IDPro Privacy Notice
Last Update 18 September 2018
How we collect and use (process) your personal information
Personal information you give to us:
Your correspondence with IDPro
Purposes for processing your data
Personal information we get from third parties
What happens if you don’t give us your data
When and how we share information with others
Transferring personal data from the EU to the US
Changes and updates to the Privacy Notice
Questions, concerns or complaints
IDPro is a professional membership association for people who work in the field of digital identity.
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes IDPro’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
IDPro collects personal information about its members and other visitors to its web properties. With a few exceptions, this information is limited to the kinds of information that can be found on a business card: first name, last name, job title, employer name, work address, work email, and work phone number. We use this information to provide members with goods and services, including membership services and digital identity content, and to optimise our service delivery. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of IDPro services.
When you become an IDPro member, we collect information about you including (but not limited to) your name, your employer’s name, your work address (including your country location), and your email address. We may also collect your personal email address, a personal mailing address, and a mobile phone number. We may ask members to voluntarily provide additional information in their membership profile, such as information about their educational background, number of years in identity, and the like. Members may edit their profile at any time to change, add, or remove personal information.
We process your personal information for membership administration, to deliver member benefits to you, and to inform you of IDPro-related events, content, and other benefits or opportunities associated with your IDPro membership. IDPro may also use this information to help IDPro understand our members’ needs and interests to better tailor our products and services to meet your needs.
IDPro relies on fulfillment of contract as the lawful basis under GDPR Article 6 for processing members’ personal information.
IDPro attends several events throughout the year including in-person conferences such as Identiverse and the European Identity and Cloud Conference, for example. If you request additional information from IDPro at such events, we will collect your name and contact information, and we will store it in our database(s) and use it to provide you with the information you have requested.
IDPro offers a great deal of content for our members. In addition to producing original content, IDPro also subscribes to news feeds and blogs produced by others, to which we may link from our website. This means you may find yourself on IDPro website or reading an email from an IDPro publications team and we will offer you a link to another organization’s website where you will find content on digital identity that we find relevant and useful to you. At these times, you will be leaving the IDPro website. IDPro is not responsible or liable for content provided by these third party websites or personal information they may gather from you.
You may manage your IDPro subscriptions by subscribing or unsubscribing at any time. Please note that if you have set your browser to block cookies, this may have an impact on your ability to unsubscribe. If you have any difficulties managing your email or other communication preferences with IDPro, please contact us at firstname.lastname@example.org.
IDPro uses Google Analytics to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our members find useful or interesting, so we can produce the most valuable content to meet your needs.
We also conduct surveys that we use to produce original research on the privacy profession and for service optimization purposes. We do not track individuals but look at information in the aggregate only. Participation in surveys is voluntary.
If you correspond with us by email, the postal service, or other forms of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of IDPro events, publications, or other services; or to keep a record of your complaint, request, and the like. As always, if you wish to have IDPro “erase” your personal information or otherwise refrain from communicating with you, please contact us at email@example.com.
Note: if you ask IDPro not to contact you by email at a certain email address, IDPro will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request.
IDPro has a legitimate interest in maintaining personal information of those who communicate voluntarily with IDPro.
As explained above, IDPro processes your data to provide you with the goods or services you have requested or purchased from us, including membership services, events, publications and other content, certification, and training. We use this information to refine our goods and services to better tailor them to your needs and to communicate with you about other services IDPro offers that may assist you in your career or otherwise help you do your job as a identity professional. Most of the time, IDPro needs to process your personal data to fulfill an order for goods or services – including membership services, with all the attendant benefits and professional opportunities IDPro provides. Sometimes IDPro has a legitimate interest in processing data to better understand the needs, concerns, and interests of IDPro members and prospective members so IDPro can operate optimally as an association and as a business.
You may choose to purchase goods or services from IDPro using a payment card. Typically, payment card information is provided directly by members or prospective members, via the IDPro website, into the PCI/DSS-compliant payment processing service to which IDPro subscribes, and IDPro does not, itself, process or store the card information. Occasionally, members or customers ask IDPro employees to, on their behalf, enter payment card information into the PCI/DSS-compliant payment processing service to which IDPro subscribes. We strongly encourage you not to submit this information by email. When IDPro employees receive payment card information from customers or members by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.
From time to time, IDPro receives personal information about individuals from third parties. This may happen if your employer is a corporate member of IDPro and signs you up for membership.
