The Risk Management Association Privacy Statement
Updated as of August 9, 2024
The Risk Management Association and its affiliates (collectively “RMA”, “we”, “our”, or “us”) is committed to protecting your privacy. This privacy policy, available online at https://www.rmahq.org/privacy-policy/, and as updated from time to time (“Privacy Policy”) describes how RMA collects, uses, and shares your information when you use and interact with us, our Website, and our Services and applies to all persons who use our Services (“Users”, “you”, or “your”). Our Privacy Policy governs your access to and use of all RMA operated and controlled websites including, but not limited to, www.rmahq.org (the “Website”), and all other online services provided by RMA (collectively, the “Services”). Where we have entered an agreement with a customer which further restricts our use, disclosure, etc., such agreement will control to the extent of any conflict with this Privacy Policy.
Acknowledgement and Consent
By visiting our Website or using our Services in any manner, you acknowledge that you accept the terms, practices and policies described in this Privacy Policy (and as updated from time to time), and you hereby consent that we may collect, use, and share your information as described herein. If you do not agree with our policies and practices, your choice is not to use our Website or our Services.
If you have questions about RMA’s Privacy Policy or practices, or if you need to contact us about the information we collect about you, our contact information is at the end of this Privacy Policy.
Applicability and Eligibility
Applicability.
This Privacy Policy applies only to the Services, and RMA’s collection, use, disclosure, and protection of your Personal Data. It does not apply to third party websites, applications, or services.
Before accessing, using, or interacting with the Services you should carefully review the terms and conditions of this Privacy Policy.
Eligibility to Use the Services.
The Services are not directed to children under the age of 18. You may not use the Services if you are under the age of 18. We do not knowingly collect, solicit or maintain Personal Data from anyone under the age of 18 or knowingly allow such persons to register for our Services. If you are under 18, please do not send any Personal Data about yourself (such as your name, address, telephone number, or email address) to us. In the event that we learn that we have collected Personal Data from a child under age 18 without verification of parental consent, we will use commercially reasonable efforts to delete that information from our database. Please contact us if you have any concerns.
Information Collection and Use
This Privacy Policy covers our treatment of personally identifiable information. “Personal Data” means any unencrypted or non-deidentified information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular person such as, but not limited to, your name, mailing address, email address, telephone number, etc. Please see additional information below on the particular information we may collect.
Personal Data does not include your Personal Data that has been deidentified, pseudonymized, anonymized, aggregated, and/or otherwise processed so as to be unidentifiable in such a way that the data can no longer be attributed to a specific individual (by reasonable means) without the use of additional information, and where such additional information is kept separate and under adequate security to prevent unauthorized re-identification of a specific individual such that one could not, using reasonable efforts, link such information back to a specific individual (collectively, all of the foregoing in this sentence being referred to as “De-Identified Personal Data”).
We may also collect Personal Data from you through means other than our Website. This may include offline collection, such as if you submit a paper application, make a payment by check, or call or visit our office. It may also include emails, text and chat messages, or other electronic communications that you send to us separate from our Website or by way of our third party service providers. However, if we combine the Personal Data we collect from you outside of our Website with Personal Data that is collected through our Website or by another means as described above, the Privacy Policy will apply to the combined information, unless specifically disclosed otherwise.
If, for example, you are applying for membership, or, if applicable, for employment, either via our Website or offline, we may obtain information from third parties about membership, licensing, accreditation, certification, professional, and/or employment as part of a background check, among other information, as part of the application process.
Other than as stated herein, this Privacy Policy does not apply to information collected by any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on our Website. We are not responsible for the practices of sites linked to from the Services, and before interacting with any of these sites you are advised to review their rules and policies before providing them with any private information.
Information You Provide To Us:
RMA Membership, RMA Services and Event Information: RMA collects certain Personal Data from you when you join RMA or register for RMA Services or RMA events. “Personal Data” refers to information about you that may be used to identify you, such as your first name, last name, title, email address, phone number, mailing address, company name, organization type, management level and functional area. RMA uses this information to provide your membership, register you for events, provide information about memberships and events, and administer your registrations for Services with RMA.
RMA Account Information: RMA may require you to register for an account (a “RMA Account”) in order to use certain Services. We do not require you to register to use all of our Services. However, if you do register for Services offering an RMA Account, you will gain access to those areas and features of the Services that require registration. RMA will collect certain information about you in connection with your registration for your RMA Account, which may include Personal Data and other information such as a username, password, personal profile, pictures, etc. Some of your RMA Account information may be displayed publicly. You are not required to provide your Personal Data; however, if you choose to withhold certain Personal Data, we may not be able to provide you with certain Services.
