This Policy covers any Personal Data we collect in connection with your use of www.MEF.net, www.MEF18event.com, www.MEFProCERT.com, and wiki.mef.net (“MEF Wiki”) and any MEF event mobile apps (together, the “Websites”), where you can:
- Learn more and request for information and content about the MEF’s benefits
- Apply for MEF’s Professional Certifications and be listed on the MEF Certified Professionals registry
- Apply to be a MEF member and collaborate with other MEF members
- Find our technical standards and specifications
- Register for MEF events (e.g. webinars).
(together, the “MEF Services”).
You can navigate to the relevant sections of the policy by clicking the links below:
- About us
- What data do we collect about you?
- How do we use your Personal Data and on what grounds?
- Marketing Communications
- Who do we share your Personal Data with?
- Will my Personal Data be sent abroad?
- Your rights over your Personal Data
- How long do you keep my Personal Data?
- How do you keep my Personal Data secure?
- Third Party Websites
- Contact us
IMPORTANT: IF YOU ARE BASED OUTSIDE OF THE EUROPEAN UNION
Some of these provisions here, particularly your rights in respect of your data, will only apply if you are an individual based in the EU. We have highlighted these sections as relevant.
For the purposes of applicable data protection laws, MEF Forum, a non-profit mutual benefit corporation incorporated in California, USA with its registered address at 6033 W. Century Boulevard, Suite 1107, Los Angeles CA 90045 USA is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.
If you are based in the EU, we have appointed: [REPRESENTATIVE NAME, COMPANY NUMBER, COUNTRY OF INCORPORATION, ADDRESS] as our designated representative in the EU for the purposes of the General Data Protection Regulation. They will be responsible for overseeing all questions in relation to this privacy notice (including any requests to exercise your legal rights in respect of your data where you are based in the EU.
WHAT DATA DO WE COLLECT ABOUT YOU?
When you access the Websites or receive the MEF Services, we may collect a variety of Personal Data about you, including:
Personal Data that you provide to us directly
MEF primarily collects Personal Data provided by you directly when you receive or request the MEF Services. For example, we may receive your:
- Telephone number
- Company name
- Job title
- E-mail address
- Any other information that you voluntarily submit to us when you register for an account on our Websites, sign up to or attend our events (e.g. special access or dietary requirements or business cards), subscribe for mailing updates, register for an MEF certification, or raise an enquiry/correspond with us face to face, through phone, email or our online contact form.
If you successfully become certified under the MEF Professional Certification program, we may issue and/or collect the following additional Personal Data about you to create your professional biography profile:
- Your employment history
- Your certification
- Your certificate ID
- Your profile photo
- Any other information you voluntarily provide to complete your profile, e.g. profile photos, employment and education history, Linkedin profiles and personal websites.
We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter and you do not wish to provide us with this information, this may limit the services we are able to provide to you.
Personal Data received from other sources
We may also receive information about you from:
- publicly available sources (e.g. LinkedIn or your profile on your company website, if you provide this information in your correspondence or applications)
- Our third party service providers providing the MEF Services on our behalf (see “Who do we share your personal data with?” below), including Salesforce and CVent
HOW DO WE USE YOUR PERSONAL DATA AND ON WHAT GROUNDS?
We will only use your personal data if we have a permitted lawful basis to do so. The primary purpose for which we collect information about you is to provide members or potential members with the MEF Services. We also collect information about you for the following purposes:
To perform our contract with you (i.e. to provide you with your requested MEF Services)
- To process membership or certification exam applications
- To provide members with their membership benefits, e.g. enable participation in the MEF Wiki, online collaboration with other members and signing up to related email lists
- To send you important communications regarding your MEF Certification exam applications (e.g. to send updates on application status and exam results)
- For continuity of service, e.g. to restore your membership if you are coming back after a long break. This will be in accordance with our data retention practices (see “How long do you keep my data?” below)
- To provide you with information, products or services that you request from us (including event registrations)
- For handling contacts, queries, complaints or disputes.
For our legitimate interests
- For market research and analytical purposes, e.g. to improve our understanding of membership and event attendance trends and profiles
- To ensure network and information security in the MEF Services and your Personal Data
- For improving existing services and developing new products and services
- For promoting, marketing and advertising our services
- Protecting MEF and our members/users by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to MEF
- To effectively handle any legal claims or regulatory enforcement actions taken against MEF
- To generally run the Website and for internal operations, in order to provide you with an up to date, efficient and reliable service
- Making important communications about your membership
- For keeping you informed of MEF events and activities (only in certain circumstances, see “Marketing communications” below)
- Maintaining our membership database.
To comply with our legal obligations
- To comply with our legal and regulatory obligations (including under applicable data protection laws)
- For preventing, investigating and detecting crime, fraud or anti-social behavior and prosecuting offenders, including working with law enforcement agencies
- To fulfil our duties to our members, colleagues and other stakeholders.
With your consent
- For marketing communications (see “Marketing communications” below).
- To publish profiles on the MEF Certified Professionals registry
- To manage certain requests from you (e.g. taking sensitive health data into account in accommodating your special dietary or accessibility requirements at events)
- Using your images or profiles in MEF’s promotional materials and press releases (e.g. MEF Youtube videos).
