Effective: July 9, 2018
“Personal data” is information relating to an identified or identifiable natural person.
CATERGORIES OF PERSONAL DATA PROCESSED BY DRI
Personal data that is processed when you communicate with DRI: When you interact with our customer service representatives via email, telephone, online or in person, we collect personal data, including your name, mailing address, phone number, and email address. We also may create event logs that are useful in diagnosing app performance-related issues, and capture information relating to the support or service issue. To improve customer service, subject to applicable laws, we may also record and review conversations with customer support representatives, and analyze any feedback provided to us through voluntary surveys. With your consent, our customer support representatives may log in to your DRI account, if appropriate, to help troubleshoot and resolve your issue.
- Purposes and Legal Grounds:
We use this information to provide you with member support and customer service and to monitor the quality and types of member support and customer service we provide to our members and customers. The legal ground for processing this information for these purposes is DRI’s legitimate interests in providing quality member support and customer service. The legal ground for logging in to your DRI account, if appropriate; to help troubleshoot and resolve your issue is consent, which you may withdraw.
Personal data that is processed when you create a DRI account or purchase/register or seek access to a DRI program, service, or other offering through the DRI website or applications, such as e-communities and the DRI membership directory. When you conduct any of these activities, we will request you to provide your email address, mailing address, and name. Additionally, when you use a credit card to pay your membership dues or to make purchases from our website or apps, we collect and process your credit card data. We use Electronic Payment Vendors to process electronic commercial payments, as described more fully in the Third-Party Recipients of Personal Data section of this Policy.
DRI processes your email address or personal DRI ID and password when you use your email address or personal DRI ID and password for the purpose of enabling you to log in to the DRI website or various DRI apps. Additionally, some DRI apps require a third-party vendor to process your established personal login and password that you use to access the app. The legal ground for processing your email address, personal DRI ID or other established login credentials for this purpose is DRI’s legitimate interest in protecting the security of your DRI account.
DRI also processes your name, contact information and website login credentials, including your email address when you choose to join DRI’s e-communities for the purpose of enabling you to participate in such e-communities, including receiving daily digests and real-time feeds. If you choose to subscribe to any e-communities, DRI will process your contact information based on DRI’s legitimate interest in providing members with the opportunity to participate in communications within such e-communities and to receive daily digests and real-time feeds.
DRI also processes your name and contact data for the purpose of listing your name, contact data, committee participation and practice/ firm/biographical information in the DRI membership directory when you become a member. The legal ground for processing your name and contact data for this purpose is DRI’s legitimate interest in enabling members to communicate with and receive referrals from other members. If you do not wish to have your personal data listed in the DRI membership directory, please notify DRI Customer Service at (312) 795-1101 or email email@example.com.
DRI and Electronic Payment Vendors store and process your credit card information to pay/renew membership dues and make a variety of purchases. The type of purchase will dictate which Electronic Payment Vendor is used. The legal ground for storing and processing your credit card information is that such processing in order to effect payment is necessary for the performance of a contract between DRI and DRI members and customers.
DRI may also process your email address and other contact data so that DRI and DRI members may send you electronic marketing communications, including promotional electronic mail concerning DRI seminars, webinars, publications, and surveys. If you reside in Canada or the European Union, the legal ground for processing your email address and other contact data for this purpose is your opt-in consent, which you may withdraw at any time by contacting DRI Customer Service by calling (312) 795-1101, emailing firstname.lastname@example.org, or through clicking on the unsubscribe link at the bottom of our electronic marketing communications. Additionally, with respect to electronic mail generated from DRI’s e-communities, you can adjust your preferences under “Settings” to stop receiving such electronic mail. If you reside outside of Canada and the European Union and do not want to receive electronic marketing communications, you will be provided with the opportunity to opt out from receiving electronic marketing communications from DRI and DRI members through the unsubscribe link provided at the bottom of our marketing emails. The electronic marketing communications you receive from DRI are based on your location, committee affiliations, practice areas, and other demographic indicators. The legal ground for processing your personal data for this purpose is DRI’s legitimate interest in providing its members and customers with electronic marketing communications that are likely to be of interest to them rather than sending every electronic marketing communication to every member and customer.
DRI processes your email and contact information when conducting seminar evaluations and collecting the necessary information to process Continuing Legal Education (CLE) requests with various jurisdictions within the United States. The legal ground for processing this information for this purpose is DRI’s legitimate interest in providing you with the opportunity to provide input on educational offerings and obtain CLE credits.
DRI through the use of a “single sign-on” application shares your DRI ID and password, user name, member ID and email address with Third-Party Recipients for the purpose of enabling you to log in and access online educational course offerings. The legal ground for processing this information for this purpose is DRI’s legitimate interest in providing you access to the online content and in a secure manner.