Payment Transaction Information: We may collect and store information related to purchases and donations made through the Services. You may provide certain information to complete payments via the Services, including your name and billing, delivery and shipping address, to complete payment transactions through certain Services, but, RMA does not collect, store, or have access to your credit or debit card number.
Form Information: We may use online forms to request certain information from you in order to perform certain Services, such as your contact information to assist with contacts or service requests. This information may include Personal Data.
Correspondence Information: If you sign up for a membership, attend a conference or event, download a report, email us, subscribe to our newsletters, mailing lists or publications, or subscribe to a Service, we may keep your message, email address, and contact information to respond to your requests, provide the requested products or Services, and to provide notifications or other correspondences to you. If you do not want to receive email from us in the future, you may let us know by sending us an email or by writing to us at the address below. Please note requests to remove your email address from our lists may take some time to fulfill. We may also still contact you as needed to provide important announcements or notifications regarding the Services.
Support Information: You may provide information to us via a support request submitted through the Services. We will use this information to assist you with your support request and may maintain this information to assist you or other Users with support requests. Please do not submit any information to us via a support submission, including confidential or sensitive information that you do not wish for RMA or our Service Providers (defined below) to have access to or use in the future.
Personal Data We Collect
We may collect several categories of Personal Data from and about you as summarized in the following table:
Category |
Specific Items of Personal Data |
Identifiers |
|
Demographic |
|
Characteristics of protected classifications under other California or federal law |
|
Commercial Information |
|
Internet or other electronic network activity |
|
Geolocation |
|
Sensory information |
|
Professional or employment information |
|
Education information that is not publicly available personally identifiable information |
|
Inferences drawn from any of the above to create a profile of a consumer |
|
Other information |
|
How We Collect Personal Data and from What Sources
Information You Provide Us. The Personal Data we collect through our Website, or from our business partners or service providers may be obtained as part of the following:
- Information that you provide by filling in webforms on our Website. This includes information provided when creating an online account, purchasing our Products or Services, subscribing to our e-newsletters or other communications, requesting information from us, submitting or posting material (where permitted) on our forums, or interacting with customer support or service, report a problem with our Website, Products, or Services, or otherwise communicating with us.
- Records and copies of your correspondence (including email addresses), if you contact us
- Registering for an event
- Downloading a report
- Your responses to surveys that we or our service providers might ask you to complete for research purposes
- Your search queries on the Website
- When communicating with customer service/support
- Third party websites and mobile applications (e.g., websites that share information with us or advertising partners regarding online activities)
- Data suppliers (e.g., companies that provide demographics and other information regarding consumers)
- Joint marketing partners
- Online advertising companies
- Fulfillment and delivery service providers
- Social media companies
- Other service providers
- Responding to employment opportunities
Careers Website Portal. Our Careers Website portal has information about employment opportunities with us, and contains a link which directs you to our third party service provider’s website (but which contains our brands) through which you can submit an application for employment. This application will request certain Personal Data of you. The Career Opportunities Privacy Policy set forth at the end of this Privacy Policy applies to our Careers Website and information collecting/processing, in addition to this Privacy Policy. That service provider’s website has its own terms of use and privacy policy which you should review prior to submitting any Personal Data through that website. That service provider may provide us with your application, including some or all of the Personal Data (and other information) you submit.
Information We Collect Automatically:
Unique Identifiers: When you use or access the Services, we may access, collect, monitor, store on your device, and/or remotely store one or more “Unique Identifiers,” such as a universally unique identifier (“UUID”). A Unique Identifier may remain on your device persistently, to help you log in faster and enhance your navigation through the Services. Some features of the Services may not function properly if use or availability of Unique Identifiers is impaired or disabled.
Log File Information: When you use our Services, we may receive log file information such as your IP address, browser type, access times, domain names operating system, the referring web page(s), pages visited, location, your mobile carrier, device information (including device and application IDs), search terms, and cookie information. We receive log file data when you interact with our Services, for example, when you visit our websites, sign into our Services, or interact with our email notifications. RMA uses log file data to provide, understand, and improve our Services, and to customize the content we show you. RMA may link this log file to other information RMA collects about you via the Services.
Public Information: RMA may also collect information about you from publicly available sources. Information you make publicly available in any public or open forum, such as on a social network, may be considered public information for the purposes of this Privacy Policy, and may be accessed and collected by RMA. Please be aware that any content or information you share with or provide to third parties using or related to your use of the Services is neither private, nor confidential. RMA is not responsible for any content or information you post or share with third parties. If you do not wish for certain information to be public, please do not share it.
