On This Page:
- Who We Are
- Where we collect data for our Services
- Our Services
- What data do we collect about you?
- How do we use your personal data and on what grounds?
- Marketing communications
- Who do we share your personal data with?
- Will my personal data be sent abroad?
- Your rights over your personal data
- How long do you keep my data?
- How do you keep my personal data secure?
- Third party websites
- Contact us
Who We Are
For the purposes of applicable data protection laws, MEF Forum, a non-profit mutual benefit corporation incorporated in California, USA, with its registered address at 6033 W. Century Boulevard, Suite 1107, Los Angeles CA 90045 USA is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.
Where we collect data for our services
This Policy covers any Personal Data we collect in connection with your use of our websites (together, the “Websites”):
On these sites, you can access our services (together, the “MEF Services”) to:
- Find our technical standards, white papers, and other published artifacts.
- Learn more and request information about MEF membership, and be listed as a MEF member.
- Learn more and request information about company certification programs, and be listed in the services and technology certification registries.
- Register for MEF’s professional certifications and be listed on the MEF professional certification registry.
- Register for MEF events.
Important: If you are based outside of the European Economic Area (EEA)
What data do we collect about you?
When you access the Websites or receive the MEF Services, we may collect a variety of Personal Data about you, including:
Personal Data that you provide to us directly
MEF primarily collects Personal Data provided by you directly when you receive or request the MEF Services. For example, we may receive your:
- Telephone number
- Company name
- Job title
- E-mail address
Any other information that you voluntarily submit to us when you:
- Register for an account on our Websites.
- Sign up to or attend our events (e.g. special access, dietary requirements, or business cards).
- Subscribe to receive MEF email updates.
- Register for a MEF certification.
- Send an enquiry or correspond with us face-to-face, through phone, email, or our online contact form.
MEF Professional Certification Program
If you successfully become certified under the MEF Professional Certification program, we may issue and/or collect the following additional Personal Data about you to create your professional biography profile:
- Employment history
- Certification Type
- Certificate ID
- Profile photo
- Any other information you voluntarily provide to complete your profile, e.g. education history, LinkedIn profiles, personal websites, etc.
When we collect your information, we will let you know whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If you choose not to provide us with required information, it may limit the services we are able to provide to you.
Personal Data received from other sources
We may also receive information about you from:
- Publicly available sources (e.g. LinkedIn, or your profile on your company website, if you provide this information in your correspondence or applications.)
- Our third-party service providers of MEF Services on our behalf (see Who do we share your personal data with? below), including Salesforce and event registration sites.
How do we use your personal data and on what grounds?
We will only use your personal data if we have a permitted, lawful basis to do so. The primary purpose for which we collect information about you is to provide members or potential members with the MEF Services.
We also collect information about you for the following purposes:
To perform our contract with you (i.e. to provide you with your requested MEF Services)
- To provide members with their membership benefits, e.g. enable participation in MEF events, meetings, the MEF Wiki, online collaboration with other members, and signing up to receive related email messages.
- To process membership or certification exam applications.
- To send you important communications regarding your MEF Certification exam applications (e.g. to send updates on application status and exam results).
- For continuity of service (e.g. to restore your membership). This process will be in accordance with our data retention practices. (See How long do you keep my data? below.)
- To provide you with information, products, or services, that you request from us (including event registrations).
- For handling contacts, queries, complaints, or disputes.
- For our legitimate interests.
For market research and analytical purposes, e.g. to improve our understanding of membership and event attendance trends and profiles
- To ensure network and information security in the MEF Services and your Personal Data.
- To improve existing services and develop new products and services.
- To promote, market, and advertise our services.
- To protect MEF and our members/users by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to MEF.
- To effectively handle any legal claims or regulatory enforcement actions taken against MEF.
- To generally run the Website and for internal operations, in order to provide you with an up-to-date, efficient and reliable service.
- To communicate important information about your membership.
- To keep you informed of MEF events and activities (only in certain circumstances, see Marketing communications below).
- Maintaining our membership database.
To comply with our legal obligations
- To comply with our legal and regulatory obligations (including under applicable data protection laws).
- For preventing, investigating, and detecting crime, fraud, or anti-social behavior and prosecuting offenders, including working with law enforcement agencies.
- To fulfill our duties to our members, colleagues, and other stakeholders.
With your consent
- For marketing communications (see Marketing communications below).
- To publish profiles on the MEF Certified Professionals registry.
- To manage certain requests from you (e.g. taking sensitive health data into account in accommodating your special dietary or accessibility requirements at events).
- Using your images or profiles in MEF’s promotional materials and press releases (e.g. MEF YouTube videos).
Where we rely on consent to process your Personal Data, you have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. Please note, withdrawing your consent may result in us being unable to provide you with certain features of the MEF Services.
If you have subscribed to receive MEF update emails from us through any of our Websites (whether or not you are a MEF member), we will also use your Personal Data to send you information about MEF events and activities through marketing communications.
