Privacy Policy

Introduction

We are The International Association of Crime Analysts (IACA), an all-volunteer, 501(c)3 non-profit organization registered in the State of Kansas, United States of America with corporation number #JVFMEZ1MK179, whose registered address is at 9218 Metcalf Avenue #364 Overland Park, Kansas 66212.  In this privacy notice we will refer to ourselves as ‘we’, ‘us’ or ‘our’.

We take the privacy, including the security, of personal information we hold about you seriously.  This Privacy Policy is designed to inform you about how we collect personal information about you and how we use that personal information.  You should read this Privacy Policy carefully so that you know and can understand why and how we use the personal information we collect and hold about you.

This Privacy Policy (the “Policy”) is designed to assist you in understanding how we will process your personally identifiable information (“Personal Data”) on our website located at iaca.net (the “Website”).

We do not have a Data Protection Officer, but if you have any questions about this privacy notice or issues arising from it then you should contact [email protected], who is responsible for matters relating to data protection at our organisation, including any matters in this Policy. 

We may update this Policy from time to time.  This version was last updated on 1 July 2022. You should visit this page occasionally to ensure you agree with any changes. We will post our revised Policy on this web page and update date above to reflect the date of the changes. By continuing to use our Website after we post any such changes, you agree that you accept the Policy as modified.

Data Controllership

In the context of this Policy, we act as a Data Controller for the Personal Data that we process, that is to say we are responsible for deciding how personal information is collected and stored and how it is used.

Basis of Processing

Within the scope of this Policy, we may rely on one or more of the following legal grounds for processing of your Personal Data:

  • your consent;
  • the need to perform our obligations under a contract or to perform related pre-contractual duties;
  • the legitimate interests pursued by us, such as to recruit new members, as well as to retain the data of previous members to facilitate re-enrollment; and
  • any other ground, as required or permitted by law in the specific respective context.

We are only able to use your personal information for certain legal reasons set out in data protection law.  There are legal reasons under data protection law other than those listed below, but in most cases, we will use your personal information for the following legal reasons:

  1. Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specific reasons
  2. Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you
  3. Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests
  4. Legal Obligation Reason: this is where we have to use your personal information in order to perform a legal obligation by which we are bound.

Please note that you may withdraw your consent at any time by emailing [email protected]. This will not affect the lawfulness of processing, based on consent before the withdrawal.

Where you provide us Personal Data with regard to the performance of a contract, we require this information to be able to enter into a contract with you.

Categories of Personal Data

In this Policy we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified.  It does not apply to information which has been anonymised. Personal Data collected by us could include:
  • contact information, such as first and last name, e-mail address, phone number, organisation and billing address
  • account information, including username
  • events attendance data, e.g. training courses, conference
  • online purchases, e.g. store, renewals, training courses
  • certification data
  • survey information/feedback
  • subscription preferences
  • sponsorship commitments
  • proposal submissions;
  • your use of our website and technical data which we collect (including your IP address, the type of browser you are using and the version, the operating system you are using, details about the time zone and location settings on the device and other information we receive about your device; and
  • any other type of information we may ask you for or that you may choose to provide us with.
Certain very sensitive personal information requires extra protection under data protection law.  Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.  We do not collect or hold any special information about you.
 

How We Receive Personal Data

We may receive your Personal Data through our Website. In particular, we receive Personal Data when:
  • you sign up as a member of our Association using our Website
  • you interact with our Website, e.g. when registering for an event or uploading documents for certification
  • you provide information to us by any other means which is then entered into our database by us, e.g., for the purpose of coordinating group membership.

Data Retention

We will purge/anonymize your Personal Data within 18 months of your account expiration date.
 

How we use Personal Data

We use your personal information in order to provide the services associated with the International Association of Crime Analysts.  If you do not provide us with the required personal information, we may be prevented from providing you with our services.
 
It is important that you keep your personal information up to date.  If any of your personal information changes, please contact [email protected] as soon as possible to let us know.  If you do not do this then we may be prevented from providing you with our services.
 
Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time.  If you do wish to withdraw your consent, please contact [email protected].  If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information, in which case, we will confirm that reason to you. 
 
We may share your Personal Data with other entities, including third party vendors who provide the following services:
  • membership management software
  • web development services
  • hosting services
  • cloud storage services
  • payment services
  • any other type of external services we might need for us to be able to operate our Website and to provide you with our services.
 We may share your Personal Data with these third party, for the sole purpose to enable them to perform the services for us. In providing such Personal Data, we require that those third parties maintain at least the same level of security that we maintain for such Personal Data.
 

We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information.  Please also note the following:

  • if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is
  • for some of the purposes we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances.  If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.

Purpose

Legal Reason(s) for using the personal information

To assess your eligibility for membership with International Association of Crime Analysts

Legitimate Interests Reason (in order to ensure the integrity of our Association as a community of personnel with a demonstrable interest in crime analysis)

To enroll you as a member

Legitimate Interests Reason (in order to offer you our services pertaining to crime analysis)

To process your order, which includes taking payment from you, advising you of any updates in relation to your order or any enforcement action against you to recover payment.

