Advanticom, Inc. (“Advanticom”, “we”, “us” and “our”) complies with the ISO (International Organization for Standardization) 27001 a standard in ISMS (Information Security Management Systems) as set forth by the International Organization for Standardization (https://www.iso.org). A-lign has certified that Advanticom adheres to the ISO principles with respect to such data. As part of our efforts, Advanticom has prepared this Privacy Policy to provide data subjects with important information about the personal data we collect, receive, transfer, and process while operating our business and providing our products and services. If there is any conflict between the policies in this privacy policy and data subject rights under the ISO 27001, the ISO 27001 shall govern. To learn more about the ISO 27001 certification, please visit https://www.iso.org/. Advanticom may have potential liability in cases of onward transfer to third parties. Please direct any privacy inquiries or complaints to privacy@advanticom.com.
In this Privacy Policy, you will find information about the types of personal data we collect regarding you (“you”, “your”), how and why we process such personal data, with whom we may share such information, as well as how we protect your information.
In this Privacy Policy, we also describe the processes by which you may contact us in order to exercise your rights, in accordance with applicable law, to: (1) access, correct, restrict, or delete your personal data; (2) object to the processing of certain aspects of your personal data; and (3) ask any questions you may have about our privacy practices. Please take note as well that certain of the practices described in this Privacy Policy are necessary and/or integral, to our operations and our provision of products and services that you request from us. Where specifically noted below, exercising your rights as described herein may affect our ability to continue providing products and services as requested.
1. Data Controller and Data Protection Officer For purposes of the European Union General Data Protection Regulation (the “GDPR”), Advanticom is the data controller (the “Data Controller”) for the processing of Personal Data as set forth herein.
You may contact our Data Protection Officer as follows: Advanticom
c/o Data Privacy Officer – Keith Arnold
191 Wyngate Drive
Monroeville, PA 15146
United States of America
Phone: 412-385-5000
Email: privacy@advanticom.com
Website: http://advanticom.com/
2. Personal Data & Special Categories of Data
For the purpose of performing Advanticom’s information and related services with respect to information and technology support. As further detailed below, the “Services”, we collect the types of personal information described below (“Personal Data”). For users outside of the United States information is only stored if the need is necessary to complete to our operations and our provision of products and services that you request from us. Once service request is complete all data is deleted and/or destroyed. There are no repositories kept for extended storage for users outside the United States except for items legally binding in nature that are necessary to complete our operations and our provision of products and services that you request from us such as contracts, process documents, etc. Users protected by GDPR can obtain copies by reaching out to our Data Protection Officer at privacy@advanticom.com.
Personal Information – We collect personal details about you, including without limitation legal name, place of employment, location of employment, work phone numbers, mobile numbers, work email addresses and additional employment-related information (including without limitation computer usage information, access logs and information, etc.).
3. How We Obtain Personal Data
We collect Personal Data in a variety of ways including, without limitation: via phone call, our website (including without limitation when you log a ticket, purchase a product or service, register for a conference or event, submit your name for employment with us, etc.), information submitted via email, physical mail, online or physical questionnaires or forms, business cards collected by Advanticom and/or our affiliates or service providers while at events, conferences, or otherwise, orally, or otherwise collected by us during our provision of services in the ordinary course of business. We may also collect Personal Data from third-party sources, with the understanding that we take steps to obtain assurances from such sources that you gave your consent to the sharing of such information when you provided such information to such third party.
4. Personal Data Processing and Data Retention – Subject always to your rights as set forth in Section 9 below:
- Advanticom Services – “Advanticom Services” hereunder include: Advanticom services for individuals and entities who have registered and paid for managed services, attended one of our conferences or events hosted by Advanticom, or for others, industry certifications for individuals and entities (including publishing a searchable, internal directory of certified individuals and entities). We use Personal Data that we collect hereunder as necessary to provide the Advanticom Services as requested by you, including without limitation processing applications and registrations to participate in Advanticom Services (membership, certification, classes, conferences, etc.) communicating with you about the Advanticom Services, and providing you with the benefits of Advanticom Services.
- In all cases we will ask for your express consent to our inclusion of your Personal Data in directories (for example, when required we will ask for you consent to include specified Personal Data in an attendee directory provided to internal employees when you register to attend one of our conferences or other events).
- Accounting and Billing – We may use Personal Data for our own administrative, accounting, and business needs including billing, invoicing, internal accounting, and record-keeping requirements as well as other related administrative and business purposes. Certain processing is undertaken as necessary to complete a contract for services (collecting payments, making payments for authorized transactions such as membership fees, registration fees, payment for services rendered, etc.). In other instances, our processing of Personal Data as described in this paragraph is required for us to fulfil legal obligations to which we are subject (e.g., record keeping mandated by applicable law).
