Privacy Policy

Last Updated: August 2019

The Cocoa Merchants’ Association of America (“CMAA”, “we”, “us”, or “our”) is committed to protecting your personal information and your right to privacy. In this Privacy Policy, the user of the CMAA’s website or services shall be referred to herein as “you” or “yours”. This Privacy Policy describes the personal data processing and protection measures undertaken by the CMAA, as well as what information we collect, how we use it, and what rights you have in relation to it. This Privacy Policy applies to all personal data we collect from you in your interactions with the CMAA, which includes, but is not limited to, using our website, registering for or participating in an event, participating in one of our programs (such as the Warehouse Inspection Program), or taking part in one of our participation committees.” The CMAA is a membership-based association focused on bringing together companies within the small cocoa trading community. We collect personal data to enable us to carry out our mission.


The CMAA does not collect any personal data about you unless you specifically and knowingly provide such data. We only collect personal data that is necessary for the purposes set out by our association to promote and further the small cocoa trading community. We collect and maintain contact data such as your first name, last name, business title, firm or organization name, mailing address, e-mail address, business telephone number, mobile telephone number, fax number and other demographic information as appropriate. To the extent that you make payments to the CMAA using a non-cash form of payment, we will collect your payment instrument information (e.g., credit card number, security codes associated with your payment instrument). During certain events, we may take and collect photographs of the attendees in a general atmosphere setting. We also collect data and information in connection with our arbitration facilitation services, which settle disputes arising out of contractual obligations through a review and adjudication procedure by experts in the field.


We collect personal data through a variety of means. The most common method of collection that we use is when an individual provides his or her personal data through our website ( or in connection with one of the services that we offer our members (e.g., the Warehouse Inspection Program or our arbitration facilitation services), or when an individual provides us with data on behalf of other people within their firm or organization. On occasion, personal data is provided to us from third-party sources (other than the individual his or herself), including, but not limited to, industry connections or third-party data and list brokers. Upon receiving this personal data, we contact the data subject within an appropriate amount of time. For individuals who are in-scope of the EU’s General Data Protection Regulation (“GDPR”), the amount of time in which we will contact the data subject will not exceed one month.


We use personal data collected through our website for the association’s business purposes described below. We process your personal data for these purposes on the basis of our legitimate business interests, to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We also use your information for the purposes of connecting you with the CMAA in order to provide you with information about issues and events that may be of interest to you. We use personal data provide to us in connection with the services we offer to our members, such as the Warehouse Inspection Program and arbitration facilitation services. In that way, we use that information within the scope of providing those services. On our website, we keep track of your mailing address so that it may be easier for you to re-register or re-order. Other information is gathered so that we can bill you. If you are asked for some information when you apply for a password to secure pages, it is used to generate a password and communicate password and other pertinent information to you. When you subscribe to a page, we use your email address only to send notices when the page is updated. The CMAA does not subject data subjects to decisions that have legal effects on them due solely to automated processing of personal data. For U.S. residents, we will send you information about events that may be of interest to you, but you can opt-out of any electronic mailings about future events. We undertake marketing only in compliance with the CAN-SPAM Act, the Telephone Consumer Protection Act, and other applicable law. For EU and U.K. residents, we undertake marketing only with your expressive affirmative consent and in compliance with GDPR and other applicable data privacy laws. EU residents are added to the marketing lists only when they provide express affirmative consent consistent with GDPR and other applicable data protection laws. For Canadian residents, we undertake marketing only with your expressive affirmative consent and in compliance with the Personal Information Protection and Electronic Documents Act (“PIREDA”) and other applicable data privacy laws. Canadian residents are added to the marketing lists only when they provide express affirmative consent consistent with PIREDA and other applicable data protection laws.


