Last modified 1/31/2019

Introduction

Dispute Resolution Foundation Board, Inc., (“DRBF” or “We”, “us”), respect your privacy and we are committed to protecting your privacy through our compliance with this policy.

This policy describes our practices in connection with information that we collect through our DRBF event mobile application developed by Attendee Hub of Crowd Compass, a subsidiary of Cvent (“Mobile App”), as well as DRBF’s privacy practices in relation to the use of the DRBF website and external marketing activities.

This policy also describes your data protection rights, including a right to object to some of DRBF’s processing. The Policy does not apply to information collected by any third party, including through any third-party application or content that links to or is accessible from our Website or Mobile App.

Are you a Member or Visitor?

This policy applies to the following classification of individuals that interact with DRBF:

  • MEMBERS: Customers are patrons, benefactors, sustaining corporates, sustaining professionals, corporate or government entities, professionals, individuals, governments or academic employees, emerging nations, students or emerging nation government or academics that register on our Website for authorized access to use our Website and Mobile App pursuant to an active DRBF agreement, or under a temporary evaluation license, if available. Additionally, Members who use our Mobile App are ones who have pre-registered for our events on our Website.
  • VISITORS: Individuals that interact with our Website (for instance, to read about DRBF products and services, download a white paper, or sign up for an online event), and whom we meet at various meetings or learn about through a referral from third parties or other external sources.

 

What types of personal data do our Members collect?

Our Website is flexible and allows our Members to search our Membership Directory to collect a variety of personal data from and about our members, including name, organization, title, postal address, e-mail address, telephone number, fax number, website address, and other information including but not limited to, experience, profession, sector, county, geographical data, and languages.

If you do not agree with our policies and practices, you may choose not to use our Website or Mobile App.

How do our Members collect personal data?

  • When Members voluntarily and explicitly enter personal data into our Website.
  • When our Members conduct a search of our Member database on our Website or Mobile App, including having a valid membership that is purchased and validated through our Website and organizational team.
  • Automatically, as Members interact with our Website, using commonly used information-gathering technologies such as cookies. For additional information about these technologies, see the section below titled “How does DRBF use cookies and similar technologies?“.

How do our Members use personal data?

If a Member chooses to use our Website or Mobile App to conduct business with another Member, any information provided in connection with that interaction will be transferred to, and under the control of, the Member.

Members can interact with other members and conduct business transactions in any way they see fit, but DRBF cannot and does not take responsibility for the privacy practices of Members.

The information practices of our Members are governed by their privacy policies. We encourage Members to review their Members’ privacy policies to understand their practices and procedures.

Does DRBF use personal data collected by our Members?

DRBF does not use personal data of our Members for any purpose other than to provide services that our Members have contracted us to provide through our Website or Mobile App, as noted below, or as required by law.

We process personal data in the following manner:

  • To disclose to our subsidiaries and affiliates for the purpose of providing services to our Members.
  • To disclose to contractors, service providers, and other third parties as reasonably necessary or prudent to provide, maintain and support our Website, such as, for example, payment processors and data center or Web hosting providers. DRBF does not share, sell or trade any information with such third parties for promotional purposes.
  • To deliver the Website and Mobile App that our Members have contracted us to provide. Some examples include:
    • If a Member uses our Website to register for an event, we will use their provided e-mail address to send them information and announcements relating to that event.
    • If a Member uses our Website to pay for event registration fees or other products and services using their credit cards, we will pass the credit card information to payment card processors to validate the payment information and complete the transactions.
  • To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all DRBF’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by DRBF about our Members is among the assets transferred.
  • As we believe to be necessary or appropriate:
    • Under applicable law, including laws outside your country of residence;
    • To respond to requests from public and government authorities including public and government authorities outside your country of residence; and
    • To protect against or identify fraudulent transactions.
  • For other purposes when Members provide explicit consent.

We aggregate and anonymize information about (i) Members, and (ii) the use of our Website and Mobile App in order to improve our digital products and to create benchmark and other business intelligence products. None of the aggregated and anonymized information contain personal data (i.e., does not identify any individual).

What is the legal basis for DRBF to process personal data from the EEA?

For individuals that are from the European Economic Area (EEA), our legal basis for collecting and using their personal information will be our legitimate interest where the processing is in our, or a third party’s, legitimate interests and not overridden by the individual’s data protection interests, or fundamental rights and freedoms. These interests are to provide individuals with access to the Website and Mobile App and features of the Website and Mobile App; to send them information they have requested; to ensure the security of our Website and Mobile App by trying to prevent unauthorised or malicious activities; or, to enforce compliance with our terms of use, contracts and other policies. In some EEA countries, we are relying on consent as a legal basis for using data for marketing purposes.

How long does DRBF store personal data collected by our Customers?

Where we process personal data for legitimate business interests described in the section “Does DRBF use personal data collected by our Members”, unless otherwise provided in our membership with our Member, we process the data until 90 days after the termination of the membership, at which time we remove it from our production environment. Within 13 months, we remove the data from our backup media.

How do you access, correct or delete your information?

In various countries, including countries in the EEA, upon their request, Members have the right to access their personal data and, if necessary, have it amended, deleted or restricted. Members can also ask for some types of personal data to be delivered to them, or another organization they nominate, in a structured and machine-readable format.