- Advanticom Service Roles – As part of the Services, we hire and/or locate employees, interns, contractors, and speakers, and may grant certain people access to internal client information as necessary to provide the Advanticom Services as requested by you, including without limitation processing applications and registrations to participate in Advanticom Services (membership, certification, classes, conferences, etc.) and communicating with you about the Advanticom Services and providing you with the benefits of Advanticom Services. We use Personal Data that we collect hereunder as necessary in connection with the Advanticom Service Roles as may be requested by you from time to time, including without limitation communicating with you about the Advanticom Service Roles, sharing your name and other Personal Data to identify you as a candidate for negotiating a contract for services provided by Advanticom, paying you (if applicable) in connection with the Advanticom Service Roles, and otherwise as necessary in connection with the Advanticom Service Roles.
- Legitimate Interests – We may also use Personal Data collected hereunder in circumstances other than as expressly described above in connection with the services we provide and/or our own operations; provided, however that any such additional processing may only occur when there is a legitimate interest to do so that is not overridden by your data protection rights as required by applicable law. The types of processing/uses contemplated hereunder may include, without limitation, for our own administrative and business needs, audits and self-assessments for compliance with applicable laws, regulations, court order, and applicable firm or Employer policies, for information technology purposes including without limitation trouble shooting, business continuity, disaster recover, data backup and recovery.
- Any phone numbers collected for SMS consent will not be shared for marketing purposes. If phone numbers were collected to send an SMS, this consent cannot be shared or disclosed to another company.
- Personal Data Retention – We generally retain Personal Data in accordance with and for the time periods required by our document retention/filing polices and applicable retention requirements imposed on us by applicable law, rule, regulation, or court order, unless there is reasonable basis for retaining such data for a longer period (including, without limitation, in connection with the establishment, exercise or defence of legal claims).
5. Optional Data Processing. In addition to processing Personal Data in the ways set forth above, you may also choose to allow us to use certain Personal Data at your direction and/or with your express consent, as detailed below. The types of data processing described in this Section 5 are not necessary or integral to the performance of Advanticom Services and we will not use Personal Data for such optional purposes except as expressly set forth in this Section 5;
- Information Requested – If you request information about us or our products and/or services, you may elect to provide Personal Data. We will use such Personal Data to respond to your request.
- Marketing (Consent) – From time to time we may offer you the option of signing up, or having us sign you up, for various mailing lists, emailing list or other directory-related list used to send communications from us for purposes of keeping our members and prospective members updated with respect to developments in our Services, our industry, conferences that we or our service providers operate, or otherwise (“Marketing Updates”). In order to register you on such lists, we will ask for your Personal Data. We will specifically ask for your consent to use such Personal Data on an opt-in basis and contact you with such Marketing Updates from time to time.
- Information Provided by Non-Members – From time to time customers of our services or products and visitors to our websites, conferences and other events (in each case who are not members of ours), may provide us with Personal Data, and we may keep such Personal Data and use it to market and communicate with such persons about our products and services; provided that we will ask for your express consent to use such Personal Data for such purposes.
6. Onward Transfers – Data We Share With Others. We will not sell, share, transfer, disclose, rent, use, or distribute Personal Data hereunder for purposes other than as set forth in this Privacy Policy unless required by law or as expressly authorized by a Data Controller as described above.
- Performance of Services – In order for us to perform Services we disclose Personal Data hereunder to third parties as we may be directed in the course of providing Services.
- Service Providers (Consent) –We may provide Advanticom Services, or otherwise process Personal Data as detailed above, using third-party service providers we have retained to support us. Such service providers include, without limitation, those who assist us in providing information technology services, training, audits, magazine circulation, backing up of Personal Data, billing services, membership certifications and other similar services. These entities may be located inside, or outside, the European Economic Area. We take steps to require that such service providers protect Personal Data transferred to them in a manner that is consistent with this Privacy Policy. The information shared with each is limited only to that information required for that entity to fulfil its role in assisting us with the performance of the actions described above. Where we have knowledge that a service provider processes your Personal Data in a manner contrary to this Privacy Policy, we will take reasonable steps to prevent or stop such processing. Where applicable law requires us to obtain your consent to use such third-party service providers, you acknowledge that refusal to provide your consent, or withdrawal of your consent, may affect or prevent our ability to provide Services, and that our engagement may need to be terminated for lack of such consent.
- Exigent Circumstances – In addition to the disclosures set forth above, we will disclose Personal Data about you: (1) if we are required to do so by law or legal process, (2) to law enforcement authorities or other government officials, (3) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity; or (4) if necessary to protect the vital interests of any person.
7. Transfer of Personal Data Outside of the EEA.
- Advanticom is Headquartered In the United States – Advanticom processes Personal Data as described above in our home country, the United States of America. The United States of America is a country outside of the EEA (a “third-country”) that is not the subject to a European Commission finding of adequacy (the European Commission has not found that U.S. laws ensure an adequate level of protection for personal data with reference to the GDPR). When applicable, we process Personal Data in the U.S. based on our participation in the EU-US Privacy Shield. Otherwise, we process Personal Data in the U.S. based on your consent.
