Version 2.0 Last updated on June 15, 2018
3. COLLECTION OF PERSONAL INFORMATION
“Personal Information” is any data that can be used to identify, or is attributable to, a specific individual.
The FAF, FASB or GASB may gather Personal Information from you in both our online and offline processes. The types of information collected may include, but are not limited to, your name, email address, organizational affiliations, personal preferences, phone number, payment information, residential and/or business postal addresses. You are not required to provide us with all of the Personal Information listed above, but if you do not do so, we may not be able to effectively provide you with our products, services and information.
We only collect "sensitive" personal information when the relevant individuals voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes personal information regarding a person's race, ethnicity, political beliefs, religious or similar beliefs, physical or mental health, or criminal record. Please use your discretion when providing sensitive information to us, and under any circumstances, do not provide sensitive information to us unless you thereby consent to our use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in our databases. If you have any questions about whether the provision of sensitive information to FAF is, or may be, necessary or appropriate for particular purposes, please contact us at firstname.lastname@example.org.
In the course of providing you with the services you find on our Websites, our Web and application server might collect usage-related information, including the URLs that you access through our Site, the date and time of your usage, your Internet protocol (IP) address, your Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, number of clicks, and your browser type.
The FAF, FASB and GASB collect Personal Information in one or more of the following ways:
- From communications, requests, comment letters, submission of academic papers, submission of transition resource group issues (where applicable), surveys, technical inquiries and suggestions submitted by you
- Through phone, fax, mail or email communications, including communications you originate from the "Contact Us" page or other Site areas
- Through credentialing processes for access to certain types of Site use or requests
- Through third party service providers, including products and service fulfilment and distribution (See “Financial Transactions”)
- Through registrations to attend or participate in a meeting, event, Webcast, information session, or other activities in connection with our standard setting operations, or oversight of the same (either for FAF, FASB or GASB or a third party
If you make a payment for any of our products or services, you will be engaging in a financial transaction through our webstore, https://www.fasb.org/store. If you provide financial information through our onsite webstore, such financial information is collected and processed through a third-party provider. We – and the third-party providers - use technology designed to encrypt the transmission of data to us through the system, as well as financial information we receive, transfer or maintain. Any payment details you provide are used solely for billing purposes by our payment providers. We do not store payment information on our systems, and only authorized employees at FAF can view transaction information.
Types of cookies we may use on our Websites include:
- Session cookies: These temporary cookies expire and are automatically erased whenever you close your browser window. We may use session cookies to grant our users access to content and to enable actions such as remembering application or payment information as you are in the process of entering it.
- Persistent cookies: These cookies usually have an expiration date in the distant future and remain in your browser until they expire, or you manually delete them. We may use persistent cookies to better understand usage patterns, so we can improve the Websites for our users. For example, we may use a persistent cookie to associate you with your account or to remember your choices on the Websites.
4. USE OF INFORMATION
Bases for Processing Your Personal Information
We will process your Personal Information in furtherance of its legitimate interests in operating our Services and business on the following bases:
- Our legitimate interests, which include:
- for the purposes of providing and enhancing the provision of our products, services and information in furtherance of our standard setting activities;
- for the performance of a task in the public interest or in the exercise of official authority vested in the party who controls such data; or
- for the purposes of legitimate interests pursued by the controller or third party, other than instances where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
- Where such processing is necessary to perform our contract with you or to take steps before entering into our contract with you; and
- As necessary to comply with our legal obligations, resolve disputes and enforce our contractual agreements.
Use of Information
Your Personal Information may then be used:
- As part of our standard setting activities, and due process, both for individuals and as aggregated information in a non-attributable form
- To provide our products, materials and services to you
- To enhance and improve our products and services, for example, by performing internal research, analyzing user trends and measuring demographics and interests
- To process invoices or payments from or to you (including reimbursements or payments for any products or services that you choose to purchase from us)
- Internal purposes, such as website and system administration or internal audits and reviews
- To respond to your requests and inquiries
- To request, or otherwise in connection with, your participation in surveys, focus groups, meetings, events, Webcasts, information sessions, or other initiatives which help us to gather information used to further our standard setting activities, or oversight
- To comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order) or to carry out internal investigations
- For internal administration and record keeping
- Support the operation of the Site (for example, account maintenance, capacity planning, and troubleshooting, security issues)
Retention of Data
Unless a longer retention period is required by applicable law or our own internal data retention requirements, we will retain your information for as long as any customer account or stakeholder interaction is active, as well as for a short additional period afterwards to cover any outstanding issues or queries that may arise in relation to your account (for example, outstanding payments). This period of retention is subject to our review and alteration.
Consent to Transfer of Information from Outside the United States
If you access the Websites from outside of the United States, information that we collect about you will be transferred to servers inside the United States (or as part of cloud-based services) and maintained, which may involve the transfer of information out of your country of origin. By allowing us to collect information about you, you consent to such transfer and processing of your data.
5. DISCLOSURE OF INFORMATION
It is our commitment that your Personal Information is disclosed only to third parties to the extent needed to deliver a business-related service or program or in compliance with FAF, FASB and GASB standard setting process or related activities. Vendors are prohibited from using this information for any purpose outside of the scope of the prescribed activities.
Bases for Third-Party Disclosure
We may disclose your Personal Information to third-parties from time to time under the following circumstances:
- You request or authorize the disclosure of your personal details to a third party.