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Members also have the right to complain to a supervisory authority for data protection in the country where they live, or where they work – although we hope that we can assist with any queries or concerns you have about our use of your personal data.

DRBF processes Members data under the direction of our Members and has no direct control or ownership of the personal data we process. Members are responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to DRBF for processing purposes. Any Members that seek to access, correct or delete data, should direct their query to DRBF. If the Member requests DRBF to remove the personal data of a Member to comply with data protection regulations, DRBF will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Member about the legal obligations that prevent us from fulfilling the request.

How does DRBF use cookies and similar technologies?

Cookies and Web Beacons

We use cookies or similar automatic data collection technologies as individuals interact with our Website and Mobile App to collect certain information about their equipment, browsing actions and patterns, including:

  • Details of your visits to our Website and Mobile App, such as the date and time you access our Website and Mobile App, length of time you spend on our Website and Mobile App, websites you visited before or after our Website and Mobile App, the resources and content that you access and use on the Website and Mobile App.
  • Information about your computer and internet connection, such as your IP Address, computer type, screen resolution, language, Internet browser type and version.

Below are the technologies we use for automatic data collection. We do not use any of these technologies to collect information from Customer Business Contacts for marketing or advertising purposes.

  • Browser Cookies. A cookie is a small file placed on a computer hard drive. Web browsers can be configured to restrict or entirely block cookies, to configure cookie notification settings and/or to delete cookies already present on the browser or device. Information on how to do this is provided by the web browser’s help/reference section. Limiting or restricting certain types of cookies may prevent a Member from using certain portions of our Website and Mobile App, depending on how the browser settings are configured. For example, event registration cannot be completed successfully if cookies are disabled in the web browser. Unless the browser setting has been adjusted so that it will refuse cookies, our system will issue cookies when the browser interacts with our Website and Mobile App. For more information about cookies and how to disable them, see www.allaboutcookies.org.
  • Session Cookies and Persistent Cookies. A “session” cookie lasts for a single browser session only and is deleted when the user closes the web browser. Session cookies allow website operators to link the actions of a user during a browser session. A “persistent” cookie remains on the user’s device (even while powered off) until it expires or is deleted. A persistent cookie will be reactivated when a user returns to the website which posted the cookie. We use persistent cookies to help customize your web experience when you return to a web page or our website. Neither of these cookies can read or access other cookies or any data from a user’s hard drive. Further, neither of these cookies alone will personally identify a user; however, a cookie will recognize a user’s individual web browser or device through an IP Address, browser version, operating system, and other information, and individuals who log in to their DRBF accounts will be individually identifiable to particular Applications using session cookies.
  • Web Beacons. Pages in our Website and Mobile App and our e-mails will contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs). Web beacons differ from cookies in that the information is not stored on your hard drive, but invisibly embedded on web pages or in an email. Web beacons permit us to track online movements of web users, for example: to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). This enables DRBF to provide a website experience more tailored to our users’ preferences and interests.

At this time, we do not respond to browser ‘do not track’ signals, as we wait for a uniform standard put forth by regulators or the privacy industry. DRBF earnestly considers an individual’s independent right to determine how their personal data is processed and continues to monitor developments in this area.

You can learn about how you can adjust your browser’s settings to limit or disable cookies and other tracking technologies by visiting the section below titled “Third Party Analytics Providers.”

 

Third Party Analytics Providers

We use a third party analytics provider, Google, to collect information about the usage of our Website and Mobile App and enable us to improve how our Website and Mobile App work. The information allows us to see the overall patterns of usage on the Website and Mobile App and helps us record any difficulties you have with the Website and Mobile App. Google Analytics uses cookies and other similar technologies to collect information about the usage of our Website and Mobile App and to report website trends to us, without storing any personal data on external third-party analytics provider platforms. See below for more information, or to opt out of these practices:

How does DRBF process data from Visitors?

Visitor Personal Data Collected

Visitor data is processed the same way that Member data collection is processed.

Does DRBF process information of children under the age of 13?

Our Website and Mobile App is not intended for children under 13 years of age. We do not directly solicit or collect personal data from children under 13. If you are under 13, do not

  1. Use or provide any information on Website and Mobile App or on or through any of its features,
  2. Register to use our Website and Mobile App,
  3. Make any purchases through our Website,
  4. Use any of the interactive or public comment features of our Website and Mobile App or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you will use.

Where does DRBF transfer the data it processes?

EU-U.S. and Swiss-U.S. Privacy Shield

DRBF is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Frameworks to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield Website.

DRBF is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. DRBF complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, DRBF is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, DRBF may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you will be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

How does DRBF secure the data it processes?

We use a variety of organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Information” section below.

How do you contact DRBF or DRBF’s Data Protection Officer?

For details about the DPO’s role or any privacy questions related to DRBF’s Privacy Policy, please contact the DPO at info@drb.org. You should also feel free to contact DRBF regarding details of the implementation of our privacy program at:

DRBF Representative
3440 Toringdon Way, Suite 205
Charlotte, North Carolina 28277
info@drb.org

How does DRBF publicize changes to its Privacy Policy?

We will update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by means of a notice on this website thirty (30) days prior to the changes becoming effective, or by email (sent to the e-mail address specified in your account) seven (7) days prior to the changes becoming effective. However, any changes to the Privacy Policy are effective immediately upon publication for new Visitors and Members. We encourage you to periodically review this page for the latest information on our privacy practices.