ICBA Privacy Policy
The following policies guide us in managing this Web site (the “site”). Any page designed to gather information about users must link to this privacy policy.
This Privacy Policy outlines our practices for collection, use, and disclosure of your information that you provide to us when you use the International Council of Beverages Associations’ (“ICBA”) website (“Site”) as well as the collection, use, and disclosure of photographs taken of you at ICBA events. As detailed below, we collect and process several categories of personal data from you when you register as a member and/or register for events via the Site. Insofar as European Union data protection laws apply, we are a controller with regard to the data we process. By using our Site and/or registering for a membership account and/or events, you consent to our privacy policy.
When do we collect information?
Through the Site, we collect personally identifiable information (as defined below) from you when you register as a member, register for an event, subscribe to our newsletter, and/or fill out a form. You may, visit and browse our Site anonymously, but, as explained below, non-personal information is collected from visitors to the Site.
How do we use your information?
Generally, we use information collected through the Site:
- To personalize your experience (your information helps us to better respond to your individual needs);
- To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you);
- To process transactions (membership registration/renewal and/or event registration);
- To complete and report any information related to payments as required by law;
- To administer a survey or other Site feature; and
- To send periodic emails or text messages following up on the issue you expressed interest in or the transaction you initiated on our Site.
By providing your email address, you consent to being added to our email list. You may receive emails that may include organization news, political updates, issue briefs or action alerts, etc. If at any time you would like to unsubscribe from receiving future emails, we include unsubscribe instructions at the bottom of each email. Please allow us a reasonable period of time in order to satisfy your request, as some communications may already be in process.
What information do we collect?
A. Information For Website Improvements and Analytics
We collect certain non-personal information (“Non-PII”) regarding your use of the Site to assist us with website improvements and aggregate analytics such as cookies. Cookies are small files that most websites transfer to your computer through your Web browser (if you allow) that enable such sites to recognize your browser and store certain information. Cookies do not contain any personal information about you. We use cookies to compile aggregate data about Site traffic and Site interaction so that we can offer better Site experiences and tools in the future. We may contract with third-party service providers to assist us in analyzing our Site visitors. Such service providers are prohibited from using the information collected on our behalf except to help us conduct and improve our Site.
B. Information for Membership and Event Registration
When registering as a member and/or for events on the Site, you may be asked to enter your: name, e-mail address, mailing address, phone number, occupation, company, credit card payment information, passport information, dietary requests, and/or gender. (“Personally Identifiable Information” or “PII”).
We use a third-party platform for membership and event registration. They collect PII that you directly input into the registration forms. This data is collected for us and transferred to us, except for credit card payment information, and we process it in the performance of a contract with you (the purchaser of the registration and/or event ticket), as well as in our legitimate interest to manage our events and communicate with you via phone, email or the third-party platform, as explained below. Except as indicated below, credit card payment information is directly sent to and processed by a third-party payment processing platform.
C. Information Collected From Event Speakers
If you are a speaker at an ICBA event, you must provide some or all of the following information: your first and last name, title, employer, employment history, education, biography, your presentation slides (if applicable) and any photos, videos and other content you may share with us (such as a headshot). The presentation slides (if applicable) and photos, videos and other content (both provided by you as well as any photos and videos taken at the event) may be made available through the channels we consider appropriate (for example, the event app and our website).
This processing is made in our legitimate interest to promote our events and the data is stored by us for the duration of our business relationship.
D. Information for Event Hotel Reservations
As part of the event registration process, you will be asked if you want to book a hotel room. If you affirmatively indicate you would like to book a hotel room via the Site, ICBA will collect your name and credit card information during the registration process and forward it to the preferred hotel partner. The preferred hotel partner will handle any hotel room reservations, using a third-party payment platform to process the payment similar to the registration process outlined above. In the event you do not book your hotel room through the Site, ICBA will not collect your credit card information or process credit card payments directly.
E. Information for Event Visa Letters
As part of the event registration process, you will be asked if you require a visa letter to travel from your country of residence to the country in which the ICBA event is taking place. If you confirm the need for a visa, you will also be asked if you require a visa letter.
If you require a visa letter, you will be required to provide personal data to obtain a visa letter, including, but not limited to: your first and last name, passport number, date of issue, date of expiration and your country of residence or address. Additional information may be required, depending on jurisdictional rules. This personal data is collected and processed solely to assist with the visa process and is not used for any other purpose.