This means we may use your contact information to contact you by email with announcements and newsletters regarding information that we think may be of interest to you.
If you are based in the EEA, we will only send you marketing communications if you have given us your consent to do so, if you have signed up to receive such updates using your individual, sole trader or partnership (rather than company employee) email address.
You have the right to withdraw your consent to these activities at any time, which will mean (unless we have another lawful basis to continue using your data) that we will cease to use your Personal Data for these marketing purposes.
If you wish to stop receiving marketing emails from MEF, you can do so by clicking the unsubscribe link at the bottom of any marketing email from us.
Who do we share your personal data with?
We may disclose the Personal Data that we collect with the following third parties:
- Our third party providers of our business and operational services. These parties are authorized to process your Personal Data on our behalf and pursuant to our instructions, and only as necessary to provide the MEF Services. These include but are not limited to:
- Providers of payment processing and accounting, as necessary to process payments (such as PayPal).
- Providers of our marketing and event management services, like Hubspot (used to manage our email marketing), and SurveyGizmo (used to run periodic surveys for our market analysis purposes).
- Salesforce, used to host and manage our main data servers.
- Sponsors of some MEF events.
- MEF Accredited Training Providers, with whom you signed up for training and exams, if you have applied for a MEF Certification. We provide occasional reports on the status of the students who took training and subsequent exams with them previously.
- Any potential or actual third party buyer of our business and/or assets, in the event that we sell, trade, or license ownership of any part of the MEF business or assets (including management of the Websites).
- Third parties we may be required to disclose such personal data to in order to comply with our legal obligations, to enforce our legal rights, or to protect our members, e.g. any relevant authority or enforcement body and fraud protection and credit risk reduction agencies, or emergency services.
Will my personal data be sent abroad?
Our main database is hosted by Salesforce in the U.S.A. and we collect, store, and process the information from our Websites there. Salesforce servers may also be accessed by Salesforce staff in other regions. This means that your Personal Data may be transferred abroad to a country with different data protection laws, particularly if you are based outside the U.S.A. By providing your Personal Data in connection with the MEF Services, you agree to this potential international transfer of your Personal Data.
If you are based in the EEA, we will ensure that such transfers are made subject to appropriate safeguards as required by applicable data protection laws to ensure that a similar degree of protection is afforded to your personal data, including by ensuring that overseas recipients of your data have been self-certified under the Privacy Shield framework or through the use of EU Commission approved standard contractual clauses. You can obtain further information about how we manage any transfers of your personal data abroad, including the safeguards in place for your international transfers of personal data by contacting us (see Contact Us below) and the Privacy Shield scheme at www.privacyshield.gov.
Your rights over your personal data
You can exercise all the rights applicable to you by contacting us (see Contact Us below) or submitting an online enquiry form on our Websites.
If you are based in the EEA
You may, in circumstances, have the following rights in relation to the Personal Data we hold about you. You can request to:
- Access a copy of the information held about you.
- Rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal information we hold about you is accurate, complete, and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected. You can also update any incorrect contact information yourself by updating your profile information in the member’s portal or by emailing firstname.lastname@example.org.
- Delete, restrict, or remove the data we hold about you.
- Transfer the data we hold about you to another party.
- Object to any further processing of your data, if we are processing your Personal Data on the basis of our legitimate interests (see How do we use your personal data and for what grounds above), or for direct marketing.
We will endeavor to respond to your requests within one month and free of charge. Please note that in respect of all these rights, we reserve the right to:
- Refuse your request based on the exemptions set out in the applicable data protection laws.
- Request proof of your identity to process the request or request further information.
- Charge you a reasonable administrative fee for any repetitive, manifestly unfounded, or excessive requests.
If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision. If we have shared your data with others, we will tell them about your request to rectify, erase, restrict, or object to the processing, where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
If you have any concerns about how we handle your data, please contact us. If you are not satisfied with the resolution of your issue, you are entitled to lodge a complaint with the data protection regulator in your country of residence.
If you are based in California
If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the prior calendar year. To obtain this information, please contact us as indicated under the Contact Us section below. You may also submit a contact form electronically through the Websites.
If you are based anywhere else
MEF acknowledges that you have the right to access your Personal Data. In case you request us to remove data, we will respond within a reasonable timeframe.
Upon request, MEF will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied.
How long do you keep my data?
We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purpose for which we process your data, and whether we can achieve those purposes through other means, along with the applicable legal requirements.
How do you keep my personal data secure?
We are committed to taking reasonable efforts to secure the information that you choose to provide us, and we use a variety of security procedures to help protect against unauthorized access to or alteration, disclosure, or destruction of Personal Data. We restrict access to Personal Data to our employees, contractors, and service providers (described in Who we share your data with above) who need to know the information to operate, develop, or improve the MEF Services.
Third party websites
The MEF Services are not intended for use by or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13. Children under 13 should not use the Websites.
Address: MEF Forum, 6033 W. Century Boulevard, Suite 1107, Los Angeles CA 90045 USA
Phone: +1 310 642 2800