Global Association of Risk Professionals ("We") are committed to protecting and respecting your privacy.

This privacy notice (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, through this website will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

BY VISITING WWW.GARP.ORG (THE "SITE") YOU ACKNOWLEDGE THE PRACTICES DESCRIBED IN THIS NOTICE (INCLUDING AS UPDATED OR AMENDED FROM TIME TO TIME). IF, FOR ANY REASON, YOU DO NOT AGREE TO THE TERMS OF THIS NOTICE, PLEASE STOP USING THE SITE IMMEDIATELY.

Please click on the sections to the left to learn more about our privacy notice.

Who we are

The data controller for the Site is Global Association of Risk Professionals, 111 Town Square Place, 14th Floor, Jersey City, NJ 07310 USA. As used in this privacy notice, "GARP" includes The Global Association of Risk Professionals and its subsidiaries and all entities that GARP controls, is controlled by or is under common control with, including subsidiaries, joint ventures or other entities in whom GARP has a substantial ownership interest.

Information THAT we may collect from you

When you use the Site or contact us by telephone, e-mail, social media, SMS, facsimile or through one of our apps, we may collect and process your "personal data". This means any information which relates to you and/or information which can identify you. We may collect the following data about you:

Information that you give us.

The information that you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description, photographs, images and/or comments via:

• Forms filled out by you on the Site;
• Content of correspondence with us by phone, e-mail or otherwise;
• Site registration;
• Subscriptions or orders placed on the Site;
• Participation in discussion boards or other social media functions on the Site;
• Entering a competition, promotion or survey; and
• Reporting a problem or requesting support for the Site.

Information that we collect about you.

When you visit the Site we may automatically collect the following information:

• Technical information, including IP address, login information, browser type and version, time zone setting, country of origin, browser plug-in types and versions, operating system and platform;
• Information about your visit, including the full URL clickstream to, through and from the Site (including date and time);
• Pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse to and/or away from the page; and
• Reporting a problem or requesting support for the Site.

We do not collect, but we do receive personal information about some of your online activities across third party (non-GARP Company) websites.

We and third party partners may collect personal information about your online activities over time and across third party websites or online services through your use of the Site.

When you attend our events such as the GARP Risk Convention, chapter meetings and other GARP hosted events, we may videotape, audio record and/or photograph you.

Information that we receive from other sources.

• We may receive information about you if you use any of the other websites operated by GARP or the other services that GARP provides, including but not limited to test preparation. In this case we will have informed you when we collected that data, that it may be shared internally and combined with data collected on the Site.
• We are also working closely with third parties and may receive information about you from them including:

• business partners;
• sub-contractors in technical, payment and delivery services;
• advertising networks;
• web analytics providers;
• search information providers; and
• credit reference agencies.

Mobile and Location-based Services

• We may provide mobile apps that can be downloaded to smart phones. These apps have a variety of functionalities that enhance the user experience. In addition to providing services, our apps may collect personal and other information that will be used in accordance with this privacy notice. We provide a link to this notice to customers prior to their activation of any of our apps.
• Our Site, apps and/or mobile apps may use your device’s Global Positioning System (GPS) technology or other locations-based technologies to provide you with relevant location-based information. We may also share this information with third parties such as exam preparation providers. We will abide by your device’s settings when accessing any geo-location or other location based data.

How your information may be used

We use information held about you in the following ways:

Information that you give to us.

We may use this information:

• To help us respond to your queries;
• To carry out our contractual obligations to you and to provide you with the information, products and services that you request or have ordered from us;
• To provide you with information about other goods and services that we offer that are similar to those that you have already purchased or inquired about. Where required by applicable law, we will seek your prior written consent before doing so;
• To notify you about changes to our services;
• To manage your access to the services;
• To allow you to interact with our Site, for example by posting comments;
• To answer enquiries, provide information, support or advice about existing and new products or services;
• To use your credit card information for payment processing and fraud prevention;
• To allow you to share information from our Site on third party social media platforms;
• To comply with our legal and regulatory requirements;
• To ensure the safety and security of our Site and of users of our Site; and
• Where we capture your image or voice at one of our events, we may use such images and recordings for promotional purposes on our social media channels, promotional videos and on our website.