Legitimate Interests Reason (in order to recover money which you owe us)

To manage your membership and to notify you of any changes

Legal Obligation Reason

To comply with audit and accounting matters

Legal Obligation Reason

To improve the services, we provide

Legitimate Interests Reason (in order to improve the services for future customers and to grow our Association)

To send communications to you about your membership account and significant matters arising from the Board

Legitimate Interests Reason (in order to ensure membership account details are kept up to date and to communicate significant Board matters)

 

To send communications to you from our online forum

Legitimate Interests Reason (in order to share information from across the crime analysis community)

Consent Reason

To participate in the member directory

Consent Reason

To ensure the smooth running and correct operation of our Website

Legitimate Interests Reason (to ensure our website runs correctly)

To understand how customers and visitors to our website use the website and interact with it via data analysis

Legitimate Interests Reason (to improve and grow our Association, including our website, and to understand our member’s needs, desires and requirements)

To manage the certification process

Consent Reason

To manage the mentoring process

Consent Reason

To manage the election process

Consent Reason

To promote IACA training opportunities and managing the training process

Consent Reason

To promote IACA conference opportunities and managing the conference process

Consent Reason

To volunteer for a committee

Consent Reason

 

Under data protection laws we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) which we told you about.   If we want to use your personal information for a different purpose which we do not think is compatible with the purpose(s) which we told you about then we will contact you to explain this and what legal reason is in place to allow us to do this.
 

Other Disclosure of Your Data

We may disclose your Personal Data to the extent required by law or if we have a good-faith belief that such disclosure is necessary, in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to, in response to subpoenas, search warrants, or court orders.
 
If we must disclose your Personal Data, in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
 

Your Rights Under Data Protection Law

Under data protection laws you have certain rights in relation to your personal information, as follows:
 
  1. Right to request access: (this is often called ‘subject access’).  This is the right to obtain from us a copy of the personal information which we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used. Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
  2. Right to erasure: (this is often called the “right to be forgotten”). This right only applies in certain circumstances.  Where it does apply, you have the right to request us to erase all of your personal information.
  3. Right to restrict processing: this right only applies in certain circumstances.  Where it does apply, you have the right to request us to restrict the processing of your personal information.
  4. Right to data portability: this right allows you to request us to transfer your personal information to someone else.
  5. Right to object: you have the right to object to us processing your personal information for direct marketing purposes.  You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 4 above) and there is something about your particular situation which means that you want to object to us processing your personal information.  In certain circumstances you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
In addition to these rights, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. 
 
If you want to exercise any of the above rights in relation to your personal information, please contact [email protected].  If you do make a request then please note:
 
a)      we may need certain information from you so that we can verify your identity
b)     we do not charge a fee for exercising your rights unless your request is unfounded or excessive
c)      if your request is unfounded or excessive then we may refuse to deal with your request.
 
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union Member States.
 

Marketing

You may from time to time receive marketing from us or from third parties through our online forum about services relating to crime analysis, where either you have consented to this, or we have another legal reason by which we can contact you for these purposes. 

However, we will give you the opportunity to manage how or if we market to you. You may update your subscription preferences through the Member Portal, by logging in to your account and managing your preferences there.

If you do request that we stop emailing you, this will not prevent us from sending communications to you which relate directly to your account, and services you have requested and any matters of significance from the Board.

We do not pass your personal information on to any third parties for marketing purposes.

Use of Cookies

A "cookie" is a small file stored on your device which potentially contains (or may be linked to) information about you, your device, and your use of our Website. We may use cookies to enable your use of the Website. The use of cookies is industry standard, so your browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features of our Website. For more information, please visit https://www.aboutcookies.org/.
 

Third Party Websites

Our website contains links to third party websites.  If you click and follow those links then these will take you to the third party website.  Those third party websites may collect personal information from you and you will need to check their privacy notices to understand how your personal information is collected and used by them.

Automated Decision-Making

‘Automated decision making’ is where a decision is automatically made without any human involvement.  Under data protection laws, this includes profiling. ‘Profiling’ is the automated processing of personal data to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests and preferences).
 
We do not perform automated decision-making activities.

Data Integrity and Security

We have implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect your Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

Privacy of Children

Neither our Association or Website is not directed at, or intended for use by, children under the age of 13. We do not knowingly allow anyone under the age of 18 years to register for membership or to provide any Personal Data on our Website. Children should always obtain permission from a parent or guardian, before sending personal information over the Internet. If you believe your child may have provided us with Personal Data, please notify [email protected] and we will delete that Personal Data.

Changes to This Policy

We may update this Policy from time to time by posting a new version on this web page. You should visit this page occasionally to ensure you agree with any changes. We will post our revised Policy on this web page and update the “Effective” date above to reflect the date of the changes. By continuing to use our Website after we post any such changes, you agree that you accept the Policy as modified.

Contact Us

If you have any questions regarding this Policy or our treatment of your Personal Data, please contact us at [email protected].

Please allow up to 30 days for us to reply.