LSTA WEBSITE PRIVACY POLICY – UPDATED OCTOBER 2024
This privacy policy (“Privacy Policy”) describes how the LSTA, Inc. (collectively, the “LSTA”, “we”, “us”, or “our”) collects, uses, and shares Personal Information that we obtain through your use of our website and social media services (“Services”). If you are a resident of California, please also review the California Privacy Notice. If you are a resident of the European Economic Area (“EEA”) or the United Kingdom (“UK”), please review the EEA/UK Privacy Notice. By clicking “I agree” or using the Services, you agree to be bound by the terms of this Privacy Policy and any updates posted here from time to time.
1. COLLECTION OF PERSONAL INFORMATION
We may collect the following types of information about you when you interact with the Services (collectively, “Personal Information”):
- Contact information, such as your email address;
- Details you provide to us in registration forms and surveys;
- Data about your use and interaction with the Services that does not identify you personally (such as IP address, browser type, the make and model of device used to view the Services, the referring webpage, and pages visited;
- Certain information about how you use our Services such as your Internet Protocol (IP) address, device and browser type, operating system, URL of the website you visited immediately prior to using our Services, and other statistics, all of which is automatically recorded (“System Data”); and
- Data collected through cookies and data analytics as further described below.
2. USE OF PERSONAL INFORMATION
We generally use your Personal Information for the following purposes:
- To administer and improve the Services, including product development, content improvement, and statistical analysis of user behavior;
- For editorial and feedback purposes;
- To comply with applicable laws and regulations;
- To respond to your requests submitted in correspondence you send to us;
- For marketing, advertising, and promotion of LSTA products and services, as well as products and services of third parties, that we think you may be interested in; and
- Any other purposes that may arise from time to time and for which we will obtain your specific consent.
System Data on your home servers is aggregated for internal review and then deleted when our review is complete. Other Personal Information may be added to the LSTA’s databases and used for future calls and mailings regarding site updates, new products and services, upcoming events, and status of orders placed online.
3. COLLECTION OF PERSONAL INFORMATION FROM CHILDREN
The Services are not intended for use by or directed to anyone under the age of 18. We do not knowingly collect Personal Information from anyone under the age of 18. If you believe that anyone under the age of 13 has provided us with Personal Information, then please contact us with sufficient detail to enable us to delete that information.
4. SECURITY OF PERSONAL INFORMATION
We employ appropriate administrative, technical and operational safeguards designed to protect the security of Personal Information submitted through the Services. These measures are aimed at providing ongoing security, integrity, and confidentiality of Personal Information; however we cannot and do not guarantee or make any representations regarding the security of your Personal Information.
5. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. When we update this Privacy Policy, we will notify you by updating the “Last Updated” date above. We recommend that you review this Privacy Policy periodically to stay informed of our privacy practices. Your continued use of the Services after we make changes is deemed to be acceptance of those changes. The LSTA may contact you from time to time regarding membership status and changes to the subscriber agreement, Privacy Policy, or any other policies or agreements relevant to site visitors.
6. RETENTION
We retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy and to the extent permitted by applicable legal requirements.
7. CONTACT US
If you have any questions about this Privacy Policy, please email us at connect@lsta.org.
CALIFORNIA PRIVACY NOTICE
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), provides California residents with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights. The CCPA provides California residents with specific rights regarding their Personal Information. This section (the “CCPA Notice”) describes your CCPA rights and explains how to exercise those rights.
We give you notice that we collect the following types of Personal Information about California residents, and use and disclose it as set forth below. This CCPA Notice will be updated annually, and our current privacy notices at the point of collection, and general privacy policies, may reflect more current practices. In particular, we have collected the following categories of Personal Information from consumers in the preceding twelve (12) months:
CATEGORY | EXAMPLES |
---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
C. Internet or other electronic network activity information. | Browsing history, search history, information on a consumer’s interaction with a website application, or advertisement. |
D. Geolocation data. | Physical location or movements. |
SOURCES OF PERSONAL INFORMATION
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from you or from your device, such as when you complete forms;
- From third-party services;
- From vendors and suppliers; and
- Indirectly from you, such as observing your actions on our Services
HOW WE SHARE AND DISCLOSE YOUR INFORMATION
Generally, we collect, retain, use, and disclose your Personal Information to provide you with the Services and as otherwise related to the operation of our business. We will share the Personal Information collected from and about you over the past twelve (12) months for various business purposes. Over the past twelve (12) months, we have not sold your Personal Information. The chart below explains the categories of information that we may share with third parties and the categories of those parties.