- Transfers to Other Third-Country Transferees – Personal Data may be shared with third-country transferees for the purposes described in this Privacy Policy. When required by GDPR, we may transfer Personal Data to third-country transferees on the basis of: (1) standard contractual clauses for data protection which have been approved for as the basis for transfers of Personal Data to third-countries by the European Commission; (2) binding corporate rules or codes of conduct approved under the terms of the GDPR; (3) when we transfer Personal Data to other organizations in the U.S., we may rely on those other organization’s participation in the EU-US Privacy Shield; or (4) the fact that the European Commission has issued a finding of adequacy with respect to privacy laws in such third country transferee’s jurisdiction. For further information, including to obtain a copy of the applicable documents used to protect your information as set forth above, please contact us as described above.
8. Tracking and Traffic Data
In addition to Personal Data that we collect hereunder, we may, through our website, collect data generated automatically by traffic our website (“Traffic Data”). Traffic Data may include, without limitation, internet protocol address(es), operating system(s) and browser specifics of your device, device characteristics, geographic (geo-location) information, user ID(s), clickstream data, and specifics regarding your interactions with (i.e., the path you take through) the website. Traffic Data may also include your mobile device information (e.g., device model, operating system version, device date and time, unique device identifiers, mobile network information) and how you use the website. These types of information do not generally identify or relate to you as an individual; however, we may associate these types of information with you as an individual.
Our website may require you to accept session “cookies” to provide customer experience and efficiencies such as enabling you to login, personalizing your experience, and/or automatically filling in standard information on return visits. “Cookies” are small pieces of information that are stored locally on your device by your browser and passed back to the server whenever a request for a new page on the site is made. The session cookie is never saved or written to disk. It is discarded when the browser exits, when you log out of the website, or when you have not visited a page on the website for a given period, for example 60 minutes. Most web browsers automatically accept session cookies, but most browsers also allow you to configure your web browser to refuse them or to notify you before a cookie is set. You also can manually view (and delete) any cookies stored on your computer. If you do not allow session cookies to be set, you may not be able to use our website, access the full content otherwise available through our website and/or use the full features and functionality of our website.
Our website may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies” to help the website analyze how users use and view the website. Any information generated by the cookie about your use of our website (including your IP address, and particulars about your browser and configuration as reported by your browser) may be transmitted to and stored by Google on servers in the United States. Please note any information collected by Google Analytics cookies do not include personalized identification information (such as names, e-mail addresses, and payment information). Google may use the information collected for the purpose of enabling us to evaluate your use of our website, certain aspects of your user experience thereon, compiling reports on activity for us and providing other services relating to our website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. More information on the Google Analytics cookies are available from Google at: https://policies.google.com/technologies/cookies?hl=en-US
9. Your Rights and Options
- Generally – If you have any questions or concerns about our privacy practices or the Personal Data we store and process about you, please contact us as outlined herein.
- If you are based in the European Economic Area (“EEA”) – You have rights under the GDPR to: (i) access your Personal Data by asking us in writing for a copy of your Personal Data; (ii) to review and correct inaccuracies in your Personal Data; (iii) delete Personal Data that is no longer necessary or relevant; (iv) restrict processing of your Personal Data; and (v) to receive a copy of your Personal Data in a structured machine-readable format. Additionally, you can object to the continued processing of your Personal Data hereunder in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Likewise, where we rely solely on your consent as our grounds for processing your Personal Data above, you may withdraw your consent at any time; subject to the limitations and disclosures set forth above regard the effect such demands or withdrawals may have on our ability to continue providing the products and/or services in the manner originally requested.
- Privacy Shield Complaints, Concerns, Recourse – If you have unresolved concerns about the processing of your Personal Data, you may have the right to complain to a data protection authority where you reside, where you work or where you believe there has been an infringement of data protection laws, all in accordance with, and subject to, applicable local law.
- In compliance with the EU-US Privacy Shield Principles, Advanticom commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data subjects, whose personal data is subject to GDPR, with inquiries or complaints regarding this privacy policy should first contact Advanticom at the address located in Section 1.
- Advanticom has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) regarding unresolved Privacy Shield complaints concerning data transferred from the EU.
- Under certain, specific conditions, individuals have the possible additional recourse of invoking binding arbitration before a Privacy Shield Panel (arbitral body), created by the US Department of Commerce and the European Commission.
You may also object to processing that is described above as being based on our legitimate interests alone. In such instances, our business interests must be found to be compelling and to not jeopardize your individual rights before further processing may continue.
Your rights above are subject to certain limitations under the GDPR.
In order to meet our obligations under applicable law, we may take reasonable steps to verify your identity before responding to demands as set forth in this Section 9.
If you have unresolved concerns about the processing of your Personal Data, you may have the right to complain to a data protection authority where you reside, where you work or where you believe there has been an infringement of data protection laws, all in accordance with, and subject to, applicable local law.
11. Do Not Track – Do Not Track (DNT) is a privacy preference that you can set in certain web browsers. When you turn on DNT, the browser may send a signal or other message to web services requesting that they not track you. At this time, our information collection practices will continue to apply as described in this Privacy Policy, regardless of any DNT signals that are sent by certain browsers or selected by you. For more information about DNT, please visit AllAboutDNT.org.
HOW TO CONTACT US
In order to exercise your rights hereunder, if you have any questions about this Privacy Policy and/or our processing of Personal Data, you may contact us in accordance with the information set forth in Section 1 above.
Last updated August 27, 2024