This policy addresses the collection and use of personal information by the California Association for Institutional Research (CAIR). Included in this policy are consumers of CAIR information, products and services, and others who engage with CAIR (referred to as “users”).
INFORMATION COLLECTION
CAIR does not collect any personal information from general website visitors (http://cair.org). However, when users request information from CAIR, register for our annual conference, sign up for our listserv, or complete other voluntary forms and materials (e.g., submit a conference proposal, sign up to be a volunteer, complete evaluation surveys) personal information may be requested. Any information collected is for internal use and will not be shared with or disclosed to third parties except as described within this policy.
When CAIR collects personal information, it is with the intent to better serve users and to inform decisions/programming about the annual conference. The following information may be required of users in online and offline transactions, surveys, information requests, and/or the purchase of products and services. Basic information requested of users may include but is not necessarily limited to:
INFORMATION USE
Typically, CAIR uses the personal information collected to:
SHARING INFORMATION
CAIR shares information about those who register for the annual conference in the following ways:
Attendee first name, last name, email address, institution/organization affiliation, and position title are shared with conference sponsors for contact of registrants through 1) one pre-conference email invitation to their product/booth and 2) one post-conference follow-up email. This information is provided to sponsors as a benefit to increase conference sponsorships, thereby minimizing conference registration costs for attendees. Sponsors are contractually prohibited from use or storage of information other than for use at the conference sponsored.
Attendee first name, last name, email address, segment affiliation are shared by request with Segment meeting letters for the purpose of surveying potential attendees on their topics of interest for the session.
Names, institutions/affiliations, and contact information is made available to app users in the conference event app, unless users opt out.
CHANGING/UPDATING PERSONAL INFORMATION
Users who wish to amend or remove personal information stored by CAIR should contact the CAIR Secretary at cair.secretary@cair.org
COOKIES
CAIR uses cookies to help manage its website in an effort to better serve visitors. A cookie is a piece of data that is either maintained only for the duration of a particular session visit or is stored on the user’s computer to support future visits. CAIR may make use of both types of cookie.
Session cookies are used to enhance and make more efficient the user’s experience during a site visit. Once the user closes the browser, the cookie terminates.
Persistent cookies store small text files on the user’s hard drive for extended periods of time and “remember” visit activities to help make subsequent visits more efficient. Users may remove persistent cookies by following internet browser help instructions.
CONSENT
When CAIR requests sensitive and/or personal information from users, the reason for the request and the intended use of the information is clearly stated. If more information is desired, the user should respond to the requestor directly, or contact the CAIR Secretary at cair.secretary@cair.org. By using the CAIR website or engaging with CAIR products/services, users consent to this privacy policy. Users may withdraw consent for CAIR to maintain personal information at any time via email cair.secretary@cair.org with a subject line of “Personal Consent Withdrawal.” Note that withdrawal of consent to maintain personal information may preclude the requestor from participation in certain activities (e.g. registration and payment information is required to attend the CAIR conference).
SURVEYS AND WEBFORMS
CAIR periodically offers users and other members of the higher education community the opportunity to participate in surveys. The purpose of each survey is clearly defined, and participation in these surveys is completely voluntary. When CAIR uses third-party services to conduct surveys, the privacy practices of the third parties apply to the data collected. See the section on Third Party privacy practices below.
A combination of Qualtrics, Google Forms, and/or Survey Monkey are used for session and conference evaluations, proposal submission and selection, sponsor survey, Sam Agronow Scholarship application, and other surveys as needed. All information provided to CAIR are retained in these systems. Qualtrics, Google Forms, and Survey Monkey privacy statements provide detailed information.
THIRD PARTIES
CAIR employs the services of third parties to support its activities and the information and services provided to users. Some of those third parties are described below, though this is not necessarily an exhaustive list of the third parties with whom CAIR deals. CAIR is not responsible for the privacy practices or security of such third-parties. If you are uncomfortable with CAIR’s relationship with third parties like the ones below, you may cease using this website, though doing so may compromise your ability to access CAIR information and/or participate in CAIR activities.
Google Analytics:
CAIR may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses persistent cookies to analyze how users interact with a website. The information generated by the cookie about use of the website (including users’ IP addresses) is transmitted to and stored by Google. Google uses this information to compile reports on website activity for website operators and provides other services relating to website activity and internet use. Google may also transfer this information to third parties when required to do so by law, or when third parties process the information on Google’s behalf. Google will not associate users’ IP addresses with any other data held by Google.