THIRD PARTIES WITH WHICH WE SHARE INFORMATION AND WHY | CATEGORIES OF INFORMATION SHARED |
---|---|
Third Parties for Legal Requirements and Proceedings. We may disclose information to law enforcement authorities or other government officials if we are required to do so to comply with subpoenas, court orders, legal process or other law enforcement or government measures, and to comply with other legal obligations. We may disclose information if we believe disclosure is necessary or appropriate in connection with an investigation of suspected or actual fraudulent or illegal activity. | Any or all categories of information may be shared with third parties for legal requirements and proceedings, depending on the specific legal requirements |
Third Parties for the Protection of our Services and Users. We may disclose information to protect and defend the rights, interests, and safety of the Services, our subsidiaries and affiliates, and their employees, contractors and agents; to protect the security and safety of our users of the Services, including when we believe disclosure is necessary to prevent physical harm or financial loss. | Any or all categories of information may be shared with third parties for legal requirements and proceedings, depending on the specific legal requirements |
Third Parties in Business Transfers. We may disclose information in connection with a proposed or completed corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets. | Any or all categories of information may be shared with third parties in a business transaction, depending on the specific transaction |
Third-Party Online Advertisers and Ad Networks. TheServices may rely on third-party advertising technologies that allow for the delivery of relevant content and advertising on the Services, as well as on other websites you visit and other applications you use, and these technologies will collect certain information from your use of the Services to assist in delivering such ads. | Identifiers Internet Data Geolocation Data |
Service Providers. We may share information with third parties that provide us with services in order for us to provide the Services to you. | Identifiers Internet Data Geolocation Data |
RIGHTS OF CALIFORNIA RESIDENTS
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information on or after January 1, 2022, including beyond the 12-month period preceding our receipt of your request (the “right to know”), unless doing so proves impossible or would involve disproportionate effort. Once we receive your request and confirm your identity, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Right to Correct
You have the right to request that we correct inaccurate Personal Information that we have collected. Once we receive your request and confirm your identity, we will use commercially reasonably efforts to correct the inaccurate Personal Information. We will also take into account the nature of the Personal Information, as well as the purposes in processing said information. If necessary, we may also require you to provide documentation to rebut our own documentation that the Personal Information that we have stored is accurate.
Non-Discrimination
We will not discriminate against you for exercising any of your rights outlined hereunder. Unless permitted by applicable law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes and the identity of those third parties. The “Shine the Light” law is not triggered by disclosures of Personal Information that are:
- For electronic storage purposes;
- Used for maintaining or servicing our business accounts;
- Involve public information related to the right, title or interest in real property, where such information was not provided directly by the customer to our company during an established business relationship;
- Made to third parties for the joint offering of a product or service, subject to certain conditions;
- Made to a consumer reporting agency regarding a customer’s payment history, provided the information will be used in, or used to generate, a consumer report (where the use of the information is limited by the Fair Credit Reporting Act; or
- Made to a financial institution solely for the purpose of obtaining payment for a transaction, even if our company knows that the third-party financial institution has used the Personal Information for its direct marketing purposes.
EXERCISING YOUR RIGHTS
If you are a California consumer, you can exercise your right to know, right to delete, or right to correct as set forth in this section. Only you, or someone legally authorized to act on your behalf (an “authorized agent”), may make a request to know, delete, or correct related to your Personal Information. To designate an authorized agent, please provide us with your contact information, the contact information of your authorized agent, and a description of how and when your authorized agent will be reaching out to us (to the extent known).
To make a request to know, delete or correct, please submit your request to us by either:
- Emailing us at connect@lsta.org.
- Calling us at 212-880-3000.
We will confirm receipt of your request within 10 days. In response to a verifiable request, we will attempt to deliver the required information free of charge within 45 days. If we need additional time to respond to your request, then we will notify you and respond within 90 days of the request. Any disclosures by us will cover only the 12-month period preceding our receipt of the request.
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
VERIFYING YOUR REQUEST
In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected Personal Information about or a person who has been duly authorized to make the request on behalf of the consumer. For a request for specific pieces of Personal Information, we are required to verify a consumer’s identity to high degree of certainty, which may include matching at least three data points provided by the consumer with data points maintained by us, which we have determined to be reliable for the purpose of verifying the consumer together with a signed declaration under penalty of perjury that the requestor is the consumer whose Personal Information is the subject of the request.
To verify your identity, we ask that you to provide us with, at minimum, email used to interact with us. We reserve the right to request additional information in order to verify your identity
OTHER CALIFORNIA NOTICES
Some websites have “do not track” features that allow you to tell a website not to track you. We do not currently respond to those signals or any similar mechanisms transmitted by web browsers. To learn more about DNT and tracking signals, please visit All About DNT.
