Effective: 30 November 2018
This Privacy and Data Processing Policy reflects the International Trade Council, Quality in Business Certification Program, global privacy practices and standards as of the effective date.
Who We Are
For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the Data Controller is the International Trade Council registered in the District of Columbia USA with a registered address at 712 H Street, Washington, DC, 20002.
Our Chief Data Protection Officer, Melanie Walker, is responsible for overseeing questions in relation to this Notice for the purposes of the GDPR. The Data Protection Officer may be contacted at the above mailing address, via email (firstname.lastname@example.org) or phone: +! 202 869 0988.
How to Contact Us
If you have any questions or concerns about this Notice, please contact us using the Contact Us section on our Site.
Alternatively, you can contact us by phone at +1 202 869 0988, by sending an email to email@example.com or by mail to 712H Street, Washington, DC, 20002.
How We Collect Personal Data
Personal Data that you give us
We may collect and process the following Personal Data:
- Contact information, which you provide when corresponding with us by phone, e-mail or otherwise. This includes information you provide when you participate in surveys, online training, webinars, seminars, discussion boards or other social media functions on our Site and when you report a problem with our Site. The information you give us may include your name, address, e-mail address, phone number, financial information and/or credit card information.
- Membership information, about your International Trade Council membership including your name, contact details such as address, phone number and email address (business or personal), age, job title, year of admission and any other information related to your membership. Membership information may be provided by you during the registration process, or by your employer on your behalf.
- Organizational information. During the Certification Application process we collect information about your organization, to enable us to determine our capability to deliver Accredited Certification. During the auditing process we are required to record the name, position, email, phone number, mobile number and experience, a people holding various job titles and those with access to various documents within your organization.
- Due payment information, including financial information such as credit/debit card and account numbers used to register or renew your Certification.
- Purchase information, relating to purchases made by members and non-members of Certification services, reports, advertising or newsletter subscriptions either in-person or via our Site. Purchase information will include financial information as well as information concerning the content and time of the purchase.
- Your specific interests and expertise in areas related to your business, both for the purpose of Certifying your organization and so that you may be invited to contribute to the work of relevant Committees, Study Groups, and so that we have a picture of the range of areas of interest our members share.
- Your membership of any Chambers of Commerce, Business Committees & Study Groups. This allows your name to appear on the relevant list on this website and in published Certification Reports.
- We keep financial records relating to the renewal of your Certification (direct debit mandates, credit card slips). These records are kept for a limited period of 7 years to conform with financial regulations and are shared with third parties as necessary for the collection of fees (currently Stripe.com, Payoneer and PayPal). No sensitive card or bank payment details are stored in our database.
- We may also publish member’s company names with website links, feedback and testimonials on the Website. To remove your details please email firstname.lastname@example.org.
Personal data we collect from you
With regard to each of your visits to the Site we will automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Information about your visit, including pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number; and
- Location information
Personal Data we collect from others
We may receive information about you from publicly available and third-party databases or services that provide information about business people that we believe will help us verify information you provided when completing the Certification process. We also use this identify provide products and services that may be of interest to you. We will obtain your consent before contacting you if required by the law of the country in which you are located.
We collect information that is sent to us automatically by your web browser and we may use this information to generate aggregate statistics about visitors to our Site, including, without limitation:
- IP addresses
- Browser type and plug-in details
- Device type (e.g., desktop, laptop, tablet, phone, etc.)
- Operating system
- Local time zone
We may use non-Personal Data for various business purposes such as providing customer service, fraud prevention, market research, and improving our Site. Please check your web browser if you want to learn what information your browser sends or how to change your settings.
Data we do not collect
This site does not collect or process the below forms of sensitive data unless required by law, such as in the event of a court case.
- Race or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union memberships
- Genetic or biometric data
- Health or mortality
- Sex life or sexual orientation
How we use your Personal Data
We will only process your Personal Data, including sharing it with third parties, where (1) you have provided your consent which can be withdrawn at any time, (2) the processing is necessary for the performance of a contract to which you are a party, (3) we are required by law, (4) processing is required to protect your vital interests or those of another person, or (5) processing is necessary for the purposes of our legitimate commercial interests, except where such interests are overridden by your rights and interests. Due to the necessity to be able to verify personal data for Certification purposes, should you withdraw consent to process your Personal Data your organizations Certification may be subsequently terminated at our discretion.
Personal information disclosure
We sometimes use other companies to capture personal information or undertake fulfilment services on our behalf, these activities are carried out under contract and in compliance with the Data Protection Act.
Personal Data that you give us
We may use Personal Data that you provide directly to us for the following purposes:
- to carry out our obligations arising from your Membership or Certification, or any other contract entered into between you and us and to provide you with the Certification, information, products and membership services that you request from us;
- to verify statements made to us in your application for Certification;
- to organize training and/or events that you have purchased or registered for, and to provide you with information, and other materials, relating to the content of the event, the speakers, sponsors and other attendees;
- to provide our newsletter and other publications, provided you have given your consent;
- to respond to your questions and provide related membership and/or Certification services;
- to provide you with information about other events, products and services we offer that are similar to those that you have already purchased, provided you have not opted-out of receiving that information;
- to provide you, or permit selected third parties to provide you, with information about events, products or services we feel may interest you, provided you have given your consent;
- to notify you about changes to our membership service; and
- to ensure that content from our Site is presented most effectively for you and your computer.
Information we collect about you
We will use Personal Data that we have collected about your use of our Site:
- to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Site to ensure that content is presented most effectively for you and your computer;
as part of our efforts to keep our Site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them.
