Privacy Statement

IIBA MSP Privacy Policy

The IIBA MSP MSP chapter know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about how we collect, store, use and disclose information about you when you interact or use our websites (collectively the “IIBA MSP® sites”) or any related events, trade shows, sales or marketing, and/or if you use any of our products, and services (collectively the “Services”) in any manner.
Who are we and what do we do?
The goal of the International Institute of Business Analysis MSP Chapter is to develop and maintain standards of business analysis for the certification of practitioners in Minnesota

To communicate with members and promote the goals of the organization, IIBA MSP uses a variety of methods including local meetings, conferences, the official IIBA website, our local Chapter websites, newsletters and email communications, most of which require the use of a member’s personal information.
What does this Privacy Policy cover?
This Privacy Policy covers our treatment of information that we gather when you are accessing or using our IIBA MSP sites or Services or when you contact us in any manner. We gather various types of information, including information that identifies you as an individual (“Personal Information”) from our users, as explained in more detail below.

Does IIBA MSP collect Sensitive Data?
“Sensitive Data” means personal data or information that discloses an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, criminal proceedings, biometrics, and data concerning health.
We do not intentionally collect - and will not request - Sensitive Data. If an IIBA MSP employee discovers that we have received Sensitive Data, the employee will inform a designated contact within our company who will assess the processing of such data.

What information does IIBA MSP Collect?
Information that we collect can be classified as Personal Information or Personal Data. This information is categorized into information that you provide to us and the data that we collect automatically.
Information You Provide to Us:
When you use our IIBA MSP sites or Services, we receive and store information you provide directly to us. The types of information we may collect directly from you includes: first name, last name, user names, email addresses, postal addresses, phone numbers, job titles, transactional information (including Services purchased), event attendance, video and pictures as well as any other contact or other information you choose to provide us or upload to our systems in connection with our Services.

When using our Services and executing a financial transaction with us online (e.g., membership, donations, online conference registration) we never collect your financial information. We only retain information that the financial transaction has successfully completed. Online financial transactions, such as credit card payment, are processed with PCI compliant third party providers.

Data We Automatically Collect:
When you use the IIBA MSP sites, we automatically collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited. Collecting this information may include the use of cookies. For more information on how IIBA MSP uses cookies please review the IIBA MSP Cookie Policy.

In addition to cookies, we also keep track of user activity on the IIBA MSP sites through application audit controls and log files. 

How do we use your Personal Information?
We use the personal information we collect under this Policy for our legitimate business interests, which include:

  • Provision of Services: To provide and operate our IIBA MSP sites and Services, fulfill your orders and requests, process your payments, for bug and error reporting and resolution, to perform upgrades and maintenance, and for similar purposes.
  • Customer Support: To communicate with you about your use of the Services; respond to your communications, complaints and inquiries; provide technical support; and for other customer service and support purposes.
  • Personalization: To tailor content we send or display to you to offer location customization and personalized help and instructions, and to otherwise personalize your experience using the Services.
  • Marketing and Promotions: For marketing and promotional purposes. For example, we may use contact information such as your email address to send you newsletters, special offers or promotions, or to otherwise contact you about IIBA MSP products or information we think may interest you. If you are in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. You may opt out of receiving marketing emails by following the opt-out instructions in the email. We may still email customer service and transaction-related communications, even if you have opted out of receiving marketing communications.
  • Advertising: To assist in advertising the Services on third party websites.
  • Analytics and Improvement: To better understand how users access and use the Services, and for other research and analytical purposes, such as to evaluate and improve the Services and to develop additional products, services, and features.
  • Protect Legal Rights and Prevent Misuse: To protect the Services; prevent unauthorized access and other misuse; and where we believe necessary to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms and Conditions or this Policy.
  • Comply with Legal Obligations: To comply with the law or legal proceedings; for example, we may disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements.
  • General Business Operations: Where necessary to the administration of our general business, accounting, record keeping, and legal functions.


