NASCIO’s Guiding Principles for Privacy Protection
NASCIO’s Guiding Principles for Privacy Protection
- The security of your information is of the utmost importance to us.
- We limit the collection of personal data to what is volunteered and what is required for legitimate business purposes.
- We only use your data for the purposes with which it was collected.
- We do not sell personal data to third parties for profit.
- Collection of Personal Data that You Choose to Share with NASCIO:NASCIO collects information from our association members, business partners, and others who choose to share their information with us. Typically, personal data is collected when you sign up for a webinar, register for a conference, sign up for newsletters or otherwise request a product or service offered by NASCIO. Personal data that is collected could include: name, email, company name, job title, phone numbers, dietary requirements and/or physical accommodations. We may also ask you for credit card information or similar financial information if you are seeking a paid-service like registering for our conferences.
NASCIO does NOT sell your personal data nor do we sell web analytics information to third parties. When we use third parties who provide certain services (e.g. conference and webinar registration, communications) to help us meet business operation needs, we may have to share your data with them. Member data can be located on-premise or off-premise or on cloud services hosted by third parties. We do not link data collected from the web to individuals unless it is for a legitimate business purpose and/or necessary to protect the NASCIO website from compromise.
As a federal grant recipient, NASCIO may be required to report on the number and types of organization that download federal grant-related products. We may also be required to disclose your personal data in the unlikely event that it is required by law or court order.
- What is a Cookie: Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information. For example, cookies can store your session information for easy log-in to a website or platform, or your language or other preferences and may allow websites to record your browsing activities (e.g. number of page views, number of visitors).
- Session Cookies: NASCIO uses session cookies, which stay on your computer until you close your internet browser. This information is aggregated and used for web analytics purposes only to ensure that NASCIO’s website is relevant for members and other visitors. Information collected may include the following:
- Source site (the site from which a user traveled to the NASCIO website, such as a search engine or link from another website)
- Aggregate information about which pages are visited the most
- Browser and operating system used, and
- Home country of the visitor.
- Persistent Cookies: NASCIO uses persistent cookies that are only stored on our server to log website visitors’ IP addresses. We do this to improve the experience of members who choose to authenticate themselves via a username and password to our website. We then link the IP address to the username and password of those members.
- NASCIO Guidance on Sharing Your Personal Data: NASCIO discourages you from sending us sensitive personal information such as financial information or Social Security Numbers via email. If there is a need for such information, we will request it in a way that minimizes the risk of identity theft and fraud.
- EU Data Subjects: This section applies to individuals located in the European Union.
- Data Controller. NASCIO is the data controller for the processing of your Personal Data. When using the NASCIO Community, Higher Logic is the Data Controller.
- Your Rights. Subject to applicable law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Data for direct marketing.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
- You may exercise your rights by contacting us as indicated under “Contact Us” section below.
- Point of Contact: For questions about this policy or to raise a concern, please contact NASCIO Executive Director, Doug Robinson, at firstname.lastname@example.org by calling us at 859.514.9150.