Personal Data we receive from other sources
We will combine this information with information you give to us and information we collect about you. We will use this information and the combined Personal Data for the purposes set out above (depending on the types of information we receive).
When we share and who can access your Personal Data
We may share your Personal Data for the purposes described in this Notice with:
- a member of the International Trade Council
- any person or organization verifying the status of your Certification
- partners, suppliers and sub-contractors, for the performance of obligations arising from your Certification, or any other contract we enter into with them or you or to provide you with the information, products and membership services that you request from us
analytics and search engine providers (e.g., Google & WordPress) that assist us in the improvement and optimization of our Site
trusted third-party companies and individuals to help us provide, analyze, and improve the Site, Certification services and our membership services (including but not limited to data storage, maintenance services, database management, web analytics and payment processing). Examples include Higher Logic for online communities, Informz and Bulletin Media for email distribution, Nimble AMS for database management and payment processing.
- We will only transfer your Personal Data to trusted third-parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
Selling your Personal Data
We will never sell your Personal Data to third parties without your opt-in consent.
Although we use security measures to help protect your Personal Data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of information transmitted to us over the internet.
- All information you provide to us is stored on secure servers.
- Any payment transactions will be encrypted using SSL technology.
Transfer of Personal Data outside of the European Economic Area (“EEA”) and International Users
We are headquartered in the United States. Your Personal Data may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If you are visiting our Site from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated. By using our Service, you consent to any transfer of this information.
How Long We Store your Personal Data
We will store your Personal Data, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Data is processed. We may retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it. Consistent with these requirements, we will try to delete your Personal Data quickly upon request.
We will retain your information for as long as your account is active or as needed to provide you with our Site. If you wish to cancel your account or request that we no longer use your information to provide you service, contact us at email@example.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We maintain one or more databases to store your Personal Data and may keep such information indefinitely.
Where we store your personal data
The Personal Data that you provide to us is generally stored on cloud based servers. If you are located in another jurisdiction, you should be aware that once your Personal Data is submitted through our Site, it will be transferred to our servers and that the United States currently does not have uniform data protection laws in place
Any communication or material transmitted by, or from us via the Website or e-mail is transmitted on a non-confidential basis. E-mails sent and received are scanned for viruses using the latest virus software.
Third-party advertisers may also create and access cookies, which will be subject to their privacy policies – we accept no responsibility or liability for the use of such third parties’ cookies. If you do not wish cookies to be placed on your PC or handheld device, then they can be disabled in your web browser. The option to do so is normally found in your browser’s “security settings” section. Please note that permanently disabling cookies in your browser may hinder your use of our Websites as well as other websites and interactive services.
Our Sites are not directed to children under the age of 18, if you are not 18 years or older, do not use our Site. We do not knowingly collect Personal Data from children under the age of 18. If we learn that Personal Data of persons less than 18 years-of-age has been collected through our Site, we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child or a minor under the age of 18 has posted, submitted or otherwise communicated Personal Data to our Site without your consent, then you may alert us at firstname.lastname@example.org so that we may take appropriate action to remove the minor’s Personal Data from our systems.
Correction and removal
If any of the information that we have about you is incorrect, or you wish to have information (including Personal Data) removed from our records, you may do so by contacting us at email@example.com.
Additionally, if you prefer not to receive marketing messages from us, please let us know by clicking on the unsubscribe link within any marketing message that you receive or by sending a message to us at firstname.lastname@example.org.
Your European Rights
FOR EUROPEAN RESIDENTS ONLY. You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you (before collecting your Personal Data) if we intend to use your Personal Data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Data. You can also exercise the right by contacting us using the Contact Us section on our Site.
Under European data protection law, in certain circumstances, you have the right to:
- Request access to your Personal Data. You may have the right to request access to any Personal Data we hold about you as well as related information, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, and the source of the Personal Data.
- Request correction of your Personal Data. You may have the right to obtain without undue delay the rectification of any inaccurate Personal Data we hold about you.
- Request erasure of your Personal Data. You may have the right to request that Personal Data held about you is deleted.
Object to processing of your Personal Data. You may have the right to prevent or restrict processing of your Personal Data.
- Request restriction of processing your Personal Data Request transfer of your Personal Data. You may have the right to request transfer of Personal Data directly to a third party where this is technically feasible.
- Withdraw your consent
- In addition, where you believe that the International Trade Council has not complied with its obligations under this Notice or European law, you have the right to make a complaint to an EU Data Protection Authority, such as the UK Information Commissioner’s Office.
You can exercise any of these rights by contacting us using the Contact Us section on our Site.
Your Californian Rights
FOR RESIDENTS OF CALIFORNIA ONLY. Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your Personal Data with third parties. If you reside in California and have provided your Personal Data to the International Trade Council, you may request information about our disclosures of certain categories of Personal data to third parties for direct marketing purposes. Such requests must be submitted to us at one of the following addresses:
International Trade Council
Attn: California Privacy Rights
712 H Street NE. Washington DC. 20002
Links to Other Websites
This Policy applies only to International Trade Council, Quality in Business, certification, practices, technologies, and services. Council online properties may include links to websites and online services that are operated by other companies not under the control or direction of the International Trade Council. If you provide or submit personal information to those websites or online services, the privacy policies on those websites or online services apply to your personal information. The Council encourages you to carefully read the privacy policies of any website you visit.
Changes to this Policy
We may make changes to this Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. Any changes we make to the Policy in the future will be posted on this page, and where we change this Policy in ways that also affect how we process personal information about you, where appropriate, we will notify you directly via email or other direct contact with you, and we also will post a notice on our home page that this Policy has changed.