the purpose for which the information was collected. NCA does not sell personal information to third parties. The following are the types of data that NCA collects and the purpose of such collection. In addition to the legal basis provided below, NCA may also obtain consent as a legal basis for such processing.
- We may process data about your use of our web properties and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This usage data may be processed for the purposes of analyzing the use of the website and services. The usage data is also applied in retargeting site visitors with marketing and communications content. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services, as well as promoting NCA content, services and events.
- We may process member account data (“member data”) that includes personal information of individuals that are employed by an NCA member company. The member data may include an individual’s name, employer, job title or role, contact details, and information contained in communications between NCA and the individual or the individual’s employer. The source of the member data can be the individual or the individual’s employer. Member data may be processed for the purposes of managing our relationships with members, which may include conducting committee, board, and working group business, communicating about in-person or virtual meetings, conferences, webinars, training, publications, and other services. The legal basis for this processing is our legitimate interests, namely the proper management of our member relationships.
- We may process personal information submitted to us by individuals (“inquiry data”) for the purposes of providing those individuals with information or communications, such as newsletters, industry information, and other resources, as well as direct user support and feedback. Inquiry data may include personal information submitted by individuals with and without member company affiliations. The legal basis for this processing is our legitimate interests, including proper management of our member and customer relationships.
- We may process transaction information, including that which is related to the purchase of goods and services, that you enter through our web properties or by email or phone (“transaction data”). Transaction data may include your contact details and other personal information necessary to complete a transaction, including financial information. The transaction data may be processed for the purpose of supplying educational and networking promotions and information about other association or industry programs, events, and/or resources, and keeping proper records of those transactions. Transaction data may include personal information submitted by individuals with and without member company affiliations. Such transaction data may be collected through the establishment of accounts with NCA’s third party vendors. The legal basis for this processing is our legitimate interests, including proper management of our customer and member relationships. The legal basis for this processing may also include the performance of a contract between you and NCA and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our web properties and business interests.
- If NCA processes the above data to send email to you, we may use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.
- NCA may also process personal information for marketing research studies. The information you voluntarily provide is used for research analysis and we analyze the answers in aggregate. Information you provide in response to or in connection with a market research study is and will be provided to our clients or other entities or the public as part of cumulative market research information or statistical data in the ordinary course, but without identifying you individually, directly or indirectly. The legal basis for this processing is our legitimate interests, namely monitoring and improving our services and member relationships.
- Our event vendors that have mobile applications may collect information from your mobile device, such as unique identifying information broadcast from your device hardware and software specifications to facilitate communication through the application. Our legal basis for such processing is your consent.
- We may process any of your personal information identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
- We may process any of your personal information identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
- In addition to the specific purposes set forth herein, we may also process any of your personal information where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
PROVIDING YOUR PERSONAL INFORMATION TO OTHERS
HOW NCA STORES AND PROTECTS PERSONAL INFORMATION
Most personal information collected by NCA is stored in our database which is maintained in Washington DC, and in 3rd party cloud environments. NCA does not store financial information (such as credit card numbers) used for purchases. The NCA has implemented administrative, technical, and physical safeguards in accordance with industry standards and generally accepted by information security professionals for the protection of personal data to protect personal information that it maintains and transmits. NCA requires any of its downstream subcontractors that further process NCA personal information to also implement administrative, technical, and physical safeguards in accordance with industry standards to protect NCA personal information that they may maintain and/or transmit. Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Should NCA be the victim of a data breach, NCA will provide notice to all potentially impacted contacts within seventy-two (72) hours of discovery.
If you are individual in the European Union and NCA processes your personal information in connection with offering goods or services within the European Union, you have certain rights to your personal information:
- Right of access. You can request an electronic copy of your personal information contained within our system.
- Right to rectification. If your personal information is inaccurate or incomplete, you are entitled to have it updated or completed.
- Right to erasure. You may ask us to delete or remove your personal information in certain circumstances.
- Right to restrict or object to processing. You may ask us to restrict or block the processing of your personal information in certain circumstances, or request no contact from us.
- Right to data portability. You have the right to obtain your personal information from us that is contained in our system for transfer to a third party, in certain circumstances.
- Right to withdraw consent. If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
In order to make a request to exercise any of these rights, please contact us by email, at [email protected]. If you have a concern about our privacy practices, including the way we have handled your personal information, you can report it to the data protection authority that is authorized to hear those concerns. The relevant authority is the data protection authority in your country of residence, the country where you work, or the country in which the alleged unlawful use of your personal information occurred.