What We Do With Your Data: Data Controller The Cat Fancier’s Association, Inc. (CFA) acts as data controller in cases where CFA alone determines the purposes and means of the processing of your personal data. If you have any questions about how CFA processes your personal data, please contact CFA’s privacy officer at privacyofficer@cfa.org Purpose of the Processing CFA uses the personal data it collects to provide you with the information and services that you request, send you information on memberships (e.g. breed council), Club mailings if you are a club president or secretary, CFA elections, Committee activities, Newsletters, Invitations to CFA events and to maintain CFA’s list of contacts. CFA does not sell, share, distribute or otherwise make your personal data available to any third party except in cases where consultants and other data processors need access to this information to perform work on CFA’s behalf. CFA may, however, share information with committees within CFA. Data Categories CFA collects certain personal data about you but only at the minimum level to be able to fulfill the purpose of the processing. “Personal data” can be used to identify you or that CFA may use directly or indirectly to connect with you. CFA collects personal data that you have voluntarily provided, for example in signing up for one of CFA’s services, programs, newsletters or other materials or when you communicate with CFA via CFA’s website, email or other channels. If you have participated in CFA activities such as cat shows, clerking schools, BAOS, etc., CFA also processes certain data about you. The data CFA collects includes, your name, cattery name, address, e-mail address and telephone number. In some cases, your personal data may have been supplemented by information retrieved from other sources, including searches via publicly available search engines and social media. CFA does not process any data relating to you by automated decision making or profiling. Legal Grounds When processing personal data for the purposes explained herein, CFA relies upon its legitimate interest in maintaining a relationship and communicating with you as a “customer” about CFA’s operations and events. CFA is confident that its interests abide by the law and the legal rights and interests of CFA’s customers. Transfer of Data Only the people who need to process personal data for the purposes described above have access to your personal data. CFA will only transfer your personal data if needed to fulfill a contract with you, if required by law or if needed to fulfill a legal obligation. CFA may also need to provide CFA’s consultants, suppliers and sub-suppliers with access to your personal data when they perform services on CFA’s behalf to maintain and support CFA’s IT systems. Retention Your personal data will be stored in CFA’s registers for the specified purposes explained herein for as long as you are considered a CFA “customer”. The data will be deleted when no longer needed to fulfill its purpose. CFA will provide you with an opportunity to unsubscribe from all CFA services and memberships. If you choose to unsubscribe, CFA will cease data processing for the purposes mentioned above and remove your personal data from CFA’s contact systems. Security CFA uses technical and organizational security measures to help protect your personal data against loss and to guard it against access by unauthorized persons. This includes, limited access rights and encryption of sensitive data. CFA regularly reviews its IT and privacy security policies to ensure CFA’s systems are secure and protected. Your Rights You have the right to know what personal information CFA maintains about you. CFA will provide this information to you upon request as long as an online solution that grants you access to your own personal profile and includes an overview of this information is not otherwise available. You are also entitled to have any incorrect data corrected and you may, in some cases, request CFA to delete your personal data. You may also object to certain personal data about you being processed and request that processing of your personal data be limited. Please note that limitation and/or deletion of personal data may result in that you do no longer receive CFA communications, information, invitations, among other things. You may also have the right to receive your personal data in a machine-readable format or have the data transferred to another party responsible for data processing. Questions or Comments If you have any questions or comments, please contact CFA’s privacy officer at privacyofficer@cfa.org Privacy Policy Statement: Privacy Policy Statement This is the web site of The Cat Fanciers' Association, Inc. (CFA). CFA’s mailing address is 260 East Main Street, Alliance, OH 44601. Phone 330-680-4070. Fax 330-680-4633. Email: privacyofficer@cfa.org About this Privacy Policy This Privacy Policy has been developed to provide a clear and concise outline of how and when personal information is collected, disclosed, used, stored and otherwise handled by CFA. The Policy applies to personal data collected by any means and by any technology. CFA respects your privacy and will protect your personal information in accordance with applicable data protection laws including the new EU General Data Protection Regulation 2016/679 (“GDPR”). In accordance with the rules set out under GDPR, CFA would like to provide you with the following information about how CFA handles personal information it receives. CFA will: - Protect your personal information and give you control over this information. - Take measures to protect your information from hackers and data leaks. - Implement a clear procedure for the collection and storage of personal information. - Obtain the prior consent of CFA customers for the collection and use of personal - information. - Delete your personal information upon your request. In protecting your personal information, CFA will follow the following principles: - Legitimate and transparent data processing. - Accuracy of collected data. - Integrity and confidentiality. - Clear, justified, well defined purpose for keeping data. - Collect only the absolute minimum of data. - Limit the duration of storage of personal information. 1. Processing of Personal Information and Consent Personal information is information from which an individual's identity may be ascertained. The nature of personal information collected by CFA through CFA’s web site generally comprises an individual's name and contact details (including address, phone, fax and e-mail). Cookies, server log information, location data, IP Address and other web based behaviors such as your navigation behavior through all of CFA’s web-based properties are passively collected by CFA and are also considered personal information. CFA collects information from you including, but not limited to, survey information, contest entry information, site registration, name and address, telephone number, fax number and payment information including credit card number and billing address. CFA also collects other types of personal information from time to time including, among other things, credit information, only for purposes of online catalog sales, registration fees and other sales and services. CFA will not collect personal information unless it is necessary for CFA to perform one or more of its functions and activities and you consent. CFA will delete personal information when it is no longer required for such functions and activities. CFA will generally collect personal information from you directly. For example, CFA may collect personal information by telephone or letter, when you attend a function or event, request printed information or specific mailings, enter a competition, or provide a resume. Your consent is required to collect and keep this information in CFA’s database. CFA will correct or delete this information at any time upon your request. As used herein, “your consent” shall mean the affirmative act of giving your consent. Whenever your consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. You have the right to withdraw your consent at any time, but the withdrawal of your consent will not affect the lawfulness of any processing based upon such consent before its withdrawal. It shall be as easy to withdraw as it is to give consent. 