Cookie Notice/Policy
The technologies we use for this automatic data collection may include cookies, local storage cookies, web beacons, pixel tracking, GIF and/or IP address. Each of these is discussed below.
Cookies (or browser cookies)
A cookie is a small file placed on the hard drive of your computer or mobile device. It may contain certain data, including, but not limited to: the name of the server that has placed it there, an identifier in the form of a unique number, and, an expiration date (some cookies only). Cookies are managed by the web browser on your computer or mobile device (Internet Explorer, Firefox, Safari or Google Chrome).
Different types of cookies which have different purposes are used on our Website.
Essential Cookies
These cookies are essential to allow you to browse our Website and use its functions. Without them, services such as shopping baskets and electronic invoicing would not be able to work.
Performance Cookies
These cookies collect information on the use of our Website, such as which pages are consulted most often. This information enables us to optimize our Website and simplify browsing. Performance cookies also enable our affiliates and partners to find out whether you have accessed one of our Website pages from their site and whether your visit has led to the use or purchase of a Service from our Website, including the references for the Service purchased. These cookies do not collect any information which could be used to identify you. All the information collected is aggregated, and therefore anonymous.
Functionality Cookies
These cookies enable our Website to remember the choices you have made when browsing. For example, we can store your geographical location in a cookie so that the Website corresponding to your area is shown. We can also remember your preferences, such as the text size, font and other customizable aspects of the Website. Functionality cookies may also be able to keep track of the products or videos consulted to avoid repetition. The information collected by these cookies cannot be used to identify you and cannot monitor your browsing activity on sites which do not belong to us.
It is possible that you will come across third-party cookies on some pages of sites that are not under our control.
We also use cookies to implement tracking technology on our Website. This allows us to display advertising that is tailored to you on our Website, to understand which parts of our content interest you the most, and which Product or Service categories you request. This tracking uses De-Identified Personal Data). We will not combine this data with your other Personal Data without your express permission. Some of our service providers are allowed to place cookies on our Website. Those companies may also provide you with the option of preventing the use of cookies in the future. For more information, contact the relevant third-party provider.
At any time, you can prevent the use of cookies in the future. You may activate the appropriate setting in your browser to refuse to accept browser cookies. However, if you do, your experience on our Website may be affected; e.g., you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
Local Storage Cookies. Certain features of our Website may use local stored objects (or Adobe Flash cookies) to collect and store information about your preferences and navigation to, from and on our Website. Local storage cookies are not managed by the same browser settings as are used for browser cookies.
Web Beacons. Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Pixel Tracking. In addition to using Cookies, the Website may employ “pixel tracking”, a common process which may be used in connection with advertisements on other sites. Pixel tracking involves the use of pixel tags that are not visible to the user and consist of a few lines of computer code. Pixel tracking measures the effectiveness of advertisements and compiles aggregate and specific usage statistics. A “pixel tag” is an invisible tag (usually a GIF or PNG file) placed on certain pages of websites that is used to track an individual user’s activity. We may access these pixel tags to identify activity and interests that may allow us to better match our products, services, and offers with your interests and needs. For example, if you visit our Website from an advertisement on another website, the pixel tag will allow the advertiser to track that its advertisement brought you to the Website. If you visit our Website, and we link you to another website, we may also be able to determine that you were sent to and/or transacted with a third-party website. This data is collected for use in our marketing, research, and other activities.
IP Address. Our servers (or those of our service providers) automatically record certain log file information reported from your browser when you access the Website. These server logs may include information such as which pages of the Website you visited, your internet protocol (“IP”) address, browser type, and other information on how you interact with the Website. These log files are generally deleted periodically.
Information We Collect from Third Parties
We may collect information that others provide about you when you use the Website, or obtain information from other sources and combine that with information we collect through the Website.
- Employment and Background Information. For job applicants in the United States, to the extent permitted by applicable laws, we may obtain reports from public records of criminal convictions or sex offender registrations. For applicants outside of the United States, to the extent permitted by applicable laws, we may obtain the local version of background or checks. You agree to and do hereby consent to our use of such information, including your full name and date of birth, to obtain such reports.
- Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the Website through partnerships, or about your experiences and interactions from our partner ad networks. Other examples of such providers include, but are not limited to, backend processing, fulfillment, and automation, certification, video hosting platform, email management, authentication, form processing, website usage tracking, managing calendar invites and scheduling, and database hosting and management.