F. Dietary Information for Event Meals
Where we provide food, we may ask you about food allergies or other dietary requests, so we may adapt our menu accordingly. Providing this information is optional and we will only process it with your consent. However, if you fail to provide us with information regarding your food allergies or dietary restrictions, we cannot be held responsible for reactions that the food provided may elicit.
Dietary information is stored by us for a period of 120 days from the event.
G. Photographs
ICBA takes pictures during our events and may post them on the meeting app. Access to the app is controlled and these photos may only be viewed by meeting attendees and cannot be shared on social media channels via the app. Additionally, photos may be compiled after the event in a wrap-up report that is shared via email with the other attendees. Given that our events are generally held in public areas with controlled access, we do this based on our legitimate interest to document our events and market their success.
The event photos are stored for the entire period ICBA (or its legal successors) offers, markets or promotes member meetings or similar events, including for historical purposes. Should you have any concerns regarding the photos in which you are recognizable, please contact Simone SooHoo [Simone@icba-net.org].
Please note: photos may be taken by ICBA staff and other meeting attendees in their personal capacity and may be shared via social media channels. ICBA cannot control, nor does this privacy policy govern, the sharing and use of photos and recordings taken by attendees and others in their personal and independent capacity.
With Whom Do We Share Information?
We will disclose your personal data with the following third-parties for the purposes described below. We will take appropriate steps to ensure that your personal data is processed, secured and transferred according to applicable law.
- Payment processors that process payment for membership registration/renewal, event registration, and hotel reservations. These platforms act as controllers with regard to your data, collect most data directly from you, and such personal data processing is subject to the third party’s own privacy policy.
- Companies that provide products and services to us (processors), such as:
- Third parties involved in organizing our events, including member or attendee support activities;
- Third parties involved in operations of our Website;
- Information technology systems suppliers and support, including: email archiving, telecommunication suppliers, back-up and disaster recovery and cyber security services.
- Other parties, such as: public authorities and institutions, accountants, auditors, lawyers and other outside professional advisors, where their activity requires such knowledge or where we are required by applicable law to make such a disclosure.
We will also disclose your personal data to third parties:
1. if you request or authorize us to do so;
2. to persons demonstrating legal authority to act on your behalf;
3. where it is in our legitimate interests to do so to run, grow and develop our association.
More specifically, if ICBA or substantially all of its assets are acquired by a third-party, personal data held by ICBA will automatically be one of the transferred assets;
4. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, any lawful request from government officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
5. to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
6. to protect the rights, property or safety of ICBA, its staff, members or other persons.
We, as well as some of these recipients, may use your data in countries which are outside of the European Economic Area.
Any third-party controllers and processors with whom we choose to share your personal data pursuant to the above are limited (by law and by contract) in their ability to use your personal data for the specific purposes identified by us, on a case by case basis. We will always ensure that any third-parties with whom we choose to share your personal data are subject to privacy and security obligations consistent with this privacy policy and applicable laws. However, for the avoidance of doubt, this cannot be applicable where the disclosure is not our decision, including where you request it.
Except as expressly detailed above, we will never share, sell or rent any of your personal data to any third-party without notifying you and, if required, obtaining your consent.
Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), in that we do not collect any information from anyone under 13 years of age. Our website, information and services are all directed to people who are at least 13 years of age or older.
Changes to our Privacy Policy
We reserve the right to change our privacy policy at any time. If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.
This policy was last modified on December 10, 2018.
Security
We are committed to protecting personal data from loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction and take reasonable precautions to safeguard the confidentiality of personal data, including through use of appropriate organizational and technical measures. Organizational measures include physical access controls to our premises, staff training and locking physical files in filing cabinets. Technical measures include use of encryption, passwords for access to our systems and use of anti-virus software.
In the course of providing your personal data to us, your personal data may be transferred over the internet. Although we make reasonable efforts to protect the personal data which you provide to us, the transmission of information between you and us over the internet is not completely secure. As such, we cannot guarantee the security of your personal data transmitted to us over the internet and any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access to it.
Provisions Applicable to Persons in the European Union and European Economic Area
This section applies only to those who reside in the European Union or European Economic Area.
