CALIFORNIA ASSOCIATION FOR INSTITUTIONAL RESEARCH
This policy addresses the collection and use of personal information by the California Association for Institutional Research (CAIR). Included in this policy are consumers of CAIR information, products and services, and others who engage with CAIR (referred to as “users”).
CAIR does not collect any personal information from general website visitors (https://cair.org). However, when users request information from CAIR, register for our annual conference, sign up for our listserv, or complete other voluntary forms and materials (e.g., submit a conference proposal, sign up to be a volunteer, complete evaluation surveys) personal information may be requested. Any information collected is for internal use and will not be shared with or disclosed to third parties except as described within this policy.
When CAIR collects personal information, it is with the intent to better serve users and to inform decisions/programming about the annual conference. The following information may be required of users in online and offline transactions, surveys, information requests, and/or the purchase of products and services. Basic information requested of users may include but is not necessarily limited to:
- First name
- Last name
- Email address
- Nickname/preferred name
- Institution/organization affiliation
- Postal address
- Phone number(s)
- Employment Information
- Current and past job title(s)
- Current and past employer(s)
- Years/duration of employment
- Position description(s)
- Professional and scholarly experience(s)
- Education Levels/Degrees Attained
- Race/ethnicity (always optional)
- Sex/gender (always optional)
- Records of transactions with CAIR
- Emergency contact information
- Conference presentation information (proposals and past activity)
- Conference session attendance, selection, and feedback
- CAIR maintains speakers’/presenters’ biographical information used in relevant event online programs and stores event evaluation results
- Dietary preferences (for event planning purposes)
Typically, CAIR uses the personal information collected to:
- Respond to inquiries and requests;
- Plan for our annual conference;
- Communicate transactional information, such as receipts for products/services or event registration information;
- Provide user access to electronic mailing lists, newsletters, or databases; and/or
- Contact users about the products/services for which they have expressed interest.
CAIR shares information about those who register for the annual conference in the following ways:
Attendee first name, last name, email address, institution/organization affiliation, and position title are shared with conference sponsors for contact of registrants through 1) one pre-conference email invitation to their product/booth and 2) one post-conference follow-up email. This information is provided to sponsors as a benefit to increase conference sponsorships, thereby minimizing conference registration costs for attendees. Sponsors are contractually prohibited from use or storage of information other than for use at the conference sponsored.
Attendee first name, last name, email address, segment affiliation are shared by request with Segment meeting letters for the purpose of surveying potential attendees on their topics of interest for the session.
Names, institutions/affiliations, and contact information is made available to app users in the conference event app, unless users opt out.
CHANGING/UPDATING PERSONAL INFORMATION
Users who wish to amend or remove personal information stored by CAIR should contact the CAIR Secretary at email@example.com
Session cookies are used to enhance and make more efficient the user’s experience during a site visit. Once the user closes the browser, the cookie terminates.
Persistent cookies store small text files on the user’s hard drive for extended periods of time and “remember” visit activities to help make subsequent visits more efficient. Users may remove persistent cookies by following internet browser help instructions.
SURVEYS AND WEBFORMS
CAIR periodically offers users and other members of the higher education community the opportunity to participate in surveys. The purpose of each survey is clearly defined, and participation in these surveys is completely voluntary. When CAIR uses third-party services to conduct surveys, the privacy practices of the third parties apply to the data collected. See the section on Third Party privacy practices below.
A combination of Qualtrics, Google Forms, and/or Survey Monkey are used for session and conference evaluations, proposal submission and selection, sponsor survey, Sam Agronow Scholarship application, and other surveys as needed. All information provided to CAIR are retained in these systems. Qualtrics, Google Forms, and Survey Monkey privacy statements provide detailed information.
CAIR employs the services of third parties to support its activities and the information and services provided to users. Some of those third parties are described below, though this is not necessarily an exhaustive list of the third parties with whom CAIR deals. CAIR is not responsible for the privacy practices or security of such third-parties. If you are uncomfortable with CAIR’s relationship with third parties like the ones below, you may cease using this website, though doing so may compromise your ability to access CAIR information and/or participate in CAIR activities.