Third-Party Use of Cookies and Other Tracking Technologies
- Some content or applications, including advertisements, on the Website are served by third parties, including advertisers, ad networks and servers, content providers and application providers. First-party or third-party cookies may be used alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. A first-party cookie is a cookie set by the domain name that appears in the browser address bar. A third-party cookie is a cookie set by (and on) a domain name that is not the domain name that appears in the browser address bar. It might be set as part of a side resource load (image, JS, iframe, etc., from a different hostname) or an AJAX HTTP request to a third-party server. The information that first-party and third-party cookies collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services (i.e., tracking such activities). They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
- We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. More information on how to opt-out of third-party advertiser tracking mechanisms here.
- We use, and some of our third-party service providers may use, Google Analytics or other analytics service to help us understand use of our Website and Services. Such service providers may place their own cookies in your browser. This Privacy Policy covers use of cookies by us only and not the use of cookies by third parties.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any Personal Data, for one or more of the following purposes:
- To present our Website and its contents to you.
- To provide you with information and respond to your questions on Products or Services that you request from us and information on new products and services, discounts, special promotions or upcoming events, and features or offers that we believe will be of interest to you.
- To provide you with the Products, Services, or information that you have requested.
- To process transaction payments, including, but not limited to, product and/or service fees, subscription fees, professional fees, membership dues, registration fees, voluntary contributions, examination fees, credential and designation fees, and payments, refunds and reimbursements for any products or services that you choose to purchase from us (though we do not receive your credit or debit card number).
- To provide you with notices about your account, including expiration and renewal notices.
- To notify you about information regarding or changes to our Website, our policies, terms, or any Products or Services we offer or provide, or regarding your account.
- To process your account application and any changes to your account information.
- To process Personal Data or other information that you submit through to us.
- To allow you to participate in interactive features on our Website.
- To contact you about our own and third-parties’ products and services that may be of interest to you.
- To provide access to restricted parts of our Website, e.g., areas accessible if you have a user account.
- To enhance and improve our products and Services, for example, by performing internal research, analyzing user trends, or measuring demographics and interests.
- For internal purposes, such as Website and system administration or internal audits and reviews.
- For analyzing how the Services are used, diagnosing Service or technical problems, maintaining security, and personalizing content.
- To operate, maintain, and provide to you the features and functionality of the Services.
- To provide statistics about the usage levels of the Website and other related information to our service providers.
- To notify you of data privacy incidents or provide you with legally required information.
- To contact you regarding a promotion, contest, or sweepstakes in which you have participated.
- To request your participation in ratings, reviews, surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and Services.
- To determine eligibility for membership, credentials, designations, or volunteer opportunities.
- To evaluate your performance on continued learning courses and assist you in the tracking of your progress.
- For examination or event registration, scheduling, event attendance, administration and related purposes.
- To fulfill any other purpose for which you provide Personal Data.
- In any other way we may describe and for which we obtain your consent when you provide the information and you give your consent.
RMA Personnel: RMA’s personnel may have access to your information as needed to provide and operate the Services in the normal course of business. This includes information regarding your use and interaction with the Services.
Service Providers: RMA works with various organizations and individuals to help provide the Services to you (“Service Providers“), such as website and data hosting companies and companies providing analytics information, such as Google Analytics. We may share your personal information with our Service Providers for the purpose of providing the Services. The information we share to our Service Providers may include both information you provide to us and information we collect about you, including Personal Data and information from data collection tools like cookies, web beacons, log files, Unique Identifiers, and location data. RMA takes reasonable steps to ensure that our Service Providers are obligated to reasonably protect your information on RMA’s behalf. If RMA becomes aware that a Service Provider is using or disclosing information improperly, we will take commercially reasonable steps to end or correct such improper use or disclosure.
We use cookies, clear gifs, and log file information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Website; (b) provide custom, personalized content and information; (c) monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (e) diagnose or fix technology problems reported by our users or engineers that are associated with certain IP addresses; and, (f) help you efficiently access your information after you sign in.
We may use your Personal Data you provide us and which we obtain from other sources to better understand your interests so we can try to predict what other products, services and information you might be most interested in. This practice involves making automated decisions about you based on this information in order to better enable us to tailor our interactions with you to make them more relevant and interesting. You may object to our doing this at any time by contacting us (see Contact Information/User Rights below).
We may display advertisements to our advertisers’ target audiences. If you click on or otherwise interact with an advertisement, it is your responsibility to determine whether to continue that interaction.
Social Media Plugins
We integrate social media application program interfaces or plug-ins (“Plug-ins”) from social networks, including Facebook, LinkedIn, X and/or possibly other companies, into the Website.