The law allows us to use your personal information as set out above on the basis that the processing is necessary for the performance of a contract with you, or we are acting in our "legitimate interests" in the promotion and efficient running of our business.

Promotional Email and Other Communications:

• We may use the said information to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you.
• If you provided your email or mobile address for electronic newsletters, updates and promotional emails from GARP and its affiliates, you agree that we are authorized to send and you opt-in to receive informational and promotional emails and/or other communications to you. You are solely responsible for any data charges or other charges that may be applied by your wireless carrier for communications via those technologies.
• You may discontinue the receipt of future promotional emails at any time by following the unsubscribe instructions that are included in each promotional email.

The law allows us to use your personal information for marketing purposes on the basis that it is in our legitimate interests to do so, or we have obtained your consent to send you such marketing communications.

Information that we collect about you. We may use this information:

• To administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To ensure proper attribution for comments or postings that you may contribute to our Site;
• To improve our Site to ensure that content is presented in the most effective manner for you and for your computer and other devices on which you receive our content;
• To allow you to participate in interactive features of our service, when you choose to do so;
• As part of our efforts to keep our site safe and secure;
• To measure or understand the effectiveness of advertising that we serve to you and others, and to deliver relevant advertising to you; and
• To make suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them.

The law allows us to use your personal information for these purposes on the basis that it is in our legitimate interests to do so in ensuring that our Site is operational and effective, or in order to comply with our legal obligations.

Information we receive from other sources.

• We may combine information from other sources with information that you give to us and information that we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Disclosure of your information

We may share your personal information with any GARP entity, including GARP - UK LTD., and with selected third parties including:

• Business partners, suppliers and sub-contractors to help us administer certain activities and services on our behalf. Here are some examples of the third-party service providers we use:

• Salesforce – CRM / Business Application provider
• Paypal – Payment processor
• Pearson – eLeaning and exam administration
• Wiley – eLearning provider
• YardStick – eBook provider
• OneWire – Career / Job site
• Prometric – Exam Proctoring service
• UPS - Fulfillment services
• GT – Fulfillment services

• Aggregate or anonymized data to advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others. We may also disclose such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
• Analytics and search engine providers that assist us in the improvement and optimization of our Site. We currently use Google Analytics to provide these services (see below for further information).

We may disclose your personal information to third parties:

• In the event that we sell or buy any business or assets, or if GARP or substantially all of its assets are acquired by a third party, we may disclose your personal data to the prospective seller or buyer of such business or assets (as our relationship with our customers may be one of the transferred assets).
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of GARP, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We use the certain Google Advertising and Google Analytics features and products, including Remarketing with Google Analytics, Google Display Network Impression Reporting and Google Analytics Demographics and Interest Reporting. We use cookies to identify targets, place advertisements and judge how well our marketing campaigns are reaching relevant audiences. You can opt out of all Google Analytics Advertising Features using NAI's consumer opt-out, as well as Google Analytics' opt-out. For further information see our Cookies policy in Section 12 of this Privacy Notice.

Where we store your personal information

We have put in place appropriate physical and technical measures to safeguard the personal information that we collect in connection with our services. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They are required only to process your personal information on our instructions and they are subject to a duty of confidentiality. However unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

All the information that you provide to GARP may be transferred or accessed by entities around the world as described in this notice, including by GARP's offices. By submitting your personal data, you acknowledge that we may transfer, store or process your personal information in this way. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

Where we transfer your personal information outside the European Economic Area ("EEA") to other third parties, we will ensure that appropriate transfer agreements and mechanisms are in place, such as the EU standard contractual clauses, to help ensure that we provide an adequate level of protection to your personal information. Where we transfer your personal information between GARP entities we use secure internet connections via HTTPS on secure computers, which are continually monitored for viruses and other security vulnerabilities, to secure servers which are physically not accessible and highly secure. Where we transfer your personal information to our third party service providers based outside the EEA, we use secure internet connections via HTTPS on secure computers, which are continually monitored for viruses and other security vulnerabilities, to secure, password protected repositories which are monitored and can be audited for access control. All information that you provide to us is stored on our secure servers. Any payment transactions, to the extent implemented by GARP, will be encrypted using SSL technology. Payment transaction implemented by third party websites will be subject to their respective payment terms and processes, and GARP shall have no responsibility relating to such transactions. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential, and for not sharing it with anyone.