Where we rely on consent to process your Personal Data, you have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. However, please note this may result in us being unable to provide you with certain features of the MEF Services.
If you have opted-in to receive MEF update emails from us through any of our Websites (whether or not you are a MEF member), we will also use your Personal Data to keep you updated about MEF events and activities through marketing communications.
This means we may use your contact information to contact you by email with announcements and newsletters regarding information that we think may be of interest to you.
If you are based in the EU, we will only make marketing communications if you have given us your consent to do so if you have signed up to receive such updates using your individual, sole trader or partnership (rather than company employee) email address.
You have the right to withdraw your consent to these activities at any time, which will mean (unless we have another lawful basis to continue using your data) that we will cease to use your Personal Data for these marketing purposes.
If you wish to stop receiving marketing emails from MEF, you can do so by clicking the “unsubscribe” link at the bottom of each marketing email from us.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may disclose the Personal Data that we collect with the following third parties:
- Our third party providers of our business and operational services. These parties are authorized to process your Personal Data on our behalf and pursuant to our instructions, and only as necessary to provide the MEF Services. These include:
- Providers of payment processing and accounting, as necessary to process payment (such as [PayPal])
- Providers of our marketing and event management services, like iContact (who manage our email marketing) and SurveyMonkey (who run periodic surveys for our market analysis purposes).
- Salesforce, who host and manage our main data servers.
- Atlassian, who host the MEFWiki page through their Confluence software.
Please note that the member portal systems on the Websites use a shared sign-on system. This means that your name, email address and company name will be shared between MEF and Atlassian as our external provider of the MEFWiki page, as this enables you to use one set of log-in details to access all member/developer features of the MEF Services.
- Sponsors of some MEF events
- MEF Accredited Training Providers with whom you signed up for training and exams with if you have applied for a MEF Certification Program, as we provide occasional reports on the status of such providers’ own students who took training and subsequent exams with them previously.
- Any potential or actual third party buyer of our business and/or assets in the event that we sell, trade or licence ownership of any part of the MEF business or assets (including management of the Websites)
- Third parties we may be required to disclose such personal data to in order to comply with our legal obligations, to enforce our legal rights or to protect our members, e.g. any relevant authority or enforcement body and fraud protection and credit risk reduction agencies or emergency services.
WILL MY PERSONAL DATA BE SENT ABROAD?
Our main database is hosted by Salesforce in the U.S. and we collect, store and process the information from our Websites there. Salesforce servers may also be accessed by Salesforce staff in other regions. This means that your Personal Data may be transferred abroad to a country with different data protection laws, particularly if you are based outside the US. By providing your Personal Data in connection with the MEF Services, you agree to this potential international transfer of your Personal Data.
If you are based in the EU, we will ensure that such transfers are made subject to appropriate safeguards as required by applicable data protection laws to ensure that a similar degree of protection is afforded to your personal data, including by ensuring that overseas recipients of your data have been self-certified under the Privacy Shield framework or through the use of EU Commission approved standard contractual clauses. You can obtain further information about how we manage any transfers of your personal data abroad, including the safeguards in place for your international transfers of personal data by contacting us (see “Contact Us” below) and the Privacy Shield scheme at www.privacyshield.gov.
YOUR RIGHTS OVER YOUR PERSONAL DATA
You can exercise all the rights applicable to you by contacting us (see details in the “Contact Us” section below) or submitting an online enquiry form on our Websites.
If you are based in the EU
You may, in circumstances, have the following rights in relation to the Personal Data we hold about you. You can request to:
- Access a copy of the information held about you
- Delete, restrict or remove the data we hold about you
- Transfer the data we hold about you to another party
- Object to any further processing of your data, if we are processing your Personal Data on the basis of our legitimate interests (see “How do we use your personal data and for what grounds” above), or for direct marketing.
We will endeavor to respond to your requests within one month and free of charge. Please note that in respect of all these rights, we reserve the right to:
- Refuse your request based on the exemptions set out in the applicable data protection laws.
- Request for proof of your ID to process the request or request further information.
- Charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests.
If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision. If we have shared your data with others, we will tell them about your request to rectify, erase, restrict or object to the processing where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with the data protection regulator for your country of residence.
If you are based in California
If you are based anywhere else
MEF acknowledges that you have the right to access your Personal Data. In case you request us to remove data, we will respond within a reasonable timeframe.
Upon request, MEF will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied.
HOW LONG DO YOU KEEP MY DATA?
We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorized use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.
HOW DO YOU KEEP MY PERSONAL DATA SECURE?
We are committed to taking reasonable efforts to secure the information that you choose to provide us, and we use a variety of security procedures to help protect against unauthorized access to or alteration, disclosure, or destruction of Personal Data. We restrict access to Personal Data to our employees, contractors and service providers (described in “Who we share your data with” above) who need to know the information to operate, develop, or improve the MEF Services.
THIRD PARTY WEBSITES
The MEF Services are not intended for use by or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13. Children under 13 should not use the Websites.
Address: MEF Forum, 6033 W. Century Boulevard, Suite 1107, Los Angeles CA 90045 USA
Phone: +1 310 642 2800