CAIR may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses persistent cookies to analyze how users interact with a website. The information generated by the cookie about use of the website (including users’ IP addresses) is transmitted to and stored by Google. Google uses this information to compile reports on website activity for website operators and provides other services relating to website activity and internet use. Google may also transfer this information to third parties when required to do so by law, or when third parties process the information on Google’s behalf. Google will not associate users’ IP addresses with any other data held by Google.
CAIR uses MailChimp to disseminate Association email messages. CAIR gathers statistics on email open rates and clicks using industry standard technologies in an effort to monitor and improve its services. The MailChimp privacy notice provides detailed information.
Eventbrite provides sponsor payment services and registration/payment services used for the annual CAIR conference. All payment and registration information are retained within Eventbrite. Privacy statements provide detailed information.
Unsubscribing from the conference App. Users who have questions about removing their information from the conference app may contact the CAIR Secretary at firstname.lastname@example.org.
CAIR takes the security of users’ personal information seriously and is committed to ensuring that its information technology (IT) systems, infrastructure, and applications are secure. Unfortunately, the transmission of information via the internet is not completely secure. Therefore, CAIR cannot guarantee the security of users’ information transmitted to our website. Any transmission of personal information via the CAIR website is at the user’s risk. CAIR does not assume any liability for third-party use of general or personal information, whether obtained legally or illegally from or through its website.
COMPROMISE OF INFORMATION
In the event that any personal information under CAIR’s control is compromised as a result of a breach of security, CAIR will take reasonable steps to investigate and resolve the situation in a timely manner, and where appropriate, notify individuals whose information may have been at risk. In all such situations, CAIR will take any and all necessary steps in accordance with applicable laws.
CAIR reserves the right to disclose users’ personally identifiable information as required by law and when it is determined that disclosure is necessary to protect the rights, property, or safety of CAIR, its users, or others; or to comply with judicial proceedings, court orders, or legal processes served on or otherwise required of CAIR.
By registering for the annual conference attendees acknowledge the following statement:
You acknowledge and agree that by registering for the CAIR conference and attending the conference and participating in the associated events, your image and/or voice may be captured or otherwise recorded in one or more media (e.g., digital or traditional video, photography, or sound recording), and you further agree that such images or recordings may be used by CAIR in original form or as part of compilations or derivative works for promotion of CAIR and its sponsored events, including but not limited to the CAIR conference. Further, you hereby waive any rights of publicity and any claims for damages, royalties, or other compensation related to CAIR’s use as indicated herein.
LINKS TO OTHER SITES
The Website may contain links to third-party sites that are not under our control. We are not responsible for the privacy practices, security or content of such third-party sites or your use of the same.
If you have any questions about CAIR’s privacy protection practices or believe we have not adhered to this Policy, please contact us at email@example.com
EU PRIVACY NOTICE
If you are a resident of the European Union (EU) or European Economic Area (EEA) whose personal information we collect, the following additional information applies to you.
1.1 – Where you are an EU or EEA resident andCAIR knowingly collects your personal information (also called ‘personal data’), we will do so in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR’) and EU member state national laws that implement or regulate the collection, processing and privacy of your personal data (together, ‘EU Data Protection Law’).
1.3 – This Privacy Notice also provides information on your legal rights under EU Data Protection Law and how you can exercise them.
2 How personal data is collected
2.1 – CAIR may hold and process personal data that is collected from organizations around the world, including within the EU/EEA.
2.2 – This is to make sure that the personal data that CAIR receives and processes (so far as it relates to residents of the EU/EEA) is properly safeguarded in accordance with similar legal standards of privacy you would enjoy under EU Data Protection Law.
3 Direct Marketing
3.1 – If CAIR provides direct marketing communications to individuals in the EU/EEA regarding services and/or events which may be of interest, this will be done in accordance with EU Data Protection Law, and in particular where we contact individuals for direct marketing purposes by SMS, email, fax, social media and/or any other electronic communication channels, this will only be with the individual’s consent or in relation to similar services to services that the individual has purchased (or made direct enquiries about purchasing) from CAIR before.
3.2 – Individuals are also free to object or withdraw consent to receive direct marketing from us at any time, by contacting us using the email address below.
