NASPO Privacy Policy and General Data Protection Regulation Privacy Notice

National Association of State Procurement Officials, Inc. (“NASPO”) respects your privacy and is committed to protecting it through compliance with this Privacy Policy (the “Policy”). NASPO has adopted this policy to govern the process of personal data collection and information sharing. This Policy explains how NASPO may collect, use, share, and safeguard personal information on www.NASPO.org, the NASPO Procurement University Learning Management System site, and any mobile websites, mobile applications, social media sites, events and any other services and platforms officially operated or used by NASPO from time to time (the “Sites” or “Services”).

This Privacy Policy consists of both this Privacy Policy, and where applicable, the General Data Protection Regulation (GDPR) Privacy Notice. If you are a resident of a country located in the European Union, or the European Economic Area, including Switzerland and the United Kingdom, please refer to our GDPR Privacy Notice (page 7) for more information about your rights and our obligations.


This General Data Protection Regulation Privacy Notice is a supplement to the NASPO Privacy Policy and concerns certain personal data it has collected about residents of the countries in the European Union, consisting of the European Economic Area, Switzerland, and to the extent that the United Kingdom is no longer a member of the European Economic Area, and the United Kingdom. It explains why NASPO has personal information, how the organization uses it and handles it, and individual’s rights to that information, all as required by the European Union’s General Data Protection Regulation (“GDPR”).

Personal Information Collected

As outlined in NASPO’s Privacy Policy, NASPO may collect personal contact information such as name, email address, phone number, gender, birthdate, and country of residence.

NASPO may receive information about individuals from its vendors or affiliates, such as personal contact information including name, email address, phone number, and country of residence. This information may be received in the context of providing servicing and support to our customers.

Data Collection

NASPO may collect personal data when individuals ask NASPO to contact them, register with NASPO to participate in an event or training session, or when individuals request information products or services from NASPO. Failure to provide this information means NASPO cannot fulfill the request for information. NASPO may also collect contact information when it is provided by using the NASPO Website, as well as the IP address and other information about the activity on the NASPO Website, such as visited pages. NASPO may also receive personal data when working on resolving customers’ problems.

Purpose of Personal Data

NASPO’s lawful basis for holding your information depends on the circumstances under which it is acquired.

Type of Information – Lawful Basis for Processing

Customer and prospective customer contact information collected in connection with a request for products/services or an inquiry, or for fulfillment of an unsolicited request.

Member and prospective member contact information collected for use in marketing additional products and services.

Contact information is collected for use in soliciting participating in NASPO events, training sessions or projects (e.g. research).

Use of Personal Data

NASPO uses personal data to communicate by email or phone regarding situations such as requesting services from individuals, informing individuals of our services, informing individuals on the status of their request, informing individuals on the status of their payment, or answering questions about payment of their invoice. NASPO may also collect IP address and details concerning activity while on the NASPO Website in order to secure NASPO systems and understand your interests and preferences.

The personal data NASPO holds is stored and processed securely as described in the NASPO Privacy Policy and in line with the information security measures and guidance standards. NASPO has implemented appropriate technical and organizational measures designed to prevent the unauthorized disclosure of your personal data, taking into account the level of risk associated with the processing of personal data.

If NASPO receives personal data in the context of providing problem-solving services to our customers, NASPO will securely accept that data and limit access to the data. When requested, NASPO will delete the data once the issue is resolved.

Cross Border Personal Information Data Transfers

Personal data will be stored at our servers located in the United States. The United States has personal data privacy laws that are different from your country. NASPO does not pass your information to anyone else apart from its business services partners as described in the NASPO Privacy Policy.

Data Retention

NASPO will retain member personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice and in accordance with its Data Document Retention Policy, unless a longer retention period is required or permitted by law.

Personal Data Rights

Individuals have the following rights concerning their personal data that NASPO holds and processes that can be exercised at any time:

  • Right of access – you have the right to request a copy of the information that NASPO holds about you.
  • Right of rectification – you have a right to correct personal data that NASPO holds about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances, you can ask for the personal data NASPO holds about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply, you can restrict the processing of the personal data NASPO holds about you.
  • Right of portability – you have the right to have the personal data NASPO holds about you transferred to another organization.
  • Right to object – you have the right to object to certain types of processing, such as direct marketing.
  • Right to judicial review: in the event that NASPO refuses your request under rights of access, NASPO will provide you with a reason as to why. You have the right to complain as outlined in the process below.

All of the above requests will be forwarded on to other parties holding and processing your personal data where appropriate.

NASPO Contact Information

Please contact NASPO’s Chief Information Officer at if you have any questions concerning your personal information.

If you wish to raise a complaint on how NASPO handles member personal data, you can contact NASPO’s Chief Information Officer using the following methods:

By Email:

By Mail or Phone: National Association of State Procurement Officials Attn: Chief Information Officer 110 West Vine Street, Suite 600 Lexington, Kentucky 40507 (859) 514-9159

If you are not satisfied with our response, you can file a complaint with the data protection authority in the country in which you reside.