DRI also processes your email address for the purpose of providing you with customer support, processing your registrations, and providing you with access to DRI apps and the website. The legal ground for such processing is our legitimate interest in providing quality member support/customer service, processing/fulfilling orders, and enabling you to access our member services.
THIRD-PARTY RECIPIENTS OF PERSONAL DATA
Other data subjects: Your personal data, including your contact information, may be shared with DRI members (e.g., when we list your contact information in the membership directory). If you reside in countries where consent is required, such as the European Union or Canada, we will obtain your consent before sharing your personal data with other DRI members for the purpose of enabling them to send you information about DRI programs, services, publications, and other information that may be of interest to you.
Electronic Payment Vendors: We use Electronic Payment Vendors to process credit card data when you pay your membership dues, purchase written materials, or register for seminars through our website or apps.
Third party app, platform or other service providers: We share the personal data of members and customers with third party app, platform and other service providers, such as database managers/developers, publishers, and web developers/hosting companies, that assist us with certain processing activities, such as storing/backing up data, enhancing/maintaining databases, publishing content, and developing/offering a variety of products/services. If you use any of our apps, your personal data, including name, contact information and any stored biographical/firm information within DRI’s database, will be stored and processed through our third-party app vendors. We also use third party providers to distribute organizational emails and deliver online educational course materials. Access to the online educational course materials is made possible through the use of a single sign-on application associated with the DRI website and a third-party platform. Finally, we use a third-party provider to assist with the processing of seminar evaluations and seminar registrant CLE requests.
Offerings from other companies: Our Site also contains offerings from other companies that you can link to through our Site (such as Expert Witness Profiler, Legal Job Exchange and Laurel Road Student Loan Refinancing). When you click on such a link on our Site, you will be taken to the website of the other company, and its privacy practices will govern your use of that website and your interactions with that company.
Sponsors and content providers: From time to time, we share the member’s name, contact information (including email addresses) with companies and law firms that sponsor DRI events or license DRI publications.
Seminar attendees: From time to time, we share a seminar registrant’s name, contact information (including email addresses) with other seminar registrants who register for the same event.
Governmental entities and third parties: We may disclose personal data about you to governmental entities, such as regulatory agencies, law enforcement, and judicial authorities, as well as other third parties under any of the following conditions: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, warrant, legal process, or other legal obligation; (c) to enforce any of our terms or policies; or (d) as necessary to pursue available legal remedies or defend legal claims. We also may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
COOKIES AND SIMILAR TECHNOLOGIES
If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.
App Analytics: We also collect data from data subjects about their usage of the DRI website, DRI Circles and DRI Education App. The types of analytical information that are collected include number of App downloads, web views, web page views, and business referrals. DRI uses this data to improve the quality and functionality of its website and of the aforementioned Apps, and to help identify and fix app stability issues and other usability problems.
Legal Grounds: The legal ground for processing this personal data is our legitimate interest in understanding how our members and customers interact with our apps and Site so we can enhance the user experience and functionality of our apps and Site.
CROSS-BORDER TRANSFERS OF PERSONAL DATA
If you are located outside the United States, your personal data will be transferred to and stored on servers in the United States and possibly in other countries. The data protection and privacy laws of the United States and other countries may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. Additionally, the United States does not provide for an adequate level of data protection based on a European Commission decision, nor does the United States provide for appropriate safeguards. The United States does not have the same supervisory authority oversight, does not have the same data processing principles in effect, and does not recognize the same data subject rights as the European Union.
DRI is committed to subject to the Privacy Shield Principles all personal data received from the European Union or Switzerland in reliance on the Privacy Shield. DRI will remain responsible for the processing of personal data in a personal data unless DRI proves it is not in any way responsible for the event giving rise to manner inconsistent with the Privacy Shield Principles by third parties to which DRI has transferred the damage.
In compliance with the Privacy Shield Principles, DRI is committed to resolving any complaints about our collection and use of EU/Swiss personal data. EU and/or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DRI by email at email@example.com or by writing to DRI by mail at 55 W. Monroe Street, Suite 2000, Chicago, IL 60603. DRI has also committed to referring unresolved Privacy Shield complaints to JAMS and JAMS Privacy Shield Complaint Form, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. Additionally, you may, under certain conditions, invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield resolution mechanisms. More information about Privacy Shield arbitration is available here.
Our Site is not directed to individuals under the age of 16, and we request that individuals under 16 not provide personal data to DRI. If we learn that we have collected personal data from a child under 16, we will take steps to delete the information as soon as possible.