We retain personal information about you for the period necessary to fulfil the purposes outlined in this notice or until you notify us to remove you from our database, unless a longer or shorter retention period is required or permitted by applicable law.

Cookies

The Site uses cookies to distinguish you and your computer from other users of it. This helps us to provide you with a good experience when you browse it and also allows us to improve it. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

Children

The Site is not directed toward children under 13 years of age nor does GARP knowingly collect information from children under 13. If you are under 13 years of age, you are not allowed to submit any personally information to GARP. If you become aware that any child has submitted personal information to GARP, please inform us by emailing memcomms@garp.com as soon as possible.

Your rights

Where applicable under local law, you may, in certain circumstances:

• request a copy of the personal information held by GARP about you. Local law may enable us to charge a fee for this. We may require you to prove your identity with approved identification if you request this information.
• update, or request we update or correct, your information.
• (where you have consented to our processing your personal information), to withdraw such consent at any time.
• request us to port (that is, transmit) your personal information directly to another organization.
• request us to erase your personal information– this is known as the "right to be forgotten".
• require us to stop processing your personal information.
• object to our processing your personal information for specific purposes, such as for the purposes of direct marketing.
• Have the right not to be subject to decisions taken solely on the basis of automated processing.

Where provided under applicable law, you may have the right to ask us for a list of personal data we share with third parties and information regarding those third parties, if the third parties use the personal data for their direct marketing purposes. We will inform you (before collecting your data or as set out in this privacy notice) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.

If you are a California resident or reside in a jurisdiction that allows such requests send an e-mail to memcomms@garp.com, specifying that you seek your “California Customer Privacy Notice” or other applicable Customer Privacy Notice. Please identify your location and please allow thirty days for a response.

You can exercise your right to prevent such processing by:

1. adjusting certain controls on the forms we use to collect your data, if such controls are available on such forms,
2. by modifying your profile by logging in to www.GARP.org, which will include information on how to opt-in or opt-out of use of your information, or
3. contacting us at GARP.

If you prefer not to receive marketing or promotional emails from GARP or the Site, please let us know by clicking on the unsubscribe link within any promotional email that you receive from us. Please note that such requests may take up to ten business (10) days to become effective.

Your Choices

GARP gives you the choice of receiving a variety of information that complements our products and services. You can subscribe to receive certain product-specific and service-specific information and also choose to receive GARP general communications. We give you a choice regarding delivery of GARP general communications by the communication means through which GARP may contact you, which may include postal mail, email, SMS, telephone, or mobile device.

You can make or change your choices about receiving either subscription or general communications at the data collection point or by one of the other methods set out above. This option does not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.

Subscription Communication

Subscription communications include email newsletters, member updates, job listings, daily news feeds and other types of information that may be expressly requested by you or which you consented to receive. After you request such communications, you may opt out of receiving them by using one of the methods set out above.

Enforcing your rights

If you wish to enforce any of your rights under applicable data protection laws, then please contact us. We will respond to your request without undue delay and by no later than one month from receipt of any such request, unless a longer period is permitted by applicable data protection laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable data protection laws.

Complaints

If you are concerned that we have not complied with your legal rights under applicable data protection laws, you may contact the Information Commissioner's Office (ico.org.uk) which is the data protection regulator in the UK which is where GARP UK is located. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.

Links to third party sites

Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that they may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to our privacy NOTICE

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to it.