For example, when you visit our Website, the plugin creates a direct connection between your browser and the Facebook server. This allows Facebook to receive information about your visit to our Website with your IP address. If you click the Facebook “Like” button while you are logged on to your Facebook account, you can link the contents of our Website to your Facebook profile. This allows Facebook to assign your visit to our Website to your user account. Please note that as provider of the Website, we receive no notification about the contents of the transmitted data or their use by Facebook. If you do not want Facebook to assign your visit to our Website to your Facebook user account, please log out of your Facebook user account.
If you do so, you authorize us to access certain social media site account information, such as your public social media profile (consistent with your privacy settings in the social media site). Plug-ins may transfer information about you to the Plug-in’s respective platform without action by you. This information may include your platform user identification number, which website you are on, and more. Interacting with a Plug-in will transmit information directly to that Plug-in’s social network and that information may be visible by others on that platform. Plug-ins are controlled by the respective platform’s privacy policy, and not by our Privacy Policy. You can find the privacy policy for a platform on their website.
How We Share Your Personal Data
RMA is a member-driven organization that conducts a wide array of peer-sharing, networking and training events intended to facilitate RMA's mission, which is the advancement of sound risk management principles. You agree that we may share your information with the following persons in furtherance of our mission:
- If you are an Associate Member, we may share your information with other RMA Associate members through our online membership roster, and if you are a Professional Member, we may share your information with other RMA members generally through our online Professional Membership Directory
- Third parties which provide services to you on behalf of RMA (for example, the publisher of The RMA Journal). These third parties are prohibited from selling, distributing or otherwise using RMA's membership lists
- The provider of our customer management platform
- Third party vendors or sponsors of RMA events that you register to attend. We provide lists of attendees generally two weeks before and after an event. If you are a citizen or resident of the European Union, you have the option to opt-out of sharing this information when you register for these events
- Other attendees of RMA events such as round tables, conferences, and training courses
- RMA's Chapters, which are independent legal entities; Members of RMA Councils, committees, and working groups
- We may also share statistical or aggregated non-personally identifiable information about our users, sales, traffic patterns, and related website information with advertisers, business partners, sponsors, and other third parties; but these statistics will not include any personally identifiable information. Put simply, we will not tell our business partners that you bought a particular book, but we may tell them how many customers in certain demographic groups bought certain books
- RMA is no longer in partnership with the Pan Asia Securities Lending Association (PASLA) to host securities lending conferences in Asia. If You previously attended or expressed interest in RMA-PASLA conferences, RMA may share your information with PASLA to ensure you continue to receive information related to future PASLA conferences and events
We may also disclose your Personal Data, in whole or in part, to the following types of third parties, and for one or more the following purposes:
- Data storage or hosting providers for the secure storage and transmission of your data
- Database and software service providers for the management and tracking of your data
- Technology providers who assist in the development and management of our Website
- Identity management providers for authentication purposes
- Legal and compliance consultants, such as external counsel, external auditors, or tax consultants
- Payment solution providers for the secure processing of payments you provide to us
- Outbound call center providers, who may perform outreach on our behalf regarding our products and Services
- Survey and research providers who perform studies on our behalf
- Publishers and learning providers who develop products on our behalf
- Learning technology and online event providers for the delivery and improvement of web events and learning programs and the tracking of your progress
- Examination providers for the scheduling and delivery of credential and designation examinations
- Digital credential providers for the delivery of digital badges earned through your participation in learning programs
- Advertising partners, including social media providers, for the delivery of targeted advertisements
- Our content sponsors (see below for additional information)
Disclosures to Service Providers: We may share your Personal Data with third parties for the purpose of providing or improving the Services to you. We may share your Personal Data with third party Service Providers. This includes, without limitation, Service Providers which provide services relating to: outbound and/or inbound communications, data analysis, credit checks, screening checks, collection services, marketing assistance, managing customer information, creating, hosting, and/or providing customer or support services on our behalf, fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information from customer lists, providing search results and links (including paid listings and links), processing credit card payments, or managing our conferences and other events. These Service Providers may have access to your Personal Data in order to provide these services to us or on our behalf. If we engage Service Providers for any of the foregoing, use of your Personal Data will be bound by obligations of confidentiality and their use of Personal Data will be restricted to providing their services to us. We may store Personal Data in locations outside our direct control (for instance, on servers or databases located or co-located with hosting Service Providers).