RETENTION OF PERSONAL DATA
DRI retains the personal data for all DRI members, prospects and past members who reside in the United States for only as long as needed for DRI’s business purposes and to meet DRI’s legal obligations. Personal data for members, prospects and past members who reside outside the United States is only retained for as long as needed for the purposes for which the personal data is processed and to meet DRI’s legal obligations. See section below under “Your Rights” for additional information pertaining to the right of erasure, as well as other data subject rights.
We implement appropriate technical and organizational measures designed to assist in maintaining the security and confidentiality of personal data; safeguarding against anticipated threats to the confidentiality, integrity and availability of personal data; and protecting your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access.
However, whenever personal data is processed, there is a risk that such data could be lost, misused, modified, hacked, breached, and/or otherwise accessed by an unauthorized third party. No system or online transmission of data is completely secure. In addition to the technical and organizational measures that DRI has in place to protect your personal data, you should use appropriate security measures to protect your personal data. If you believe that your DRI account or any information you provided to us is no longer secure, notify us immediately at firstname.lastname@example.org.
RIGHT TO OBJECT
If you reside in the European Union, you have a right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing (“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a data subject, in particular to analyze or predict aspects concerning that data subject's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements), such as when we send you marketing information based on your location, committee affiliations, practice areas, and other demographic indicators. If you exercise your right to object to processing for direct marketing purposes, including profiling related to direct marketing, DRI will no longer process your personal data for such purposes.
Additionally, if you reside in the European Union, you have a right to object when we process your personal data based on the legitimate interests of DRI or a third party such as when we process your email address for the purpose of providing you with customer support or when we share your personal data with third party recipients (e.g., third party app, platform and other service providers, and sponsors and content providers) based on the legitimate interests of DRI or a third party. If you exercise your right to object where our processing or sharing of your personal data is based on legitimate interests, DRI will no longer process or share the personal data covered by your objection unless DRI has compelling legitimate grounds for the processing or sharing that override your objection or that relate to the establishment, exercise or defense of legal claims.
If you live in the European Union and wish to exercise your right to object, please contact DRI at email@example.com or complete the attached form and send it to DRI by mail at 55 W. Monroe Street, Suite 2000, Chicago, IL, 60603 or by email at firstname.lastname@example.org.
If you reside outside of the European Union, you may have a similar right to object under your local laws. If you do not live in the European Union but you think you have a right to object under your local laws, please contact DRI at email@example.com.
OTHER DATA SUBJECT RIGHTS
If you reside in the European Union, you also have the right, under the General Data Protection Regulation, to request access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, and the right to lodge a complaint with a supervisory authority. If you reside in the European Union or Switzerland, you also have the right, under the Privacy Shield, to access and to correct, amend or delete your personal data where it is inaccurate or where it has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the rights of other individuals would be violated. If you live in the European Union or Switzerland, and wish to exercise any of these rights, please contact DRI at firstname.lastname@example.org or complete the attached form and send it to DRI by mail at 55 W. Monroe Street, Suite 2000, Chicago, IL, 60603 or by email at email@example.com.
If you reside in the European Union or Switzerland, your rights under the Privacy Shield include the right to notice of the choices and means that DRI offers you for limiting the use and disclosure of your personal data. DRI provides you with the opportunity to choose how your personal data may be used under certain circumstances. If your personal data is to be used for a new purpose that is materially different from that for which your personal data was originally collected or subsequently authorized, or if your personal data is to be disclosed to a third-party controller, DRI will provide you with an opportunity to choose whether to have your personal data so used or disclosed. When sharing your personal data with third-party processors that DRI has retained to perform services on its behalf and pursuant to its instructions, DRI may disclose your personal data without offering an opportunity to opt out.
DRI also provides you with specific rights related to any Sensitive Data. “Sensitive Data” under the EU-U.S. Privacy Shield Framework is defined as personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of an individual. Under the Swiss-U.S. Privacy Shield Framework, “Sensitive Data” means personal data specifying medical or health conditions, personal sexuality, racial or ethnic origin, political opinions, religious, ideological or trade union-related views or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings. If your sensitive personal data is to be used for a new purpose that is different from that for which your sensitive personal data was originally collected or subsequently authorized, or is to be disclosed to a third party, DRI will obtain your affirmative express consent prior to such use or such disclosure.
If you reside outside of the European Union or Switzerland, you may have similar rights under your local laws. If you do not live in the European Union or Switzerland but you think you have any of these data subject rights under your local laws, please contact DRI at firstname.lastname@example.org.
DATA CONTROLLER AND DATA PROTECTION OFFICER
The DRI Deputy Executive Director serves as the Data Protection Officer and can be contacted at email@example.com.
Personal data collected by DRI is controlled by DRI, which is located at 55 W. Monroe, Suite 2000, Chicago, Illinois, 60603 and which you can contact by email at firstname.lastname@example.org.
We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. This notice will be provided on the DRI website.