Last Updated: August 2019
WHAT PERSONAL DATA WE COLLECT
The CMAA does not collect any personal data about you unless you specifically and knowingly provide such data. We only collect personal data that is necessary for the purposes set out by our association to promote and further the small cocoa trading community. We collect and maintain contact data such as your first name, last name, business title, firm or organization name, mailing address, e-mail address, business telephone number, mobile telephone number, fax number and other demographic information as appropriate. To the extent that you make payments to the CMAA using a non-cash form of payment, we will collect your payment instrument information (e.g., credit card number, security codes associated with your payment instrument). During certain events, we may take and collect photographs of the attendees in a general atmosphere setting. We also collect data and information in connection with our arbitration facilitation services, which settle disputes arising out of contractual obligations through a review and adjudication procedure by experts in the field.
HOW WE COLLECT PERSONAL DATA
We collect personal data through a variety of means. The most common method of collection that we use is when an individual provides his or her personal data through our website (www.cocoamerchants.com) or in connection with one of the services that we offer our members (e.g., the Warehouse Inspection Program or our arbitration facilitation services), or when an individual provides us with data on behalf of other people within their firm or organization. On occasion, personal data is provided to us from third-party sources (other than the individual his or herself), including, but not limited to, industry connections or third-party data and list brokers. Upon receiving this personal data, we contact the data subject within an appropriate amount of time. For individuals who are in-scope of the EU’s General Data Protection Regulation (“GDPR”), the amount of time in which we will contact the data subject will not exceed one month.
HOW WE USE YOUR PERSONAL DATA
We use personal data collected through our website for the association’s business purposes described below. We process your personal data for these purposes on the basis of our legitimate business interests, to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We also use your information for the purposes of connecting you with the CMAA in order to provide you with information about issues and events that may be of interest to you. We use personal data provide to us in connection with the services we offer to our members, such as the Warehouse Inspection Program and arbitration facilitation services. In that way, we use that information within the scope of providing those services. On our website, we keep track of your mailing address so that it may be easier for you to re-register or re-order. Other information is gathered so that we can bill you. If you are asked for some information when you apply for a password to secure pages, it is used to generate a password and communicate password and other pertinent information to you. When you subscribe to a page, we use your email address only to send notices when the page is updated. The CMAA does not subject data subjects to decisions that have legal effects on them due solely to automated processing of personal data. For U.S. residents, we will send you information about events that may be of interest to you, but you can opt-out of any electronic mailings about future events. We undertake marketing only in compliance with the CAN-SPAM Act, the Telephone Consumer Protection Act, and other applicable law. For EU and U.K. residents, we undertake marketing only with your expressive affirmative consent and in compliance with GDPR and other applicable data privacy laws. EU residents are added to the marketing lists only when they provide express affirmative consent consistent with GDPR and other applicable data protection laws. For Canadian residents, we undertake marketing only with your expressive affirmative consent and in compliance with the Personal Information Protection and Electronic Documents Act (“PIREDA”) and other applicable data privacy laws. Canadian residents are added to the marketing lists only when they provide express affirmative consent consistent with PIREDA and other applicable data protection laws.
DISCLOSURE AND/OR TRANSFER OF PERSONAL DATA
We may collect tracking data while you are on our website. This data is commonly known as cookies and includes your IP address and browsing habits while on our site (www.cocoamerchants.com). Similarly, while visiting our website, we collect data about your computer hardware and software. This data may include your browser type, domain names, access times, and referring website addresses. The CMAA uses Google Analytics for the purpose of tracking cookies. You may turn off Google Analytics and disable cookies in your browser settings. Google Analytics does not share actual IP address data with customers. For more information regarding Google Analytics and tracking technology, please visit www.analytics.google.com Cookies may be disable in your browser settings for broad demographic data, as well as to help make sure that we are delivering the information that you want. “Do Not Track” signals are options available on your browsers to tell operators of website that you do not wish to have your online activity tracked. Our websites operate no differently if these “Do Not Track” signals are enabled or disabled. Our internet services do not allow third parties to collect your personal data or information about your online activities over time or across websites for their own purposes.
In order to respect the privacy of minors, the CMAA does not knowingly solicit, collect, maintain, or process the personal data submitted online through our internet services by anyone under the age of 18 years old. By registering for any of our events, programs, or purchasing any of our services, you represent that you are at least 18 years of age. If we are made aware that personal data from an individual under the age of 18 has been collected, we will take all reasonable measures to promptly delete all associated personal data from our records. Please contact us using our contact information below if you become aware of any personal data that we have collected from an individual under the age of 18.
YOUR RIGHTS All
CMAA members can manage the personal data we possess through their online account preferences page. Please access your online account to manage your privacy preferences. All individuals have the right to opt out of email marketing. You can unsubscribe from our marketing email lists at any time by contacting us using the details provided below. In addition to the rights above, the CMAA is committed to providing all individuals with access to their personal data. If you believe that the CMAA may be processing data about you and wish to have access to that data, we can provide you with that data or at least an explanation of why we cannot do so in the particular context, such as if responding to the request would be unreasonably expensive. Please also let us know if you have any questions, concerns, disputes, or issues. We are always open to dialogue to resolve issues. If your concerns cannot be resolved, we can enter into appropriate third party neutral dispute resolution. If you need to reach us about a privacy or data protection issue, please contact us using our contact information below.
CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (commonly known as California’s Shine the Light Law), California customers are entitled to request information relating to whether a business has disclosed personal data to any third parties for the third parties’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like to make such a request, please submit your request in writing to us using our contact information below.
EU DATA PRIVACY RIGHTS
We store personal data for different periods of time consistent with the purposes for which they were originally collected, as subsequently further authorized, or when required or allowed under GDPR or other applicable law. Individuals in the EU have certain data subject rights, which may be subject to limitations and/or restrictions. These rights may include the right to: (1) request access to and rectification or erasure of their personal data; (2) obtain restriction of processing or to object to processing of their personal data; and (3) the right to data portability. If you wish to exercise one of the above mentioned rights, please send us your request through email to: email@example.com Individuals in the EU may also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.