NASCIO’s Guiding Principles for Privacy Protection

NASCIO’s Guiding Principles for Privacy Protection

At NASCIO, we are committed to protecting the privacy of our association members, business partners, and others who choose to share personally-identifiable information (PII) with us in the normal course of business. In order to effectively protect the PII that is entrusted to us, we understand and recognize that we must address all modes of information that is captured, whether in written or electronic form. NASCIO’s privacy policy addresses the personal data (i.e. information that could identify you) we collect, how we use that information, and how we aim to protect the information you choose to share with us. Our privacy policy is guided by the following principles:

  • The security of your information is of the utmost importance to us.
  • We limit the collection of personal data to what is volunteered and what is required for legitimate business purposes.
  • We only use your data for the purposes with which it was collected.
  • We do not sell personal data to third parties for profit.

NASCIO Privacy Policy

  • Collection of Personal Data that You Choose to Share with NASCIO:NASCIO collects information from our association members, business partners, and others who choose to share their information with us. Typically, personal data is collected when you sign up for a webinar, register for a conference, sign up for newsletters or otherwise request a product or service offered by NASCIO. Personal data that is collected could include: name, email, company name, job title, phone numbers, dietary requirements and/or physical accommodations. We may also ask you for credit card information or similar financial information if you are seeking a paid-service like registering for our conferences.
  • How NASCIO Uses Your Personal Data: By accessing NASCIO online, you are accepting our privacy policy and agreeing to its terms. It also means that you agree not to hold NASCIO or its staff responsible for any legal claims, damages, or expenses that may arise from your use of NASCIO resources or your breach of our privacy policy.

NASCIO does NOT sell your personal data nor do we sell web analytics information to third parties. When we use third parties who provide certain services (e.g. conference and webinar registration, communications) to help us meet business operation needs, we may have to share your data with them. Member data can be located on-premise or off-premise or on cloud services hosted by third parties. We do not link data collected from the web to individuals unless it is for a legitimate business purpose and/or necessary to protect the NASCIO website from compromise.

As a federal grant recipient, NASCIO may be required to report on the number and types of organization that download federal grant-related products. We may also be required to disclose your personal data in the unlikely event that it is required by law or court order.

NASCIO does use session cookies and persistent cookies to offer a better user experience. Users of the NASCIO website and online offerings have to agree to our privacy policy before accessing our material. Details on cookies are below:

  • What is a Cookie: Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information. For example, cookies can store your session information for easy log-in to a website or platform, or your language or other preferences and may allow websites to record your browsing activities (e.g. number of page views, number of visitors).
  • Session Cookies: NASCIO uses session cookies, which stay on your computer until you close your internet browser. This information is aggregated and used for web analytics purposes only to ensure that NASCIO’s website is relevant for members and other visitors. Information collected may include the following:
    • Source site (the site from which a user traveled to the NASCIO website, such as a search engine or link from another website)
    • Aggregate information about which pages are visited the most
    • Browser and operating system used, and
    • Home country of the visitor.
  • Persistent Cookies: NASCIO uses persistent cookies that are only stored on our server to log website visitors’ IP addresses. We do this to improve the experience of members who choose to authenticate themselves via a username and password to our website. We then link the IP address to the username and password of those members.
  • NASCIO Community: NASCIO members and invited guests have the option of joining the NASCIO Community which enables you to interact with other NASCIO members online. NASCIO members who choose to use the NASCIO Community are prohibited from abusing the directory function and must not share the personal data of others on the NASCIO Community without their consent. The NASCIO Community platform is supported by our third-party contractor, Higher Logic. In addition to NASCIO’s privacy policy, Higher Logic’s privacy policy also applies when members choose to use the NASCIO Community platform.
  • How NASCIO Aims to Secure Your Personal Data: We try to only collect information that is necessary to better serve our members, business partners, and those that use our online resources. When you are no longer a NASCIO member or business partner, please let us know so that we may dispose of your information to prevent any mishandling. We regularly review our privacy policy, provide privacy protection training to our staff, and use technical protections (e.g. https:// for website traffic, firewall, anti-spam, anti-virus, anti-spyware) to ensure the privacy of those that choose to share their personal data with us.
  • NASCIO Guidance on Sharing Your Personal Data: NASCIO discourages you from sending us sensitive personal information such as financial information or Social Security Numbers via email. If there is a need for such information, we will request it in a way that minimizes the risk of identity theft and fraud.
  • EU Data Subjects: This section applies to individuals located in the European Union.
  • Data Controller. NASCIO is the data controller for the processing of your Personal Data. When using the NASCIO Community, Higher Logic is the Data Controller.
  • Your Rights. Subject to applicable law, you have the following rights in relation to your Personal Data:
    • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
    • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
    • Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
    • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
    • Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
    • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
      • If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or
      • If we are processing your Personal Data for direct marketing.
    • Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
    • Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
    • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
  • You may exercise your rights by contacting us as indicated under “Contact Us” section below.
  • Point of Contact: For questions about this policy or to raise a concern, please contact NASCIO Executive Director, Doug Robinson, at [email protected]or by calling us at 859.514.9150.