Contact

Questions, comments and requests regarding this privacy notice are welcomed and must be sent to GARP at the following address:

Rachel S. Lerner 
Senior Vice President, Legal and Regulatory Counsel 
Global Association of Risk Professionals 
111 Town Square Place - Suite 1410 
Jersey City, New Jersey 07310 
rachel.lerner@garp.com 
+1 201 719-7263 

Information about our use of cookies

Our website uses cookies and other similar technologies (such as pixel tags, code snippets and web beacons) (collectively, "Cookies") to distinguish you from other users of the Site. This helps us to provide you with a good experience when you browse the Site and also allows us to improve it.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

When you visit our Site you consent to our use of these cookies.

Below we explain the different types of Cookies that may be used on the Site.

• Required Cookies Required Cookies are necessary for the Site to work, and enable you to move around it and use the services and features. Disabling these Cookies may encumber the Site's performance, and may make the services and features unavailable.
• Functional Cookies We use Functional Cookies to save your settings on the Site—settings such as your language preference, or other information you have previously used when registering with us. We also use Functional Cookies to store such things as the last search, etc., so you can easily find it the next time you visit. Some Functional Cookies are essential to viewing maps or videos on our Site. We also use "Flash Cookies" for some of our content.
• Advertising Cookies Advertising Cookies allow us and other advertisers to show you the most relevant products, offers, and advertisements on the Site and third-party sites. For example, some Advertising Cookies help our third party partners and other advertisers select advertisements that are based on your interests including those expressed or inferred across websites and online services and over time. Others help prevent the same advertisement from continuously reappearing for you. These types of Cookies also help us provide you with content on the Site that is tailored to your interests and needs.
• Advertising Cookies also include Social Plug-In Cookies and Analytics Cookies. Social Plug-In Cookies are used to share content from the Site with members and non-members of social media networks. These Cookies are usually set by the social networking provider, enabling such sharing to be smooth and seamless. Analytics Cookies collect information about your use of the Site, and enable us to improve the way it works. These Cookies provide us with aggregated information on metrics such as the most frequently visited pages on the Site, help us record any difficulties you had with the Site, help us monitor how our visitors reach the Site, and show us whether advertising by us or others is effective or not. This also allows us to see the overall patterns of usage on the Site, rather than just the usage of a single person.

We distinguish between session Cookies and persistent Cookies.

• Session Cookies. These types of Cookies are stored only temporarily during a browsing session, and are deleted from your device when you close the browser. We use session Cookies to support the functionality of the Site and to understand your use of the Site—that is, which pages you visit, which links you use and how long you stay on each page.
• Persistent Cookies. These types of Cookies are not deleted when you close your browser, but are saved on your device for a fixed period of time or until you delete them. Each time you visit the Site, the server that set the Cookie will recognize the persistent Cookie saved on your device. We and others use persistent Cookies to store your preferences, so that they are available for your next visit, to keep a more accurate account of how often you visit the Site, how often you return, how your use of the Site may vary over time and the effectiveness of advertising efforts.

Other technologies may also be used, allowing us and third parties to know when you visit the Site, and to understand how you interact with emails or advertisements. Through other technologies, non-personal information or aggregate information (i.e., your operating system, your browser version, and the URL you came from) may be obtained and used to enhance your experience and understand traffic patterns. Note that, to the extent information collected through Cookies and the said other information constitutes personal information, the provisions in the Privacy Notice apply and complement this Policy.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

If you want to delete or disable any cookies (or similar technologies), please refer to the instructions of your file management software to locate the file and directory that stores cookies. You may not be able to take advantage of all the features of the Site, including certain personalized features, if you delete or disable cookies.

Please be aware that rejecting Cookies may affect your ability to perform certain transactions on the Site, and our ability to recognize your browser from one visit to the next.

For more information on how to see what cookies have been set and how to manage and delete them, please go to www.allaboutcookies.org.

We may change and update our list of cookies (or similar technologies) from time to time. If you use our cookies (or similar technologies) after we have published these changes, you will be agreeing to be bound by those changes. If you do not consent to the use of the cookies (or similar technologies) at any time, please see above on how to disable cookies.

© GARP 2018