NASPO Privacy Policy and General Data Protection Regulation Privacy Notice

National Association of State Procurement Officials, Inc. (“NASPO”) respects your privacy and is committed to protecting it through compliance with this Privacy Policy (the “Policy”). NASPO has adopted this policy to govern the process of personal data collection and information sharing. This Policy explains how NASPO may collect, use, share, and safeguard personal information on www.NASPO.org, the NASPO Procurement University Learning Management System site, and any mobile websites, mobile applications, social media sites, events and any other services and platforms officially operated or used by NASPO from time to time (the “Sites” or “Services”).

This Privacy Policy consists of both this Privacy Policy, and where applicable, the General Data Protection Regulation (GDPR) Privacy Notice. If you are a resident of a country located in the European Union, or the European Economic Area, including Switzerland and the United Kingdom, please refer to our GDPR Privacy Notice (page 7) for more information about your rights and our obligations.

Information Collected

NASPO typically collects two kinds of information about individuals: (a) information that individuals provide that personally identifies them; and (b) information that does not personally identify an individual that NASPO automatically collects when individuals visit the NASPO Sites or that individuals provide to NASPO.

(1) Personal Information/Personally Identifiable Information (PII): As a general policy, NASPO does not automatically collect Personal Information when visiting the website. Personal Information means any information relating to an identified or identifiable natural person. Specifically, Personal Information consists of individual’s name, postal address, email address, date of birth, driver’s license number, financial account information, preferences, interests, favorites, or other similar information. NASPO may request, collect, or otherwise provide individuals with an opportunity to submit Personal Information in connection with certain activities on the NASPO website, including but not limited to:

  • Registration screens and online forms
  • Participation in a survey or questionnaire
  • Membership applications
  • Participation in the NASPO Network or similar NASPO provided on-line service, community or message board
  • Participation in NASPO provided or sponsored events and training

This definition of “Personal Information” means personally identifiable information and includes any information that may be used to specifically identify or contact you, such as your name, address (mailing or email), phone number, etc.

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through NASPO.org public message boards, this information may be collected and used by others.

(2) Non-Personal Information: Non-personal information is any information that does not personally identify you. Non-personal information can include certain personal information that has been de-identified; that is, information that has been rendered anonymous. NASPO may obtain non-personal information about members from information provided to NASPO, either separately or together with Personal Information. NASPO also automatically collects certain non-personal information from individuals when accessing the website. This information can include, among other things, IP addresses, the type of browser you are using (e.g., Internet Explorer, Safari, etc.), the third-party website from which your visit originated, the operating system you are using, the search terms you use on our website, the specific web pages you visit, and the duration of your visits.

Use of Personal and Non-Personal Information

NASPO uses the Personal Information individuals submit to:

  • Operate the websites
  • Respond to member requests
  • Deliver products or services members requested
  • Accept payment for products or services members requested
  • Process membership applications Contact individuals via surveys to conduct research about your opinion of current products/services, or of potential new products/services that may be offered
  • Provide input on your particular needs to our staff to make current and planned initiatives increasingly relevant to your needs
  • Facilitate data analysis by NASPO in the execution of any business functions provided by NASPO in order to improve our business processes, products/services, events, training and to provide you more meaningful interactions with NASPO and the sites.
  • Provide future service and support
  • Inform individuals of other products or services available from NASPO or its affiliates
  • Secure lodging, transportation and other services associated with NASPO provided or sponsored event or training
  • Notify event/training participants about event information such as reminders, updates, logistic changes and post event satisfaction data collection
  • Capture event emergency contact information (name, phone number, relationship) to identify designated individuals in case of an emergency or crisis situation
  • Capture ADA and dietary preferences/needs to share with event staff and vendors
  • Participate in the NASPO Network or similar NASPO provided on-line service, community or message board
  • Participate in NASPO provided or sponsored events and training

NASPO uses non-personal information in a variety of ways, including to help analyze site traffic to determine which pages within the sites are the most popular and to understand customer needs and trends, carry out targeted promotional activities, and to improve services offered to individuals. This data may be used to deliver customized content and advertising within NASPO to customers whose behavior indicates that they are interested in a particular subject area. NASPO may use your non-personal information by itself or aggregate it with information it has obtained from others. NASPO may share your non-personal information with our affiliated companies and third parties to achieve these objectives and others: this aggregate information is anonymous information that does not personally identify you.

“Cookies” and Web Beacons

NASPO automatically receives and stores certain types of non-personal information whenever members interact with NASPO. For example, like many websites, NASPO uses “cookies” and “web beacons” (also called “clear gifs” or “pixel tags”) to obtain certain types of information when member web browsers access the NASPO websites. “Cookies” are small files that are transferred to your computer’s hard drive or your Web browser memory to enable NASPO systems to recognize your browser and to provide convenience and other features to you, such as recognizing you as a frequent user of the NASPO website. This activity simplifies the process of recording member personal information, such as billing addresses, shipping addresses, and so forth. When members return to the same NASPO site, the information you previously provided can be retrieved, so individuals can easily use the NASPO site features that they customized.