A. Transfers of Information Outside the European Economic Area
Since our association is located in the USA, we may process your personal data outside of the European Economic Area. We do this in the performance of the contract you enter into with us through your purchase of a membership in our organization and/or a ticket to an ICBA event.
Where your personal data is transferred to other entities as mentioned above, we will take appropriate measures to ensure that the recipient protects your personal data adequately in accordance with this privacy policy. These measures may include entering into European Commission-approved standard contractual arrangements with the recipients or ensuring they have self-certified compliance with the EU-US Privacy Shield framework, where applicable.
Further details on the steps we take to protect your personal data in these cases is available at any time upon request by contacting us.
B. Your Rights
If you are a data subject under EU data protection laws, you have specific legal rights relating to the personal data we collect from you
a. Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment.
b. Right to rectification: You may obtain from us rectification of personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
c. Right to restriction: You may require us to restrict the processing of your personal data, if:
- you contest the accuracy of your personal data, for the period we need to verify the accuracy;
- the processing is unlawful and you request the restriction of processing rather than erasure of your personal data;
- we no longer need your personal data, but you require it for the establishment, exercise or defense of legal claims; or
- you object to the processing while we verify whether our legitimate grounds override yours.
d. Right to access: You may request information regarding personal data that we hold about you, including information as to which categories of personal data we have in our possession or control, what they are being used for, where we collected them (if not from you directly), and to whom they have been disclosed, if applicable.
We will provide you with a copy of your personal data upon request. If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on administrative costs.
If we transfer your personal data to a country outside the EU and EEA, you have the right to request information about the safeguards in place for our transfer of that data to the receiving country.
e. Right to portability: You have the right to receive personal data that you have provided to us, and, where technically feasible, request that we transmit such personal data to another organization.
You have these two rights if:
- we process your personal data by automated means;
- we base the processing of your personal data on your consent, or our processing of your personal data is necessary for the execution or performance of a contract to which you are a party;
- you provided your personal data to us; and
- the transmission of your personal data does not adversely affect the rights and the freedoms of other persons.
You have the right to receive your personal data in a structured, commonly used and machine-readable format.
Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. This may be the case if a transmission of your personal data to another organization also involves the transmission of the personal data of other (non-consenting) individuals.
Your right to have your personal data transmitted from us to another organization is a right you have only if such transmission is technically feasible.
f. Right to erasure: You have the right to request that we delete the personal data we process about you. We must comply with this request if we process your personal data, unless the data is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation that binds us;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
- for the establishment, exercise or defense of legal claims.
g. Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent, but on our legitimate interests or those of a third party. In this event, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you also wish the erasure of your personal data; otherwise, we will only restrict it.
You may always object to the processing of your personal data for direct marketing purposes, even if it was based on our legitimate interest for any reason. If the marketing was based on your consent, you can withdraw consent.
h. Right to lodge a complaint: You can lodge a complaint to the data protection authority in your Member State.
Please note:
- Time period: We will try to fulfill your request within 30 days, which may be extended due to specific reasons relating to the specific legal right or the complexity of your request. In all cases, if this period is extended, we will inform you about the cause and anticipated length of the extension.
- Restriction of access: In certain situations, we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
- No identification: In some cases, we may not be able to look up your personal data due to the choice of identifiers provided in your request. In such cases, where we cannot identify you as a data subject, we will not be able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification. We will inform you and give you the opportunity to provide such additional details.
- Exercise your legal rights: In order to exercise your legal rights, please contact us in writing (including electronically) at the contact details provided in section Error! Reference source not found.
Contacting Us
If there are any questions regarding this Privacy Policy, you may contact us using the information below:
By email
Simone Soo Hoo at simone@icba-net.org
By mail
International Council of Beverages Associations
1275 Pennsylvania Avenue NW, Suite 1100
Washington, DC 20004
We will investigate and attempt to resolve any request or complaint regarding the use or disclosure of your personal data.
If you are not satisfied with our reply and you reside in the European Union, you may also make a complaint to the data protection authority, as indicated above.
Based on jurisdiction, there may be certain access, erasure, and other rights which individuals may have to their personal data, including the right to manage our treatment of their personal data and the way in which it is processed. To inquire about this, please send an email to the address indicated above.