EEA/UK Privacy Notice
This section of the Privacy Policy describes how we process Personal Information relating to individuals in the EEA and the UK in accordance with:
- the EU General Data Protection Regulation ((EU) 2016/679) (“EU GDPR”) – in respect of individuals in the EEA; and
- the UK General Data Protection Regulation as defined by the Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, along with the Data Protection Act 2018 (“UK GDPR”) – in respect of individuals in the UK.
The EU GDPR and the UK GDPR are referred to together as the “Data Protection Legislation”.
This section supplements the other provisions of this Privacy Policy and applies only to individuals in the EEA and the UK. Capitalized terms used but not defined herein have the meaning set forth in the Privacy Policy.
YOUR RIGHTS
The Data Protection Legislation generally provides individuals with rights in relation to the processing of their Personal Information. These include rights (subject to certain limitations) to information relating to such processing, to access such Personal Information, to object to the processing, to rectify, erase, restrict and to port such Personal Information. You can seek to exercise any of these rights or make any other enquiry about our use of your Personal Information by contacting us at any time at connect@lsta.org.
Our aim always is to process Personal Information fairly, lawfully and transparently. However, if you are unhappy with the information provided in this Privacy Policy or have questions or concerns regarding this Privacy Notice, please contact us. If you remain dissatisfied you may raise your unresolved issues directly with the data protection regulator in your jurisdiction. If you are a resident in the EEA, you can find your data protection regulator here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you are a resident in the UK, you can find your data protection regulator here: https://ico.org.uk/.
SPECIAL CATEGORY PERSONAL DATA
Some of the information you provide us may constitute special category “Personal Data” as defined in the Data Protection Legislation (also referred to as special categories of Personal Data), including identification of your race or ethnicity on government-issued identification documents.
LEGAL BASES FOR PROCESSING
We will only use your Personal Information as permitted by the Data Protection Legislation. We are required to inform you of the legal bases of our processing of your Personal Information. We have set out below a description of all the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so.
If we rely on consent as the lawful basis for processing your Personal Information, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of processing based on consent before the point at which you withdrew your consent.
If we rely on legitimate interests we make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by applicable law).
PURPOSE | LAWFUL BASIS FOR PROCEESSING |
---|---|
To provide our Services | Performance of a contract with you |
Allow you to participate in certain features of the Services | Performance of a contract with you Necessary for our legitimate interests in providing an enhanced customer experience |
Improve the Services or our events and for other business or commercial purposes | Necessary for our legitimate interests to improve our Services and strategy |
Optimize your experience on the Services | Performance of a contract with you Necessary for our legitimate interests in providing an enhanced customer experience |
Notify you about changes to the Services (including this Privacy Policy) | Performance of a contract with you To comply with legal obligations |
Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering, sanctions, and anti-terrorism; comply with legal processes such as bankruptcy or insolvency; and respond to requests from public and governmental authorities (including those outside your country of residence) | To comply with legal obligations Necessary for our legitimate interests in complying with regulatory requests, legal processes, court orders and other request from public and governmental authorities |
Establish and defend our legal rights | Necessary for our legitimate interests to protect us and you, and allow us to offer the Services |
To respond to an inquiry or request from you | Consent |
For marketing purposes, including to provide you with additional information regarding products, events, promotions, and services that may be of interest to you | Necessary for our legitimate interests to let you know about our Services Consent, where required by applicable Data Protection Legislation |
CHANGE OF PURPOSE
We will only use your Personal Information for the purposes for which we collected it, unless we consider that we need to use it for another purpose and that new purpose is compatible with the original purpose, permitted under the Data Protection Legislation or we have obtained your consent in relation to processing your Personal Information for such new purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Information for a new purpose, we will notify you and we will explain the legal basis which allows us to do so.
The Personal Information which we collect from you and which we process for the purposes set out in this Privacy Notice may be held and transferred outside the EEA where appropriate and necessary in accordance with our legitimate interests, such as to the United States. Personal Information may also be processed by the LSTA, or by one of our suppliers or agents, operating outside the EEA. Such persons or entities may be engaged in, among other things, the processing of your payment details or the provision of support services.
If and when making such transfers outside the EEA, we will take all steps reasonably necessary to ensure that your Personal Information is managed securely and in accordance with this Privacy Policy and applicable Data Protection Legislation. Please contact us for more information on the specific mechanism used by us when transferring your Personal Information out of the EEA or UK.