Individuals have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but individuals can usually modify their browser setting to decline cookies if preferred. If individuals choose to decline cookies, they may not be able to fully experience the interactive features of the Sites’ services. For more detailed information about cookies, you may wish to visit www.allaboutcookies.org.

“Web beacons” are tiny graphics with a unique identifier, similar in function to cookies, and may be used to track the online movements of users, when an email has been opened, and to provide other information.

Examples of the information NASPO collects and analyzes in this manner include the Internet protocol (IP) address used to connect your computer to the Internet; computer and connection information such as browser type and version, operating system, and platform; your behavior on our Website, including the URL you come from and go to next (whether this URL is on the NASPO site or not); and cookie number.

NASPO Security Measures

NASPO takes steps it considers reasonable to protect Personal Information collected via the Sites from loss, misuse, and unauthorized access, disclosure, alteration and destruction. NASPO secures the information on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When Personal Information (such as credit card number) is transmitted to other web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Keep in mind, however, that despite such reasonable safeguards, NASPO cannot guarantee or warrant the security of any information you disclose or transmit to NASPO online and are not responsible for the theft, destruction, or inadvertent disclosure of your Personal Information.

In addition, other Internet sites or services that may be accessible through NASPO websites have separate data and privacy practices independent of NASPO, and therefore NASPO disclaims any responsibility or liability for their policies or actions. Please contact those vendors and others directly if you have any questions about their privacy policies.

Information Sharing

NASPO does not sell, rent or lease collected Personal Information to third parties. NASPO may, from time to time, contact individuals on behalf of external business partners about a particular offering that may be of interest. In those cases, Personal Information (such as e-mail, name, address, telephone number) is not transferred to the third party. In addition, NASPO may share data with trusted partners to perform services on our behalf, to help NASPO perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your Personal Information except to provide these services to or on behalf of NASPO, and they are required to maintain the confidentiality of your information.

NASPO does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.

NASPO may contract with sub-contractors to provide administration of some business functions and conference/event related services. NASPO may share Personal Information collected for said purposes in the execution of the services provided.

Specific examples of the data required for full delivery on conference-related services are:

  • ADA needs and dietary preferences/needs shared event staff, the conference hotel as well as off-site restaurants, caterers, vendors or venues providing services to the conference
  • Contact information (name, selected preferences) to confirm your rooming needs and your reservation at the conference hotel
  • Contact information (name, selected preferences) used to confirm travel or transportation arrangements, where appropriate
  • Contact information (name, phone number, credentials/designation, place of employment, mailing address, email address) to share with event attendees to facilitate peer-to-peer communications
  • Emergency Contact information (name, phone number, relationship) used only to communicate with designated individuals in case of an emergency or crisis situation

Email Communications

NASPO may share your email contact information with its partners to assist in providing email communications. Individuals may unsubscribe from receiving these communications from NASPO by clicking the “unsubscribe” link included at the bottom of the email, or by emailing NASPO as provided in the “Contact Information” section below. However, NASPO reserves the right to send individuals transactional emails such as customer service communications in connection with the products or services it provides, or individuals have purchased from NASPO. For security reasons, individuals should not send Personal Information, such as passwords, social security numbers, credit card information, or bank account information to NASPO via email.

Transfer of Assets

NASPO does not provide Personal Information to third parties, except as described above. However, as NASPO continues to develop its business, NASPO trusted partners and/or contracted third parties as described above may change due to changes in contractual relationships or they may undergo a merger, reorganization or similar corporate event which may necessitate transitioning of the personal information shared by NASPO to the new/changed organization.

Legal Necessity

Notwithstanding anything herein to the contrary, NASPO reserves the right to disclose any information about individuals if required to do so by law, with respect to copyright and other intellectual property infringement claims, or if NASPO believes that such action is necessary to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend NASPO’s legal rights or property, or Sites; or (d) in an emergency to protect the health and safety of NASPO Sites’ users or the general public.

Individual Consent


Contact Information

Questions or comments regarding this Privacy Policy should be submitted to NASPO’s Chief Information Officer by e-mail as follows:

You can also reach NASPO by U.S. mail or Phone:

National Association of State Procurement Officials

Attn: Chief Information Officer
110 West Vine Street, Suite 600
Lexington, Kentucky 40507
(859) 514-9159

Changes to Privacy Policy

This Policy may be amended from time to time. The effective date of the Policy may be found on the first page of the Policy.

If individuals submitted Personal Information to NASPO prior to the above effective date, and desire to opt out of having that previously submitted Personal Information from being treated under the new policy, please contact NASPO at the above address.