Disclosures to Content and Event Sponsors: We provide (i) access to content (e.g., papers, article, etc.) (“Sponsored Content”) on our website provided to us by third parties who pay us for the right to provide such content and (ii) access to event participants to third parties who pay us for the right to sponsor the event (“Sponsors”). If you request Sponsored Content or register for an event with Sponsors, we provide those specific Sponsors your name, email address, job title, company name, phone number, country, state, and possibly other Personal Information. That Sponsor may contact you separately and may send you marketing and advertising communications. If you do not want your information to be shared with an Event Sponsor, you can choose to not allow your Personal Information to be shared with the Sponsors.
Activity-Related Disclosures: From time to time, we may run contests, special offers, or other events or activities (“Activities”), possibly together with a third party Service Provider. If you provide information to such Service Providers, you give them permission to use it for the purpose of that Activity and any other use to which you consent. We cannot control such third parties’ use of your information. If you do not want your information to be collected by or shared with such third parties, you can choose not to participate in these Activities.
Required Disclosures: Except as otherwise described in this Privacy Policy, we will not disclose your Personal Data to any third party unless required to do so by law, court order, legal process, or subpoena, including, but not limited to, in order to respond to any government, regulatory, or licensing request, or if we believe that such action is necessary to: (a) comply with the law, comply with legal process served on us or our affiliates, subsidiaries, contracted vendors, or affinity partners, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) enforce our terms or customer agreement (including for billing and collection purposes); (c) take precautions against liability; (d) investigate and defend ourselves against any third-party claims or allegations; (e) assist government enforcement agencies or to meet national security requirements; (f) to protect the security or integrity of our Website and our Services; or, (g) exercise or protect the rights, property, or personal safety of us, our users or others.
We will attempt to notify you about these requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon us, our users, our Website, or our Services. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact if we determine in good faith that we are no longer legally prohibited from doing so and that no risk scenarios described in this paragraph apply.
It is likely that the identity and categories of such third parties will change during the life of your account. We require that our third-party service providers only use your Personal Data as necessary to provide the requested services to us and each service provider is subject to a set of terms consistent with the applicable portions of this Privacy Policy.
Nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
Disclosure of De-Identified Personal Data: We may share De-Identified Personal Data with third parties for any purpose. De-Identified Personal Data or non-Personal Data may be aggregated for system administration and to monitor usage of the Website. It may be utilized to measure the number of visits to our Website, average time spent, number of pages viewed and to monitor various other Website statistics. This monitoring helps us evaluate how visitors use and navigate our Website so we can improve the content. We may share De-Identified Personal Data or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties in any way we choose and for any purpose. We may disclose, sell, rent, etc., your Personal Data or De-Identified Personal Data to third parties and we may receive valuable consideration for doing so.
Your Consent to Disclosure/Transfer/Sale of Your Personal Data: You consent to our disclosure of your Personal Data, De-Identified Personal Data, and other information you provide to us (“Transferred Information”) to a potential or actual buyer or acquirer of our company or other successor for the purpose of considering a merger, divestiture, restructuring, reorganization, dissolution, change in control, or sale or transfer of some or all of our assets (each of the foregoing referred to as a “Transfer”), whether as a going concern or as part of bankruptcy, liquidation or other court proceeding, in which Personal Data held by us is among the assets transferred. You agree to and do hereby consent to (and shall not object to) our assignment, conveyance, transfer, and/or license (whether by contract, merger or operation of law) as part of a Transfer, of any or all of our rights, in whole or in part, in or to Transferred Information and your consents, with or without notice to you and without your further consent. We cannot make any representations regarding the use or transfer of Transferred Information that we may have in the event of our bankruptcy, reorganization, insolvency, receivership, or an assignment for the benefit of creditors. By providing any Personal Data, you expressly agree and consent to the use and/or transfer of Transferred Information or other information in connection with a Transfer. Furthermore, except as required by law, we are not and will not be responsible for any breach of security by any third parties or for any actions of any third parties that receive any of the Transferred Information that is disclosed to us.
Data Transfer/Access Outside of the United States
We have our headquarters in the United States. The Personal Data we or our service providers collect may be stored and processed in servers within or outside of the United States and wherever we and our service providers have facilities around the globe, and certain information may be accessible by persons or companies outside of the United States who provide services for us. As such, we and our service providers may transfer your Personal Data to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take reasonable steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the UK, European Economic Area (“EEA”), or Switzerland, please see the section below on GDPR. We provide adequate protection for the transfer of Personal Data to countries outside of the UK, EEA, or Switzerland through a series of intercompany agreements based on language as required by applicable law. We may also need to transfer your information to other group companies or service providers in countries outside the EEA. This may happen if our servers or suppliers and service providers are based outside the UK, EEA, or Switzerland, or if you use our services and products while visiting countries outside this area.
