Personal Information Collected
NASPO may receive information about individuals from its vendors or affiliates, such as personal contact information including name, email address, phone number, and country of residence. This information may be received in the context of providing servicing and support to our customers.
NASPO may collect personal data when individuals ask NASPO to contact them, register with NASPO to participate in an event or training session, or when individuals request information products or services from NASPO. Failure to provide this information means NASPO cannot fulfill the request for information. NASPO may also collect contact information when it is provided by using the NASPO Website, as well as the IP address and other information about the activity on the NASPO Website, such as visited pages. NASPO may also receive personal data when working on resolving customers’ problems.
. Purpose of Personal Data
NASPO’s lawful basis for holding your information depends on the circumstances under which it is acquired.
Type of Information – Lawful Basis for Processing
Customer and prospective customer contact information collected in connection with a request for products/services or an inquiry, or for fulfillment of an unsolicited request.
Member and prospective member contact information collected for use in marketing additional products and services.
Contact information is collected for use in soliciting participating in NASPO events, training sessions or projects (e.g. research).
Use of Personal Data
NASPO uses personal data to communicate by email or phone regarding situations such as requesting services from individuals, informing individuals of our services, informing individuals on the status of their request, informing individuals on the status of their payment, or answering questions about payment of their invoice. NASPO may also collect IP address and details concerning activity while on the NASPO Website in order to secure NASPO systems and understand your interests and preferences.
If NASPO receives personal data in the context of providing problem-solving services to our customers, NASPO will securely accept that data and limit access to the data. When requested, NASPO will delete the data once the issue is resolved.
Cross Border Personal Information Data Transfers
NASPO will retain member personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice and in accordance with its Data Document Retention Policy, unless a longer retention period is required or permitted by law.
Personal Data Rights
Individuals have the following rights concerning their personal data that NASPO holds and processes that can be exercised at any time:
- Right of access – you have the right to request a copy of the information that NASPO holds about you.
- Right of rectification – you have a right to correct personal data that NASPO holds about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances, you can ask for the personal data NASPO holds about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply, you can restrict the processing of the personal data NASPO holds about you.
- Right of portability – you have the right to have the personal data NASPO holds about you transferred to another organization.
- Right to object – you have the right to object to certain types of processing, such as direct marketing.
- Right to judicial review: in the event that NASPO refuses your request under rights of access, NASPO will provide you with a reason as to why. You have the right to complain as outlined in the process below.
All of the above requests will be forwarded on to other parties holding and processing your personal data where appropriate.
NASPO Contact Information
If you wish to raise a complaint on how NASPO handles member personal data, you can contact NASPO’s Chief Information Officer using the following methods:
By Mail or Phone: National Association of State Procurement Officials Attn: Chief Information Officer 110 West Vine Street, Suite 600 Lexington, Kentucky 40507 (859) 514-9159
If you are not satisfied with our response, you can file a complaint with the data protection authority in the country in which you reside.