CCA Privacy and Data Protection Policy
Effective date: 5/25/2018
As an industry association, we proudly advocate for carriers and other stakeholder organizations. As we engage in this advocacy, we need to gather information about the individuals who participate in CCA activities on behalf of our member organizations, as well as information about other individuals who use CCA resources and services. Here, we explain how we treat information we gather from such individuals.
What information does CCA collect through its online services?
We gather several types of information from individuals who use our websites, mobile apps, and other online services (“visitors”). We gather “personal data,” which is information that identifies visitors or can reasonably be linked to a particular person, as well as “non-personal data,” which cannot reasonably be linked to a particular person.
We gather some information that directly identifies visitors automatically when a visitor comes our way, such as visitor’s IP address or a unique device identifier. We get other personal data – like name, business address, and business email address – when visitors or representatives of member organizations give it to us through our online services, over the phone, in person, or when registering for CCA events and services.
We may associate additional information with individual visitors or member organization representatives, such as information about an individual’s attendance at CCA events, use of CCA resources and correspondence, employment information, and communications preferences.
Can other companies collect information from visitors?
In many cases, yes. We work with partner companies to assist in running certain aspects of our online services. For example, we work with other companies to process credit card transactions and for assistance with event sign-up. These partners may collect personal data directly from visitors, after agreeing to meet data protection standards that meet or exceed this policy.
How does CCA use personal data?
We use personal data to run our organization and serve our members. We use contact information we have gathered to, for example, respond to member and visitor inquiries, provide information about CCA events and services to the email addresses provided by member organizations, and provide information about important public policy issues affecting our members.
We use website analytics and application monitoring tools to improve our website and other online services, and to help us figure out ways to improve our events and services.
Does CCA share personal data?
We share personal data under these circumstances:
• We may share the contact information for members’ representatives with CCA members and CCA event participants and vendors.
• We provide CCA event participants with the option of having their contact information shared with other event participants.
• We may share personal data with CCA affiliates, subsidiaries, contractors, and agents who help us run our organization and serve our members, subject to their agreement to meet data protection standards that meet or exceed this policy.
• We share personal data as required by law, such as to comply with a subpoena, warrant, or similar legal process.
• We may share personal data in an emergency where we believe that such disclosure is necessary to protect public or individual safety.
We seek consent before sharing personal data under other circumstances, unless prohibited by law.
What rights do individuals have with respect to personal data in CCA’s possession?
If CCA has personal data about a visitor or member’s representative, he or she may have the right to:
• request information about processing of his or her own personal data
• object to or withdraw consent for the continued processing of personal data
• request erasure or correction of personal data
• request that CCA provide personal data in a portable form.
Visitors should contact firstname.lastname@example.org with any such request.
How does CCA use non-personal data?
CCA uses non-personal data for a variety of purposes. For example, it may use anonymous non-personal data to improve its website, understand its visitors’ business needs, and administer its websites and online services. CCA reserves the right to use and disclose non-personal data for any lawful purpose.
Are children welcome to use CCA websites or online services?
CCA websites and online services may not be used by children under the age of 16. We do not knowingly collect information from children under the age of 16 through our website or online services. If a parent or guardian becomes aware that his or her child has provided us with personal data through our website or online services, please contact us at email@example.com. We will remove such personal data from our files within a reasonable time.
Do CCA’s websites recognize Do Not Track signals?
What steps does CCA take to protect personal data?
CCA implements and continually updates reasonable physical, technical, and organizational measures designed to secure personal data from unauthorized access, use, alteration, or disclosure and from accidental loss or corruption. CCA uses reasonable security measures on all of its websites and online services, as well as on the servers, equipment, and CCA-run networks used to store and process personal data. However, no security system can guarantee absolute security. Should CCA discover a breach involving visitors’ personal data, it will notify affected visitors as required by law.
How will CCA change this policy?
The most up-to-date version will be accessible through our website and made available to our members. If we make changes that may result in personal data being processed in a manner not covered by this version of our privacy and data protection policy, we will alert visitors and other affected individuals in a reasonably prominent manner before changes go into effect.
How can visitors or members ask a question or make a complaint?
Please feel to contact us with any questions or concerns.
Individuals located in the European Union, Switzerland, or the United Kingdom have a right to lodge a complaint about CCA data protection policies or practices with the data protection supervisory authority in their country of habitual residence. Contact information for EU data protection authorities is located here. Individuals located in other nations may have similar rights to lodge a complaint with their own local authorities.