How do we share and disclose information to third parties?
We do not rent, trade or sell your Personal Information to anyone. We may share and disclose information (including Personal Information) about our users in the following limited circumstances:

  • Vendors, consultants and other service providers:  

o We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback and surveys (e.g. Survey Monkey, Formstack), CRM service providers (e.g. MS Dynamics, Salesforce), or email service providers (e.g. Informz) and others.
o If IIBA MSP has received your Personal Information and subsequently transfers that information to a third-party agent or service provider for processing, IIBA MSP shall remain responsible for ensuring that such third-party agent or service provider processes your Personal Information to the standard required by our Privacy commitments. Unless we tell you differently and you consent, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.

  • Other IIBA MSP Entities: 

o We may also share your personal information with our affiliated chapters and other IIBA MSP entities for purposes consistent with this Privacy Policy and your IIBA MSP sites profile preferences.

  • Protection of IIBA MSP and Others: 

o We reserve the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of IIBA MSP, our employees, our users, or others.

  • Disclosures for National Security or Law Enforcement: 

o Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Is Personal Information about me secure?
We use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.  Unfortunately, no company or service can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

How long do we keep Personal Information? 
We keep your personal information for as long as reasonably necessary for the purposes set out above. We will retain your account profile data as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other business administrative purposes). However, we will maintain your personal information longer where required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need to retain, though we will generally not keep personal information for longer than seven years following the last date of communication with you. Legitimate business purposes that we may rely on to keep your personal information when you are not a customer include direct marketing (where you have not opted-out) for up to two years, facilitating the restoration or establishment of a user account in the future, maintaining business intelligence systems for analytics and other internal purposes, etc. Where your information is no longer required, we will ensure it is disposed of in a secure manner.

Your Privacy Rights
What choices do you have?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our Services.

Some of our web site may make use of "cookie" technology to measure site activity and to customize information to your personal tastes. A cookie is an element of data that a Web site can send to your browser, which may then store the cookie on your hard drive. So, when you come back to visit us again, we can tailor information to suit your individual preferences. The goal is to save you time and provide you with a more meaningful visit.

Marketing Communications
You can opt-out of receiving promotional or marketing communications from us at any time, by using the unsubscribe link in the email communications we send.  

If you have any account for our Services, we will still send you non-promotional, service related communications including but not limited to transactional confirmations, invoices, and other operational emails.

How can I update and access my information?
If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right (see below) available to you, please email us at [email protected].

Our Membership team will examine your request and respond to you as quickly as possible!

Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Rights for users
Individuals have the following rights with respect to their personal information:

  • Access. You can ask us to confirm whether we are processing your personal information; give you a copy of that data; and provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
  • Rectification. You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
  • Erasure. You can ask us to erase your personal information, but only where it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see 'Objection' below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
  • Restriction. You can ask us to restrict (i.e., keep but not use) your personal information, but only where its accuracy is contested (see 'Rectification' above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal information following a request for restriction where we have your consent; to establish, exercise, or defend legal claims; or to protect the rights of another natural or legal person.
  • Objection. You can object to any processing of your personal information which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal information for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal information for direct marketing purposes.
  • Portability. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
  • Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal information which is based upon a consent which you have previously provided

Linked Websites
For your convenience, hyperlinks may be posted on the IIBA MSP® sites or Services that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the IIBA MSP sites. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy policy of each Linked Site that you visit to understand how the information that is collected about you is used and protected.

Children’s Personal Information
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at [email protected]

Will IIBA MSP ever change this Privacy Policy?
We’re constantly trying to improve our IIBA MSP sites and Services, so we may need to change this Privacy Policy from time to time as well. We will alert you to material changes by, for example, placing a notice on our IIBA MSP® sites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. You can see when this Privacy Policy was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Privacy Policy.

What if I have questions about this policy?
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to [email protected], and we will try to resolve your concerns.

Effective September 2018