Refusing use of Google Analytics. Users may refuse the use of cookies by selecting the appropriate settings in their browsers; however, doing so may affect full functionality of the CAIR website. By using the CAIR website, users consent to the processing of data about their activity by Google in the manner and for the purposes set out above. The Google Privacy Policy and the Google Analytics Terms of Service provide detailed information.
MailChimp:
CAIR uses MailChimp to disseminate Association email messages. CAIR gathers statistics on email open rates and clicks using industry standard technologies in an effort to monitor and improve its services. The MailChimp privacy notice provides detailed information.
Eventbrite:
Eventbrite provides sponsor payment services and registration/payment services used for the annual CAIR conference. All payment and registration information are retained within Eventbrite. Privacy statements provide detailed information.
Attendify:
Attendify provides the conference App used for the annual CAIR conference. CAIR gathers statistics and information regarding conference participants’ session choices, session/workshop evaluations, and any demographic information users opt to provide. The Attendify privacy policy provides detailed information.
Unsubscribing from the conference App. Users who have questions about removing their information from the conference app may contact the CAIR Secretary at cair.secretary@cair.org.
SECURITY
CAIR takes the security of users’ personal information seriously and is committed to ensuring that its information technology (IT) systems, infrastructure, and applications are secure. Unfortunately, the transmission of information via the internet is not completely secure. Therefore, CAIR cannot guarantee the security of users’ information transmitted to our website. Any transmission of personal information via the CAIR website is at the user’s risk. CAIR does not assume any liability for third-party use of general or personal information, whether obtained legally or illegally from or through its website.
COMPROMISE OF INFORMATION
In the event that any personal information under CAIR’s control is compromised as a result of a breach of security, CAIR will take reasonable steps to investigate and resolve the situation in a timely manner, and where appropriate, notify individuals whose information may have been at risk. In all such situations, CAIR will take any and all necessary steps in accordance with applicable laws.
LEGAL DISCLAIMER
CAIR reserves the right to disclose users’ personally identifiable information as required by law and when it is determined that disclosure is necessary to protect the rights, property, or safety of CAIR, its users, or others; or to comply with judicial proceedings, court orders, or legal processes served on or otherwise required of CAIR.
PHOTOGRAPHY ACKNOWLEDGEMENT
By registering for the annual conference attendees acknowledge the following statement:
You acknowledge and agree that by registering for the CAIR conference and attending the conference and participating in the associated events, your image and/or voice may be captured or otherwise recorded in one or more media (e.g., digital or traditional video, photography, or sound recording), and you further agree that such images or recordings may be used by CAIR in original form or as part of compilations or derivative works for promotion of CAIR and its sponsored events, including but not limited to the CAIR conference. Further, you hereby waive any rights of publicity and any claims for damages, royalties, or other compensation related to CAIR’s use as indicated herein.
CHANGES IN THIS PRIVACY POLICY
CAIR reserves the right to modify this privacy policy at any time. All changes are posted to this page, as indicated by the revision date noted at the bottom of the page. User consent is based on the specifications of this privacy policy at time of use, and it is the user’s responsibility to familiarize oneself with the policy, including revisions.
LINKS TO OTHER SITES
The Website may contain links to third-party sites that are not under our control. We are not responsible for the privacy practices, security or content of such third-party sites or your use of the same.
CONTACT INFORMATION
If you have any questions about CAIR’s privacy protection practices or believe we have not adhered to this Policy, please contact us at cair.secretary@cair.org
EU PRIVACY NOTICE
If you are a resident of the European Union (EU) or European Economic Area (EEA) whose personal information we collect, the following additional information applies to you.
1 Introduction
1.1 – Where you are an EU or EEA resident andCAIR knowingly collects your personal information (also called ‘personal data’), we will do so in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR’) and EU member state national laws that implement or regulate the collection, processing and privacy of your personal data (together, ‘EU Data Protection Law’).
1.2 – This EU privacy notice (‘EU Privacy Notice’) which should be read in conjunction CAIR’s Privacy Policy provides further information as required under EU Data Protection Law on how we handle or process the personal data we collect and who we may share it with.
1.3 – This Privacy Notice also provides information on your legal rights under EU Data Protection Law and how you can exercise them.
2 How personal data is collected
2.1 – CAIR may hold and process personal data that is collected from organizations around the world, including within the EU/EEA.
2.2 – This is to make sure that the personal data that CAIR receives and processes (so far as it relates to residents of the EU/EEA) is properly safeguarded in accordance with similar legal standards of privacy you would enjoy under EU Data Protection Law.