If you are a resident of a country other than the United States, you acknowledge and consent to our collecting, transmitting, processing, transferring, and storing your Personal Data out of the country in which you reside.
Information Security
RMA takes reasonable efforts to secure and protect the privacy, accuracy, and reliability of your information and to protect it from loss, misuse, unauthorized access, disclosure, alteration and destruction. RMA implements security measures as we deem appropriate and consistent with industry standards. As no information security system is impenetrable, RMA cannot guarantee the security of our systems or databases, nor can we guarantee that personal information we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information you transfer to or from Services is provided at your own risk.
Please do your part to help us keep your information secure. You are responsible for maintaining the confidentiality of your password and RMA Account and are fully responsible for all activities that occur under your password or RMA Account. RMA specifically reserves the right to terminate your access to the Services and any contract you have with RMA related to the Services in the event it learns or suspects you have disclosed your RMA Account or password information to an unauthorized third party. You hereby release and forever discharge us and our affiliates, subsidiaries, officers, directors, employees, and agents, and their respective successors and assigns, and you will indemnify, defend and hold us harmless, from and against any liability, claim, or cost (including attorneys’ fees), arising directly or indirectly from any failure by you to maintain the security of your email or other accounts that directly or indirectly results in an unauthorized third party having access to such email or accounts or causes us to transfer funds based on instructions purporting to have originated from you (i.e., “wire transfer fraud” or “business email compromise” events).
Data Retention
The time periods for which we retain your Personal Data depend on the purposes for which we use it. We will retain your Personal Data for as long as your account is active, or as long as you are a registered member or account holder or user of our Services or for as long as we have another business purpose to do so (such as, but not limited to, for business, tax, or legal purposes) and, thereafter, for no longer than is required or permitted by law, or our records retention policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide you with feedback or information you might request. This period of retention is subject to our review and alteration.
Following termination or deactivation of your user account, we may retain your profile information and all information posted to public areas of the Website. Following termination or deactivation of your user account, we may retain your Personal Data and other data, but will maintain it as confidential according to this Privacy Policy, and as required by applicable law. We have the right to delete all of your Personal Data and other data after termination of your user account without notice to you.
We may retain De-Identified Personal Data for as long as we deem appropriate.
GDPR: The Follow Provisions Apply Only to Citizens and Residents of the United Kingdom, EEA, and Switzerland
The following provisions in this section apply only if you are a citizen or resident of the UK, EEA, or Switzerland. For such citizens or residents, all processing of your Personal Data is performed in accordance with privacy rights and regulations, in particular, (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (“GDPR”), and our processing will take place in accordance with the GDPR. For purposes of the GDPR, we will be the “data controller” of Personal Data (referred to and defined in the GDPR as “Personal Data”) we collect through the Website, unless we collect such information on behalf of a “data controller” in which case we will be a “data processor.” This Privacy Policy does not apply to websites, applications or services that do not display or link to this Privacy Policy or that display or link to a different privacy policy. For UK, EEA, and Switzerland residents and citizens only, to the extent any definition in this Privacy Policy conflicts with a definition under the GDPR, the GDPR definition shall control.
Our Legal Basis for Processing Personal Data (UK, EEA, and Swiss Visitors Only)
If you are a visitor using our Website from the UK, EEA or Switzerland, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we need the Personal Data to perform Services for you for which you have contracted with us, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
Legitimate interest purposes may include:
- fraud prevention
- ensuring network and information security
- indicating possible criminal acts or threats to public security, including enhancing protection of our community against spam, harassment, intellectual property infringement, crime, and security risks of all kind, and enforcing legal claims, including investigation of potential violations of our Terms of Use
- when we are complying with legal obligations
- processing employee or visitor, member, attendee, or registrant data
- performing the function or service you requested of us
- providing our services and their functionality to you where such processing is necessary for the purposes of the legitimate interests pursued by us or by our service providers related to the services
- direct marketing
- the relevant and appropriate relationship we have with you
- analytics, e.g., assess the number of visitors, page views, use of the Site, etc., in order to understand how our Site and services are being used, to optimize the Site and/or future communications, and to develop new services and Site features
- updating your information and preferences
- offering and improving our services
- enforcing legal claims, including investigation of potential violations of applicable Terms of Use
Your Data Rights Under GDPR
If you are a resident of the UK, EEA, or Switzerland, your rights include the following:
- The right to access – Upon request, we will confirm any processing of your Personal Data and provide you with a copy of that Personal Data in an acceptable machine-readable format.