- The information is provided to our agents, vendors or service providers who perform functions on our behalf. See below for additional details.
- The information is disclosed as part of the standard setting process or supporting internal operations, i.e. to:
- Third-party contractors and payment processors who perform services for us: (i) in connection with the Websites, (ii) to complete or confirm a transaction or series of transactions that you conduct with us, or (iii) to enable that party to perform business, professional or technical support for us.
- Complete internal and externally based audits
- In connection with the standard setting process
- In the aggregate as part of research on our users' demographics, interests, and behavior based on the information we collect, for example, during registration.
While the specific identity and categories of such third-party recipients may change, it is expected that any Personal Information disclosure would be to the following categories of third-party service providers who perform functions on our behalf.
- Hosting providers for the secure storage and transmission of your data
- Database software providers for the management and tracking of your data
- Legal and compliance consultants, such as external counsel, external auditors, or tax consultants
- Marketing, authentication, fulfilment, distribution and payment solution providers for the secure offering, fulfillment of our products and services, and/or processing of payments you provide to us
- Publishers, providers or strategic partnerships who develop products on our behalf
- Technology providers who assist in the development and management of our web properties or technology solutions and support
- Our volunteers, advisory council, trustee or committee members who perform various functions on our behalf, or in support of our standard setting activities
- Survey and research providers who perform studies on our behalf
- Strategic or professional advisory service providers or consultants acting on our behalf, or providing services
In addition, there are public disclosures made as part of the standard setting process. Specifically, comment letters and other communications that the FAF, FASB or GASB receives that we determine to be part of our due process public record, may be posted or otherwise made available for public inspection. Individuals or entities providing such comment letters or communications are thus agreeing to full use by FAF, FASB or GASB and public accessibility.
6. Privacy of Minors
FAF Websites are not to be used by persons under the age of 16. If we become aware that a person under the age of 16 is using our Websites and are asked to delete any data that we have collected about that minor, we will do so.
FAF, FASB and GASB are committed to maintaining the security of information under our control. We take steps to protect all user data we collect against any unauthorized access. However, you should keep in mind that the Websites are run on software, hardware and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control. While we take steps to protect your Personal Information and keep it secure, you also play a role in protecting your information. You must maintain the security of your online transactions by not sharing your passwords and account information with any unauthorized parties.
Links to Other Websites
8. UPDATES, Information Requests AND CONSENT
If you supply FAF, FASB or GASB with certain identifying information, you may receive communications from FAF, FASB or GASB. However, you are entitled to request that we cease or limit our use of your Personal Information in certain circumstances—for example, if we have no lawful basis to use your data, if you believe your personal data is inaccurate, or if you wish to modify or withdraw previously provided consent to use certain data.
User Rights and Information Requests
As a user, you have the right to:
- Be informed of the use of your Personal Information
- Access and/or to require the correction or erasure of your Personal Information
- Block and/or object to the processing of your Personal Information
- Not be subject to any decision based solely on automated processing of your Personal Information
- In limited circumstances, receive Personal Information in a format which may be transmitted to another entity.
- To request information regarding how your personal information is being used by us, including:
- the reasons why your data is being processed;
- the description of the personal data concerning you; and
- third-party processing or access of data.
To the extent permitted by law, a fee may be assessed in connection with our responding to such a request.
You may seek to exercise any of these rights by updating your information online (where possible) or by sending a written request to: email@example.com.
Note that we will respond to any requests for access to information in accordance with any applicable statutory requirements.
If you do not wish to receive such communications from the FAF, FASB or GASB, you can opt out of receiving them by contacting us at firstname.lastname@example.org. Further, if you believe that FAF lacks a lawful basis for using your personal data, please notify us at email@example.com.
Note that even if you opt out of receiving emails, you may still receive communications related to the FASB and GASB standard setting activities or otherwise as required by law. Also note that we may need to keep information we have collected about you for record-keeping, research and other purposes.
NOTE THAT OPTING OUT OR UPDATING PREFERENCES WITH A THIRD-PARTY PROVIDER DOES NOT CONSTITUTE AN OPT OUT OR UPDATE WITH FAF. ONLY THOSE REQUESTS MADE DIRECTLY TO FAF WILL CONSTITUTE A REQUEST WITH RESPECT TO INSTANCES OF DATA HELD AND CONTROLLED BY FAF.
Updating Your Data on File with the FAF, FASB or GASB
Individuals are responsible for providing accurate and complete personal information, and for contacting us if correction of such information is required. You can request access to the information the FAF, FASB or GASB has collected on you or have factual inaccuracies in this information corrected by contacting us at firstname.lastname@example.org.
Please allow ample time for us to process any request to opt out or update your file.
Please note that if you unsubscribe or change your preferences on one of our specific Websites, that may not be deemed to apply to all instances we maintain of your Personal Information unless you make a general request to email@example.com.
You may report any recommendations, suggestions, or any suspected breaches of privacy or security to us by us at firstname.lastname@example.org, or to the address below. All reports of suspected breaches will be investigated by us. Any controversy or claim related to privacy that cannot be settled to your satisfaction shall be settled by arbitration, in accordance with its arbitration rules, and judgment upon the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.
Financial Accounting Foundation
401 Merritt 7
Norwalk, CT 06856