GDPR Privacy Statement
Specific Disclosures for the European Economic Area
This section applies to data processing activities of data subjects residing in the European Economic Area well as regardless of residence, to the processing of any Personal Data in the European Economic Area.
- “Personal Data;’ for purposes of this section, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, and location data. an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- “Sensitive Personal Data” or “Special Categories of Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
- “Services” means any of our products, services, or deliverables. including accreditation services and the visitor and other informational services offered by NEASC on our Site. All other terms shall have the meaning as defined in this Privacy Policy. For purposes of clarification, and not limitation, the term “Services” explicitly excludes any services provided by Site Vendors and/or Linked Sites as defined in this Privacy Policy.
- “Site” means any website operated and controlled by us.
We may process certain Personal Data in order to maintain and provide the Services to our members, such as names. addresses. email addresses, and other contact information for designated member representatives or personnel (“Member Relationship Data”). In addition, we may send marketing materials or communications to potential or existing members or customers (“Marketing Activities”). For purposes of Member Relationship Data and Marketing Activities, we function as a “controller.” Our disclosures with respect to our processing of personal data as a controller are set forth in this section.
1. What types of personal data do we collect?
We collect personal identification information including: (i) name; (ii) email address, (iii) mailing address, (iv) phone number, (v) gender, (vi) work experience, (vii) school name, (viii) passport country (ix) race, and (x) ethnicity. Further, NEASC may also collect criminal background information for NEASC member school visitors.
2. How we collect and use personal data
We describe how we collect and use Personal Data in the “Personal Information We Collect” section of our Privacy Policy. This section is expressly incorporated by reference herein.
3. How we disclose personal data
Our disclosure is limited to circumstances where we are permitted to do so under applicable European and national data protection laws and regulations. A list of companies with whom we share Personal Data Includes, but is not limited to:
- MailChimp. MailChimp is a marketing automation platform. We may share certain Personal Data, such as your name and email address. with MailChimp in order to distribute marketing materials to our Members and to manage our Member email lists.
RegFox, and Sched. RegFox, and Sched are event management software platforms. We may share certain Personal Data, such as your name, email address, and other contact information, with either in order to manage Company events, including for event registration, generating and distributing invitations, and event reminders.
4. Legal basis for processing
In some cases, we will ask for your consent so that we may process your Personal Data. However, in certain circumstances, applicable data protection laws allow us to process your Personal Data without needing to obtain your consent.
4.1 Consent for processing sensitive personal data
We may process Sensitive Personal Data that you have provided to us voluntarily in order to improve the Services we provide to you. We obtain your explicit consent to process your Sensitive Personal Data where required by law, including where we use and/or disclose your Sensitive Personal Data in connection with the provision of Services. In certain limited circumstances. we may process or otherwise disclose your Sensitive Personal Data without your consent to protect the vital interests of you or of another person where the data subject Is physically or legally incapable of giving consent, or where it is necessary to establish, exercise. or defend legal claims, including to comply with law enforcement or other legal or judicial orders or requests for such purposes.
Specifically, through our Site and accreditation forms, we may collect the following kinds of sensitive personal data:
- Racial Identity
- Ethnicity
4.2 Processing personal data where consent not required
In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your non-Sensitive Personal Data. including:
For the performance of a contract.
To perform our contractual obligations to you, including our fulfilling orders or purchases you have made, contacting you in relation to any issues with your order or use of our Services, in relation to the provision of our Services, or where we need to provide your Personal Data to our service providers related to the provision of the Services, including for account activation and management.
To comply with legal obligations.
To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
To protect data subjects’ vital Interests.
To protect the vital interests of you or of another person.
Legitimate Interests.
To operate our business and provide our Services (other than in performing our contractual obligations to you) for our “legitimate interests” and for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may Include:
- To communicate with you regarding the Services, including to provide you important notice regarding changes to our Terms to communicate with you and administer the accreditation services, and to address and respond to your requests, inquiries, and complaints.
- For our direct marketing purposes.
- To send you surveys in connection with our Services.
- To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.
- To develop, provide, and improve our Services.
- To enforce our Terms and Conditions, License Agreements, or this Privacy Notice or agreements with third parties.
4.3 Consent for processing
In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:
Marketing
Where we are not relying on our legitimate interests or another legal basis for processing Personal Data, we may ask for your consent for NEASC or our partners or vendors to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or Services which we think may be of interest to you and for other marketing purposes.