We may disclose personal data to outside companies that help us bring you the services that we offer. For example, we may work with an outside company to: (1) manage our databases; (2) assist us in distributing emails; (3) assist us with direct marketing and data collection; (4) provide us with storage services and data analytics; (5) provide fraud protection and prevention; and (6) provide other services designed to assist us in maximizing our business potential. We require that these outside companies agree to keep confidential all data that we share with them and to use the data only to perform their obligations within the scope of our agreements with them. We do not disclose any personal data collected from third parties except in very limited circumstances. Such circumstances include disclosures of your business contact information to third party vendors that are sponsors or exhibitors at the CMAA’s events. Additionally, your business contact data may be used to send information about the CMAA or any of its events, programs, or activities. You can choose to “opt out” of any electronic mailings for future events and/or programs, although we may need to contact you regarding membership matters. We may disclose data to comply with applicable laws and regulations, such as to respond to a subpoena or similar legal process, to protect against misuse or unauthorized use of our website (, to limit our legal liability, and to protect our rights or to protect the rights, property, or safety of visitors of this website or the public, and to otherwise cooperate with law enforcement or regulatory authorities. We may transfer or share a copy of personal data about you in the event that the CMAA or one of its properties or affiliates goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets. You will be notified through email or prominent notice on our website ( prior to a change of ownership or control of your personal data or if your personal data will be used contrary to this Privacy Policy. Nothing in this Privacy Policy is intended to interfere with the ability of the CMAA to transfer all or part of its business and/or assets to an affiliate or independent third party at any time, for any purpose, without any limitation. The CMAA specifically reserves the right to transfer or share a copy of personally identifiable data collected from its website ( to the buyer of that portion of its business relating to that data. Such transfers may involve the transfer of your data between jurisdictions and outside of the jurisdiction in which you submitted your data, including to jurisdictions that the EU may not deem to provide “adequate” data protection. Please do not provide the CMAA with any data or information that you do not wish to be transferred between these entities.


We may collect tracking data while you are on our website. This data is commonly known as cookies and includes your IP address and browsing habits while on our site ( Similarly, while visiting our website, we collect data about your computer hardware and software. This data may include your browser type, domain names, access times, and referring website addresses. The CMAA uses Google Analytics for the purpose of tracking cookies. You may turn off Google Analytics and disable cookies in your browser settings. Google Analytics does not share actual IP address data with customers. For more information regarding Google Analytics and tracking technology, please visit Cookies may be disable in your browser settings for broad demographic data, as well as to help make sure that we are delivering the information that you want. “Do Not Track” signals are options available on your browsers to tell operators of website that you do not wish to have your online activity tracked. Our websites operate no differently if these “Do Not Track” signals are enabled or disabled. Our internet services do not allow third parties to collect your personal data or information about your online activities over time or across websites for their own purposes.


In order to respect the privacy of minors, the CMAA does not knowingly solicit, collect, maintain, or process the personal data submitted online through our internet services by anyone under the age of 18 years old. By registering for any of our events, programs, or purchasing any of our services, you represent that you are at least 18 years of age. If we are made aware that personal data from an individual under the age of 18 has been collected, we will take all reasonable measures to promptly delete all associated personal data from our records. Please contact us using our contact information below if you become aware of any personal data that we have collected from an individual under the age of 18.


CMAA members can manage the personal data we possess through their online account preferences page. Please access your online account to manage your privacy preferences. All individuals have the right to opt out of email marketing. You can unsubscribe from our marketing email lists at any time by contacting us using the details provided below. In addition to the rights above, the CMAA is committed to providing all individuals with access to their personal data. If you believe that the CMAA may be processing data about you and wish to have access to that data, we can provide you with that data or at least an explanation of why we cannot do so in the particular context, such as if responding to the request would be unreasonably expensive. Please also let us know if you have any questions, concerns, disputes, or issues. We are always open to dialogue to resolve issues. If your concerns cannot be resolved, we can enter into appropriate third party neutral dispute resolution. If you need to reach us about a privacy or data protection issue, please contact us using our contact information below.


Under California Civil Code Section 1798.83 (commonly known as California’s Shine the Light Law), California customers are entitled to request information relating to whether a business has disclosed personal data to any third parties for the third parties’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like to make such a request, please submit your request in writing to us using our contact information below.


We store personal data for different periods of time consistent with the purposes for which they were originally collected, as subsequently further authorized, or when required or allowed under GDPR or other applicable law. Individuals in the EU have certain data subject rights, which may be subject to limitations and/or restrictions. These rights may include the right to: (1) request access to and rectification or erasure of their personal data; (2) obtain restriction of processing or to object to processing of their personal data; and (3) the right to data portability. If you wish to exercise one of the above mentioned rights, please send us your request through email to: Individuals in the EU may also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.


The CMAA will occasionally update this Privacy Policy to reflect the association’s and members’ feedback. The CMAA encourages you to periodically review this Privacy Policy to be informed of how the CMAA is protecting your information.OUR CONTACT INFORMATION If you have any questions or comments about this Privacy Policy, you may contact us at