3 Direct Marketing
3.1 – If CAIR provides direct marketing communications to individuals in the EU/EEA regarding services and/or events which may be of interest, this will be done in accordance with EU Data Protection Law, and in particular where we contact individuals for direct marketing purposes by SMS, email, fax, social media and/or any other electronic communication channels, this will only be with the individual’s consent or in relation to similar services to services that the individual has purchased (or made direct enquiries about purchasing) from CAIR before.
3.2 – Individuals are also free to object or withdraw consent to receive direct marketing from us at any time, by contacting us using the email address below.
4 The lawful grounds on which we might collect and process personal data
4.1 – If we process your personal data for the above purposes, we will rely on one or more of the following lawful grounds under EU Data Protection Law:
(a) where you have freely provided your specific, informed and unambiguous consent for CAIR to process your personal data for particular purposes:
(b) where we agree to provide services to you, in order to set up and perform our contractual obligations to you and/or enforce our rights:
(c) where we need to process and use your personal data in connection with our legitimate interests and being able to effectively manage and operate our organization in a consistent manner across all territories. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right to privacy: and/or
(d) where we need to comply with a legal obligation or for the purpose of us being able to establish, exercise or defend legal claims.
4.2 – Please also note that some of the personal data we receive and that we process may include what is known as ‘sensitive’ or ‘special category’ personal data about you, for example, information regarding your ethnic origin or political, philosophical and religious beliefs. This is not the type of data that CAIR would routinely collect, but if we process such sensitive or special category data we will only do this in specific situations where:
(a) you have provided this with your explicit consent for us to use it: or,
(b) there is a legal obligation on us to process such data in accordance with EU Data Protection Law
(c) it is needed to protect your vital interests (or those of someone else) such as in a medical emergency: or,
(d) where you have clearly chosen to publicize such information: or,
(e) where needed in connection with a legal claim that we have or may be subject to.
5 Disclosing your personal data to third parties
5.1 – We may disclose your personal data to certain third party organizations who are processing data solely in accordance with our instructions (called ‘data processors’) such as companies and/or organizations that support our operations (for example providers of web or database hosting, IT support, payment providers, event organizers, agencies we use to conduct fraud checks or mail management service providers) as well as professionals we use such as lawyers, insurers, auditors or accountants. We only use those data processors who can guarantee to us that adequate safeguards are put in place by them to protect the personal data they process on our behalf.
5.2 – We may also disclose your personal data to third parties who make their own determination as to how they process your personal data and for what purpose(s) (called “data controllers”). The external third party data controllers identified above may handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organizations to understand how they may use your personal data.
5.3 – Other than as described above, we will treat your personal data as private and will not routinely disclose it to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you (such as a criminal investigation). We always aim to ensure that your personal data is only used by third parties we deal with for lawful purposes and who observe the principles of EU Data Protection Law.
6 How long we retain your personal data
6.1 – CAIR retains personal data identifying you for as long as necessary in the circumstances.
6.2 – The criteria we use for determining the relevant retention and disposal periods for information obtained from EU residents are based on the purpose for which we hold data and the reasonable expectations of those whose personal data we collect in these circumstances, taking into account various legislative requirements and guidance issued by relevant EU regulatory authorities.
6.3 – The personal data that we no longer need will be disposed of.
7 Your personal data rights
7.1 – In accordance with your legal rights under EU Data Protection Law, you have a ‘subject access request’ right under which can request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to as well as certain other information.
7.2 – Usually we will have one month to respond to a subject access request. However, we reserve the right to verify your identity and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests. We may also require further information to locate the specific information you seek and certain legal exemptions under EU Data Protection Law may apply when responding to your subject access request.
7.3 – Under EU Data Protection Law. EU/EEA residents also have the following rights. which are exercisable by making a request to us in writing:
(a) that we correct personal data that we hold about you which is inaccurate or incomplete:
(b) that we erase your personal data without undue delay if we no longer need to hold or process it:
(c) to object to any automated processing (if applicable) that we carry out in relation to your personal data. for example if we conduct any automated credit scoring:
(d) to object to our use of your personal data for direct marketing, if any:
(e) to object and/or to restrict the use of your personal data for purposes other than those set out above unless we have a compelling legitimate reason: or
(f) that we transfer personal data to another party where the personal data has been collected with your consent or is being used to perform a contract with you and is being processed by automated means.
7.4 – So we can fully comply, please note that these requests may also be forwarded on to third party data processors who are involved in the processing of your personal data on our behalf.
7.5 – If you would like to exercise any of the rights set out above, please contact us at cair.secretary@cair.org.
7.6 – If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to the Office of the Information Commissioner in the United Kingdom.
Last revision date: September 11th, 2019