- The right to rectification – You have the right to have us correct any inaccurate Personal Data or to have us complete any incomplete Personal Data.
- The right to erasure – You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion).
- The right to restrict processing – You have the right to ask us to suppress the processing of your Personal Data but we may still store your Personal Data. See below for more information.
- The right to object to processing – You have the right to object to your Personal Data used in the following manners: (a) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); (b) direct marketing (including profiling); and, (c) processing for purposes of scientific/historical research and statistics. See below for more information.
- The right to data portability – You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform fulfillment of member benefits with you. We will give you your Personal Data in a structured, commonly used and machine-readable format.
- The right to complain to a supervisory authority – You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Data relating to you infringes upon your rights.
- The right to withdraw consent – If we are processing your Personal Data based on your consent to do so, you may withdraw that consent at any time.
Access to the Information RMA Has Collected about You
RMA provides certain tools and settings within the Services to help you access, correct, delete, or modify your personal information associated with the Services. RMA welcomes you to contact us regarding the information we have collected about you, including regarding the nature and accuracy of the data that has been collected about you, to request an update, modification, or deletion of your information, to opt-out of certain Services uses of your information, or to withdraw any consent you may have granted to RMA.
Please note requests to delete or remove your information do not necessarily ensure complete or comprehensive removal of the content or information posted, and removed information may persist in backup copies indefinitely. Please note that if you choose to delete your information or opt-out of the collection and use of your information, you understand that certain features, including but not limited to access to the Services, may no longer be available to you.
Opting-Out of Communications from RMA
By providing us with your email address (including by “following,” “liking,” linking your account to our Website or Service or other services, etc., on a third party website or network), you consent to our using the email address to send you Service-related notices by email, including any notices required by law (e.g., notice of data privacy or security incidents), in lieu of communication by postal mail. You also agree that we may send you notifications of activity regarding the Service or the Website, your Personal Data, or any aspect of our relationship, to the email address you give us, in accordance with any applicable privacy settings. We may use your email address to send you other messages or content, such as, but not limited to, newsletters, additions or changes to features of the Service, or special offers. If you do not want to receive such email messages, you may opt out by emailing us your opt-out request or, where available, by clicking “unsubscribe” at the bottom of our e-newsletter. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or offers. You may not opt out of Service-related emails.
You can add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by emailing us. It is your responsibility to maintain your current email address with us.
Additional Provisions Regarding the Services and Your Information
Safely Using RMA’s Services
Despite RMA’s safety and privacy controls, we cannot guarantee the Services are entirely free of illegal, offensive, pornographic, or otherwise inappropriate material, or that you will not encounter inappropriate or illegal conduct from other Users when using the Services. You can help RMA by notifying us of any unwelcome contact by contacting us using the information below.
Privacy Notice for California Residents
The following in this section applies only to California residents.
Under California Civil Code Section 1798.83 (known as the “Shine the Light” law), RMA members and customers who are residents of California may request certain information about our disclosure of personal information during the prior calendar year to third parties for their direct marketing purposes. To make such a request, please write to us at the address below or at privacy@rmahq.org along with “Request for California Privacy Information” on the subject line and in the body of your message. We will comply with your request within thirty (30) days or as otherwise required by the statute. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
California Online Privacy Protection Act (“CalOPPA”; Calif. Bus. & Prof. Code § 22575-22578):
CalOPPA applies only to companies which collect Personal Data of California residents.
How We Respond to Do Not Track Signals. RMA does not currently employ a process for automatically responding to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. Per industry standards, third parties may be able to collect information, including Personal Data, about your online activities over time and across different websites or online services when you use Services. You may opt out of online behavioral ads at http://www.aboutads.info/choices/. You also may limit certain tracking by disabling cookies in your web browser.
Changes to Our Privacy Statement
RMA may modify this Privacy Statement from time to time. The most current version of this Privacy Statement will govern our use of your information and will be located at: https://www.rmahq.org/privacy-policy/. Our current Privacy Statement will always be on our Website at and any updates will be effective upon posting. You are responsible for periodically checking our Website for updates. Under certain circumstances, we may also elect to notify Users of changes or updates to this Privacy Statement by additional means, such as posting a notice on the front page of the Website or by sending an email, but you should not rely on receiving such additional notice.
Contact RMA
RMA Privacy 2005 Market Street, 36th Floor
One Commerce Square
Philadelphia, PA 19103