Effective date: March 4, 2020
What Information Does IMLA Collect?
IMLA collects some personal information including: your name, home or work address, telephone number, email address, pictures, and billing information (e.g. credit card or debit card, billing address, etc.).
This information is collected via our membership forms, registration forms for webinars, IMLA live events, and purchase of IMLA products and services, and on forms for access to our listservs and working groups.
How Does IMLA Use Collected Information?
IMLA uses the information it collects to process product and service orders, and to deliver the products and services requested. Financial information collected by IMLA is used solely for the purpose of billing for access to our products, services, webinars, and live events.
IMLA does not sell, rent, or lease its member or customer information or lists to third parties.
We sometimes hire other companies to provide limited services on our behalf, such as handling the processing and delivering of electronic mailings, processing transactions, and product delivery. IMLA also contracts with third parties for our distance learning programs and live events. We only provide these companies with the personal information necessary to deliver services.
For a list of companies we contract with please contact us at firstname.lastname@example.org.
Personal information collected on this site may be stored and processed in the United States or any other country in which IMLA or the companies it contracts with maintain facilities. By using this site, you consent to any such transfer of information outside of your country. IMLA abides by the Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data form the European Union.
Security of Your Personal Information
IMLA is committed to protecting your personal information. We use a variety of security technologies and internal procedures to keep your personal information safe from unauthorized access, use, or disclosure.
Control of Your Personal Information
IMLA offers members and customers choices for the collection, use, and sharing of personal information. Please contact us at email@example.com for more information.
California Specific Rights
A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.
California members may request further information about our compliance with this law by e-mailing firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.
GDPR Specific Rights
IMLA complies with the principles of the GDPR, which are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality
Your privacy and security is of the utmost importance to us. We will always follow these principles and encourage you to reach out to us at email@example.com if you have any questions.
You are entitled to the following:
- The right to be informed – this entitles you to be informed as to whether your personal data is being processed by IMLA.
- The right of access – this enables you to receive a copy of your data and to check that we are lawfully processing it.
- The right to rectification – this enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- The right to erasure – this enables you to ask us to delete or remove your data where there is no good reason for us to continue to process it. You have the right to ask us to delete or remove your data where you have exercised your right to object to processing.
- The right to restrict processing – this enables you restrict our processing of your personal data.
Under the GDPR, you, the individual has various other rights in addition to the rights stated above. To exercise those rights please email us at firstname.lastname@example.org.
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, please contact us at email@example.com. We will seek to deal with your request without undue delay, and in any event in accordance with requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If you have any complaints about how we handle your personal data, please contact us so we may resolve the issue where possible. If you need to make a complaint please contact us at firstname.lastname@example.org. You also have the right to lodge a complaint about any use of your information with your Data Protection Authority.
Data We Collect
Legal Basis for Data Processing
IMLA certifies that it has the following legal basis to process your personal data:
- Consent – applies to billing and other financial information when you purchase an IMLA product or service such as event attendance, webinars, documents, etc.
- Contract – applies to your name and contact information as it relates to our hotel contracts for IMLA events (for this we also ask for consent), third-party contracts necessary to provide services to IMLA members such as webinars, products, and other events, and contracts with you to provide services such as access to our member benefits and services or products purchased
- Legitimate interests – all items that do not fit in the consent or contract categories are authorized because it is within our legitimate interests.
If you have provided consent, that consent may be withdrawn at any time. However, withdrawing your consent will not render unlawful any data processing that occurred prior to the withdrawal of consent. You can withdraw consent by contacting us at email@example.com.
Please be aware that, in certain circumstances, where you do not provide personal information which is required by us, we will not be able to provide the products and services under our contract with you or may be able to comply with a legal obligation imposed on us. You will be made aware if this situation arises and what the consequences of not providing the personal information will be. For questions, email us at firstname.lastname@example.org.
When the justification for processing your personal information is our legitimate interests, we will conduct a legitimate interest assessment to determine what specific interest IMLA has in processing your personal information.
Sharing Personal Data with Third Parties
The types of third parties we may share elements of your personal data include:
- Payment processors engaged by us to securely store or handle payment information, such as credit or debit card details, billing information, and other financial information
- Providers of email management and distribution tools
- Providers of security and fraud prevention services
- Providers of our webinar, teleconference, and live events
- Development companies for our Conference and Mid-Year Seminar app
- Data management and storage services
Data Transfers to non-EU Countries
For data transfers to non-EU countries, IMLA abides by the EU – US Privacy Shield Framework.
Changes to this Policy