Home / About NEASC / Policies / GDPR Privacy Statement

GDPR Privacy Statement

Specific Disclosures for the European Economic Area

This section applies to data processing activities of data subjects residing in the European Economic Area as well as, regardless of residence, to the processing of any Personal Data in the European Economic Area.
 

  • “Personal Data,” for purposes of this section, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • “Sensitive Personal Data” or “Special Categories of Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

  • “Services” means any of our products, services, or deliverables, including accreditation services and the visitor and other informational services offered by NEASC on our Site. All other terms shall have the meaning as defined in this Privacy Policy. For purposes of clarification, and not limitation, the term “Services” explicitly excludes any services provided by Site Vendors and/or Linked Sites as defined in this Privacy Policy.

  • “Site” means any website operated and controlled by us.

We may process certain Personal Data in order to maintain and provide the Services to our members, such as names, addresses, email addresses, and other contact information for designated member representatives or personnel (“Member Relationship Data”). In addition, we may send marketing materials or communications to potential or existing members or customers (“Marketing Activities”). For purposes of Member Relationship Data and Marketing Activities, we function as a “controller.” Our disclosures with respect to our processing of personal data as a controller are set forth in this section.
 

1. HOW WE COLLECT AND USE PERSONAL DATA

We describe how we collect and use Personal Data in the “Personally Identifiable Information We Collect” section of our Privacy Policy. This section is expressly incorporated by reference herein.
 

2. HOW WE DISCLOSE PERSONAL DATA

Our disclosure is limited to circumstances where we are permitted to do so under applicable European and national data protection laws and regulations. A list of companies with whom we share Personal Data includes, but is not limited to:
 

  • MailChimp. MailChimp is a marketing automation platform. We may share certain Personal Data, such as your name and email address, with MailChimp in order to distribute marketing materials to our Members and to manage our Member email lists.
  • Cvent. Cvent is an event management software platform. We may share certain Personal Data, such as your name, email address, and other contact information, with Cvent in order to manage Company events, including for [event registration], generating and distributing invitations, and event reminders.
     

3. LEGAL BASIS FOR PROCESSING

In some cases, we will ask for your consent so that we may process your Personal Data. However, in certain circumstances, applicable data protection laws allow us to process your Personal Data without needing to obtain your consent.

3.1 CONSENT FOR PROCESSING SENSITIVE PERSONAL DATA

We may process Sensitive Personal Data that you have provided to us voluntarily in order to improve the Services we provide to you. This processing may include disclosing your Sensitive Personal Data to third parties in order to carry out our Services. We obtain your explicit consent to process your Sensitive Personal Data where required by law, including where we use and/or disclose your Sensitive Personal Data in connection with the provision of Services. In certain limited circumstances, we may process or otherwise disclose your Sensitive Personal Data without your consent to protect the vital interests of you or of another person where the data subject is physically or legally incapable of giving consent, or where it is necessary to establish, exercise, or defend legal claims, including to comply with law enforcement or other legal or judicial orders or requests for such purposes.

3.2 PROCESSING PERSONAL DATA WHERE CONSENT NOT REQUIRED

In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your non-Sensitive Personal Data, including:

For the performance of a contract.
To perform our contractual obligations to you, including our fulfilling orders or purchases you have made, contacting you in relation to any issues with your order or use of our Services, in relation to the provision of our Services, or where we need to provide your Personal Data to our service providers related to the provision of the Services, including for account activation and management.

To comply with legal obligations.
To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.

To protect data subjects’ vital interests.
To protect the vital interests of you or of another person.

Legitimate Interests.
To operate our business and provide our Services (other than in performing our contractual obligations to you) for our “legitimate interests” and for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:

  • To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms, to communicate with you and administer the accreditation services, and to address and respond to your requests, inquiries, and complaints.
     
  • For our direct marketing purposes.
     
  • To send you surveys in connection with our Services.
     
  • To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.
     
  • To develop, provide, and improve our Services.
     
  • To enforce our Terms and Conditions, License Agreements, or this Privacy Notice, or agreements with third parties.
     

3.3 CONSENT FOR PROCESSING

In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:

Marketing
Where we are not relying on our legitimate interests or another legal basis for processing Personal Data, we may ask for your consent for NEASC or our partners or vendors to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or Services which we think may be of interest to you and for other marketing purposes.

Use of Cookies
Our Site may use cookies and similar technologies for functionality and performance, to improve user experience, for analytics, and marketing. In those jurisdictions that require it, we allow the data subject to give explicit permission or to deny the use of certain categories of cookies.

A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to track Personal Data previously entered by a web user on our Site. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and similar information.

Cookies, as well as other tracking technologies, such as HTML5 local storage, and Local Shared Objects (such as “Flash” cookies), and similar mechanisms, may record information such as a unique identifier, information you enter in a form, IP address, and other categories of data.

We may also use web beacons or “pixels,” and in certain circumstances, may collect IP address, screen resolution and browser software, and operating system types, clickstream patterns, dates and times that our Site is accessed, and other categories of data.

If you want to block the use and saving of cookies from the Site on to the computer’s hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Site and its external serving vendors. Please note that if you choose to erase or block your cookies, certain parts of our Site may not function correctly. For information on how to disable cookies, refer to your browser’s documentation.
 

4. WITHDRAWING YOUR CONSENT

Where consent is the basis of processing, you may at any time withdraw the consent you provide for the processing of your Personal Data by contacting us at:

New England Association of Schools and Colleges, Inc.
3 Burlington Woods Drive, Suite 100
Burlington, Massachusetts 01803
Attn: Director of IT

provided that we are not required by applicable law or professional standards to retain such information.

If you want to stop receiving future marketing messages and materials, you can do so by clicking the “unsubscribe” link included in our email marketing messages or by contacting us at:

New England Association of Schools and Colleges, Inc.
3 Burlington Woods Drive, Suite 100
Burlington, Massachusetts 01803
Attn: Communications Coordinator
 

5. DATA SUBJECT RIGHTS

You have the right in certain circumstances to request confirmation from us as to whether or not we are processing your Personal Data. Where we are processing your Personal Data, you also have the right to request access to, modification of, or deletion of such Personal Data.

You also have the right in certain circumstances to receive the Personal Data concerning you that you provided to us, to restrict processing of your Personal Data, or to transmit such data to another controller.

To exercise your rights with respect to your Personal Data, please contact us at

New England Association of Schools and Colleges, Inc.
3 Burlington Woods Drive, Suite 100
Burlington, Massachusetts 01803
Attn: Director of IT

As permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion. Furthermore, where permissible, we may charge for this service. We will respond to reasonable requests as soon as practicable and as required by law.
 

6. DE-IDENTIFIED OR ANONYMIZED DATA

We may create de-identified or anonymous data from Personal Data by removing data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation or through other means. Our use of anonymized data is not subject to this Privacy Policy.
 

7. DATA RETENTION

We will retain your Personal Data for as long as long as you maintain an account or subscription agreement or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
 

8. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

You may have a right to lodge a complaint with a supervisory authority.
 

9. CONTACT US

For questions regarding this Privacy Policy, please contact us at:

New England Association of Schools and Colleges, Inc.
3 Burlington Woods Drive, Suite 100
Burlington, Massachusetts 01803
Attn: Director of IT

 

Revised: June 2018

#57811279_v3

[ back to top ]