4 The lawful grounds on which we might collect and process personal data
4.1 – If we process your personal data for the above purposes, we will rely on one or more of the following lawful grounds under EU Data Protection Law:
(a) where you have freely provided your specific, informed and unambiguous consent for CAIR to process your personal data for particular purposes:
(b) where we agree to provide services to you, in order to set up and perform our contractual obligations to you and/or enforce our rights:
(c) where we need to process and use your personal data in connection with our legitimate interests and being able to effectively manage and operate our organization in a consistent manner across all territories. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right to privacy: and/or
(d) where we need to comply with a legal obligation or for the purpose of us being able to establish, exercise or defend legal claims.
4.2 – Please also note that some of the personal data we receive and that we process may include what is known as ‘sensitive’ or ‘special category’ personal data about you, for example, information regarding your ethnic origin or political, philosophical and religious beliefs. This is not the type of data that CAIR would routinely collect, but if we process such sensitive or special category data we will only do this in specific situations where:
(a) you have provided this with your explicit consent for us to use it: or,
(b) there is a legal obligation on us to process such data in accordance with EU Data Protection Law
(c) it is needed to protect your vital interests (or those of someone else) such as in a medical emergency: or,
(d) where you have clearly chosen to publicize such information: or,
(e) where needed in connection with a legal claim that we have or may be subject to.
5 Disclosing your personal data to third parties
5.1 – We may disclose your personal data to certain third party organizations who are processing data solely in accordance with our instructions (called ‘data processors’) such as companies and/or organizations that support our operations (for example providers of web or database hosting, IT support, payment providers, event organizers, agencies we use to conduct fraud checks or mail management service providers) as well as professionals we use such as lawyers, insurers, auditors or accountants. We only use those data processors who can guarantee to us that adequate safeguards are put in place by them to protect the personal data they process on our behalf.
5.2 – We may also disclose your personal data to third parties who make their own determination as to how they process your personal data and for what purpose(s) (called “data controllers”). The external third party data controllers identified above may handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organizations to understand how they may use your personal data.
5.3 – Other than as described above, we will treat your personal data as private and will not routinely disclose it to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you (such as a criminal investigation). We always aim to ensure that your personal data is only used by third parties we deal with for lawful purposes and who observe the principles of EU Data Protection Law.
6 How long we retain your personal data
6.1 – CAIR retains personal data identifying you for as long as necessary in the circumstances.
6.2 – The criteria we use for determining the relevant retention and disposal periods for information obtained from EU residents are based on the purpose for which we hold data and the reasonable expectations of those whose personal data we collect in these circumstances, taking into account various legislative requirements and guidance issued by relevant EU regulatory authorities.
6.3 – The personal data that we no longer need will be disposed of.
7 Your personal data rights
7.1 – In accordance with your legal rights under EU Data Protection Law, you have a ‘subject access request’ right under which can request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to as well as certain other information.
7.2 – Usually we will have one month to respond to a subject access request. However, we reserve the right to verify your identity and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests. We may also require further information to locate the specific information you seek and certain legal exemptions under EU Data Protection Law may apply when responding to your subject access request.
7.3 – Under EU Data Protection Law. EU/EEA residents also have the following rights. which are exercisable by making a request to us in writing:
(a) that we correct personal data that we hold about you which is inaccurate or incomplete:
(b) that we erase your personal data without undue delay if we no longer need to hold or process it:
(c) to object to any automated processing (if applicable) that we carry out in relation to your personal data. for example if we conduct any automated credit scoring:
(d) to object to our use of your personal data for direct marketing, if any:
(e) to object and/or to restrict the use of your personal data for purposes other than those set out above unless we have a compelling legitimate reason: or
(f) that we transfer personal data to another party where the personal data has been collected with your consent or is being used to perform a contract with you and is being processed by automated means.
7.4 – So we can fully comply, please note that these requests may also be forwarded on to third party data processors who are involved in the processing of your personal data on our behalf.
7.5 – If you would like to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
7.6 – If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to the Office of the Information Commissioner in the United Kingdom.
Last revision date: September 11th, 2019