2. Use and Disclosure of Personal Information Personal information CFA collects may be shared with committees within CFA, where it will be kept strictly confidential and will only be disclosed on a need-to-know basis. CFA will generally use and disclose your personal information for the purposes for which the personal information was initially obtained. CFA may also use your personal information for a purpose related to that for which the personal information was initially obtained if that other purpose would be within your reasonable expectations. Related purposes might include, but not necessarily be limited to, adding your name to a contact list, email notification or invitation list. CFA will not use or disclose your personal information for any other purposes unless: a. required or authorized by law; b. required in order to investigate any unlawful activity; c. required by an enforcement body for investigative activities; or d. necessary to prevent a serious and imminent threat to a person's life, health or safety, or to public health or safety. CFA will promptly inform you of such disclosure, unless prohibited. 3. Direct Marketing From time to time, CFA may use your personal information to identify activities which may be of interest to you and send you information regarding products available through CFA’s business partners. You may contact CFA’s Privacy Officer as provided below if you do not wish to receive direct marketing information, and CFA will take prompt action to ensure that you do not receive any further direct marketing information. 4. Ad Servers CFA may partner with or have special relationships with GDPR compliant ad server companies. 5. Personal Information Security CFA is committed to keeping your personal information secure, and CFA will take all reasonable precautions to protect your personal information from unauthorized access, loss, misuse or alteration. Your personal information may be stored in hard copy documents, or electronically in CFA’s information systems and databases. CFA maintains physical security over its paper and electronic data storage, including locks and security systems. CFA also maintains computer and network security using passwords to control and restrict access to authorized CFA staff and consultants for approved purposes. 6a. Access to Personal Information (Not Applicable to EU Citizens) You may request access to the personal information about you that CFA maintains. The procedure for obtaining access is as follows: a. All requests for access to your personal information must be made in writing and addressed to CFA’s Privacy Office privacyofficer@cfa.org; b. You must provide as much detail as possible regarding the business entity, department or person to whom you believe your personal information has been provided, and when it was provided. This will facilitate CFA’s processing of your request. CFA will acknowledge your request and, in most cases, access will be granted within 14 days. CFA will inform you it is unable to provide you with access to the information within 30 days of your request; c. You will be asked to verify your identity; d. An advance fee may apply to such request in the event that a request will be onerous or time consuming to respond to. Such fee will cover staff costs involved in locating and collating information and reproduction costs; e. Depending on the circumstances, you may be forwarded the information by mail or email, or you may be required to personally inspect your records at the location where such records are stored; and f. You will be given the opportunity to correct any inaccurate personal information. In some circumstances, CFA may not be in a position to provide access. Such circumstances include, but are not limited to: a. providing access will have an unreasonable impact upon the privacy of other individuals; b. denying access is required or authorized by law; c. the request for access is frivolous; d. legal proceedings involving such information are pending; e. negotiations might be prejudiced by such access; or f. access would reveal confidential information or a commercially sensitive decision making process. If CFA denies access to your personal information, it will provide you with a written explanation of its reasons for denying access. 6b. Access to Personal Information (Applicable to EU Citizens) You may request access to the personal information about you that CFA maintains. The procedure for obtaining access is as follows: a. All requests for access to your personal information must be made in writing and addressed to CFA’s Privacy Office privacyofficer@cfa.org; b. You will be asked to verify your identity; c. Depending on the circumstances, you may be forwarded the information by mail or email, or you may be required to personally inspect your records at the location where such records are stored; and d. You will be given the opportunity to correct any inaccurate personal information. e. Your first request for access will not result in any fees, however subsequent requests will require a fee to be provided in advance before the request for access will be granted. f. You will be given the opportunity to delete some or all of your personal data. In some circumstances, CFA may not be in a position to provide access. Such circumstances include, but are not limited to: a. providing access will have an unreasonable impact upon the privacy of other individuals; b. denying access is required or authorized by law; c. legal proceedings involving such information are pending; If CFA denies access to your personal information, it will provide you with a written explanation of its reasons for denying access. 7. Changes to This Policy CFA may change this Policy at any time for any reason. 8. Complaints If you believe that your privacy has been infringed, you are entitled to file a complaint with CFA. All complaints must be in writing and sent to CFA’s Privacy Officer by email to privacyofficer@cfa.org or by mail to the address below. CFA will inform you within 14 working days of receipt who will be responsible for managing your complaint. CFA will attempt to respond to the complaint within 30 working days. When this is not possible, CFA will inform you how long CFA anticipates it will be before CFA can respond to the complaint. The Cat Fanciers’ Association, Inc. Attention: Privacy Officer 260 East Main Street Alliance, OH 44601 |