Use of Cookies
Our Site may use cookies and similar technologies for functionality and performance, to improve user experience, for analytics. and marketing. In those jurisdictions that require it, we allow the data subject to give explicit permission or to deny the use of certain categories of cookies.
A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to track Personal Data previously entered by a web user on our Site. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and similar information.
Cookies, as well as other tracking technologies, such as HTML local storage, and Local Shared Objects (such as “Flash” cookies), and similar mechanisms, may record information such as a unique identifier, information you enter in a form, IP address, and other categories of data.
We may also use web beacons or “pixels; and in certain circumstances may collect IP address, screen resolution and browser software, and operating system types, clickstream patterns, dates and times that our Site is accessed, and other categories of data.
If you want to block the use and saving of cookies from the Site on to the computer’s hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Site and its external serving vendors. Please note that if you choose to erase or block your cookies, certain parts of our Site may not function correctly. For information on how to disable cookies, refer to your browser’s documentation.
5. Withdrawing your consent
Where consent is the basis of processing, you may at any time withdraw the consent you provide for the processing of your Personal Data, provided that we are not required by applicable law or professional standards to retain such information, by contacting us:
Attention: Evan Morse, COO
Malling address: NEASC, 1115 Westford Street, Third Floor, Lowell, MA, 01851 USA
If you want to stop receiving future marketing messages and materials. you can do so by clicking the “unsubscribe” link included in our email marketing messages or by contacting us:
Attention: Communications
Malling address: NEASC, 1115 Westford Street, Third Floor, Lowell, MA, 01851 USA
6. Data subject rights
The European Union’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the UK, provide EEA, and UK residents with certain rights in connection with personal information you have shared with us. If you are resident in the EEA, or UK, you have the following rights:
6.1 The right to be informed. You are entitled to be informed of the use of your personal information. This Privacy Policy provides such information to you.
6.2 The right of access. You have the right to request a copy of your personal information which we hold about you.
6.3 The right of correction. You have the right to request correction of or changes to your personal information if it is found to be inaccurate or out of date.
6.4 The right to be forgotten. You have the right to request us, at any time, to delete your personal information from our servers and to erase your personal information when it is no longer necessary for us to retain such data. Note, however, that deletion of your personal information will likely impact your ability to use our services.
6.5 The right to object (opt-out). You have the right to opt-out of certain uses of your personal information, such as direct marketing, at any time.
6.6 The right to data portability. You have the right to a “portable” copy of your personal information that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your personal information stored on our servers / IT environment to another service provider’s servers / IT environment.
6.7 The right to refuse to be subjected to automated decision making, including profiling. You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
6.8 The right to lodge a complaint with a supervisory authority. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en… exercise your rights with respect to your Personal Data. Please contact us at:
Attention: Evan Morse, COO
Malling address: NEASC. 1115 Westford Street, Third Floor. Lowell, MA, 01851 USA
As permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion. Furthermore, where permissible, we may charge for this service. We will respond to reasonable requests as soon as practicable and as required by law.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process personal information about you in order to provide our services or our Site, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
We endeavor to respond to a verifiable consumer request within 30 days of its receipt consistent with applicable law. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
7. Cross-Border Transfer of Personal Information
NEASC transfers data internationally. If you use our services, you understand that we may transfer your personal information outside the United Kingdom (UK) or the European Economic Area (EEA), including to the United States and other countries that do not have the same level of protection for personal information. When we do this, we will ensure that the personal information has the appropriate level of protection and that any such transfers comply with safeguards as required by relevant law. These safeguards include agreeing to standard contractual clauses or model clauses for transfers of personal information among suppliers and affiliates. We may also rely on your explicit consent to conduct the transfer.
8. De-identified or anonymized data
We may create de-identified or anonymous data from Personal Data by removing data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation through other means. Our use of anonymized data is not subject to this Privacy Policy.
9. Data retention
We will retain your Personal Data for as long as you maintain an account or association membership or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
10. Contact us
For questions regarding this Privacy Policy, please contact us:
Attention: Evan Morse, COO
Malling address: NEASC, 1115 Westford Street, Third Floor, Lowell, MA, 01851 USA
Revised: [August 2025]