You may luxuriate in many of IDPro’s services without giving us your personal data. Some of the information on our website is available even to those who are not IDPro members. You can even enter only the minimal amount of information (name and contact information) to your IDPro member profile if you wish, and you can edit your profile at any time. Some personal information is necessary so that IDPro can supply you with the services you have purchased or requested, and to authenticate you so that we know it is you and not someone else. You may manage your IDPro subscriptions and you may opt-in or opt-out of receiving marketing communication at any time.
As is true of most other websites, the IDPro’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of the IDPro’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
IDPro has a legitimate interest in understanding how members, potential members, and the general public use its website. This assists IDPro with providing more relevant products and services, with communicating value to our community and to our members, and with providing appropriate staffing to meet member and community needs.
IDPro tracks users when they cross from our primary public website (IDPro.org) to the members only and/or administration areas of the site by logging in with their username and password. IDPro also keeps a record of third party websites accessed when a user is on the IDPro site and clicks on a hyperlink. But IDPro does not track users to subsequent sites and does not serve targeted advertising to them. IDPro does not, therefore, respond to Do Not Track (DNT) signals.
Information about your IDPro purchases and membership status are maintained in association with your membership or profile account. The personal information IDPro collects from you is stored in one or more databases hosted by third parties located in the United States and Canada. On occasion, IDPro may engage third parties to mail information to you, including items like books you may have purchased, or material from an event sponsor.
We do not otherwise reveal your personal data to third-parties for their independent use unless: (1) you request or authorize it (for example, by opting in to the IDPro member directory); (2) it’s in connection with IDPro-hosted and IDPro co-sponsored/hosted events as described above; (3) the information is provided to comply with the law (for example, to comply with a search warrant, subpoena or court order), to enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our members and site visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers and/or other third parties for marketing or promotional purposes.
IDPro makes member information available through the IDPro Member Directory to other IDPro members using this Site. Member information is only shared in the Member Directory with other IDPro members if they opt-in for disclosure.
IDPro has its headquarters in the United States. Information we collect from you will be processed in the United States and Canada.
The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. IDPro relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, IDPro collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of IDPro in a manner that does not outweigh your rights and freedoms. IDPro endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with IDPro and the practices described in this Privacy Notice. IDPro also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate.
Canada has received an “adequacy” finding from the European Union under Article 45 of the GDPR.
This Privacy Notice is intended to provide you with information about what personal data IDPro collects about you and how it is used. If you have any questions, please contact us at firstname.lastname@example.org.
If you wish to confirm that IDPro is processing your personal data, or to have access to the personal data IDPro may have about you, please contact us at email@example.com.
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office (ico.org.uk).
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside IDPro might have received the data from IDPro; what the source of the information was (if you didn’t provide it directly to IDPro); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by IDPro if it is inaccurate. You may request that IDPro erase that data or cease processing it, subject to certain exceptions. You may also request that IDPro cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how IDPro processes your personal data. When technically feasible, IDPro will—at your request—provide your personal data to you or transmit it directly to another controller.
Reasonable access to your personal data will be provided at no cost to IDPro members, event attendees and others upon request made to IDPro at firstname.lastname@example.org. If access cannot be provided within a reasonable time frame, IDPro will provide you with a date when the information will be provided. If for some reason access is denied, IDPro will provide an explanation as to why access has been denied.
To help protect the privacy of data and personally identifiable information you transmit through use of this site, we maintain physical, technical and administrative safeguards. We update and test our security technology (or require our third party providers to do so on our behalf) on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees (and require our third party providers to train their employees) about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
Your personal data is stored by IDPro on the servers of the cloud-based database management services IDPro engages, located in the United States and Canada. IDPro retains data for the duration of the customer’s or member’s business relationship with IDPro and for a period of time thereafter to allow members to recover accounts if they decide to renew, to analyze the data for IDPro’s own operations, and for historical and archiving purposes associated with IDPro’s history as a membership association. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact IDPro at email@example.com.
As our organization, membership and benefits change from time to time, this Privacy Notice is expected to change as well. We reserve the right to amend the Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice at this Site. We may email periodic reminders of our notices and terms and conditions and will email IDPro members of material changes thereto, but you should check our Site frequently to see the current Privacy Notice that is in effect and any changes that may have been made to it.
By using this site, you agree to the terms and conditions contained in this Privacy Notice and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this Site or any IDPro benefits or services. You agree that any dispute over privacy or the terms contained in this Privacy Notice, or any other agreement we have with you, will be governed by the laws of Delaware. You also agree to arbitrate such disputes in Delaware, and to abide by any limitation on damages contained in any agreement we may have with you.
Please contact IDPro at firstname.lastname@example.org