The National Association of Attorneys General Privacy Policy and Cookie Notice
Effective Date: June 5, 2020
Scope – Data Collection – Cookie Notice – Data Use and Disclosure – Updates – Further Assistance
The National Association of Attorneys General is committed to protecting individuals’ privacy while fulfilling its mission to support the 56 state and territorial attorneys general in fulfilling their responsibilities and to assist in the delivery of high quality legal services. This policy describes how we collect, use, disclose, and protect personal and non-personal data relating to our members, program participants, website visitors and other individuals who interact with us.
Scope
This policy applies to the National Association of Attorneys General and to all its subdivisions and sibling organizations, including the National Attorneys General Training and Research Institute (NAGTRI), the National Association of Medicaid Fraud Control Units (NAMFCU), the Society of Attorneys General Emeritus, the NAAG Center for Supreme Court Advocacy, the NAAG Center for Tobacco and Public Health and the NAAG Mission Foundation (collectively, “the NAAG,” “we,” or “us”).
Please note that this Privacy Policy and Cookie Notice does not cover third-party websites or applications. If you interact with us using a third-party website or application, such as a social media platform, or use our services through a third-party website or application, such as by using a NAAG-funded e-discovery platform, you will share data with the third party in accordance with the third party’s privacy policy. The third party can use or share the data it receives according to its own practices and policies. We strongly encourage you to review the privacy notice published by any third party before using its websites or applications.
Data Collection
How we collect personal and non-personal data
We collect both personal data and non-personal data from individuals who visit our websites, use our products or services, or otherwise interact with us. Personal data means information that can reasonably be connected to a specific individual. Non-personal data means information that cannot reasonably be connected to a specific individual.
We collect personal data from individuals who voluntarily provide such information. For example, we collect personal data that individuals provide to us when using, purchasing, providing feedback about, or inquiring about our products or services. For example, we collect personal data from our member organizations and their staff, individuals who register for our trainings and conferences, order one of our publications, sign up for a newsletter, or sign up to participate in NAAG-facilitated initiatives. This information typically includes the individual’s name, title, name of company or organization, business address, business phone, and email address. If payment is submitted online, we use an authorized third-party provider to collect and process payment information in a reasonably secure manner. We do not store detailed credit card or check payment information on our systems.
We also collect personal data from our members and other organizations about third parties. For example, our members may nominate candidates for participation in competitive NAAG programs, scholarships, or our International Fellows Program. Partner organizations around the world may provide us with contact information for individuals interested in collaborating with us or our members, using our products or services, or attending a NAAG event or training program. Our members and partner organizations should ensure that they have any necessary consent before providing us with personal data belonging to a third party.
Additionally, we automatically collect personal data from users who visit any of our online resources, including our websites and mobile apps. For example, we may automatically collect visitors’ Internet Protocol (IP) addresses, the general location where the user’s computer is accessing the Internet, browser type, operating system, device type, and pages viewed.
We also automatically collect non-personal data from visitors to our website and users of our online services, such as the average time spent on our website, number of pages viewed, information that visitors search for, and other relevant statistics. We may also collect nonpersonal data through offline means, such as anonymous surveys.
Can other companies collect information from individuals who use our websites and other online services?
In many cases, yes. We work with partner companies to assist in running certain aspects of our online services that require collection of personal data. For example, we work with other companies to process credit card transactions and help us run surveys, and these partners may collect personal data directly from users. You should carefully review the privacy statement for each product you use to determine how these third parties will use the data they collect.
Additionally, third-party companies that offer website analytics and application monitoring tools to us may gather personal and non-personal data from visitors to our websites and online services, including by using cookies. These companies may use information collected from visitors over time and across third-party websites and online services. For more information, see our cookie notice below.
Collection of data from children
We have not designed our website or any other of our online services or products for use by children, particularly young children, and do not knowingly collect personal data from young children under 16. If you are a minor under the age of 16 and have used any of our online services or products (or you are the parent of a minor under the age of 16 who has used any of our online services or products), please contact us at privacy@naag.org so that we may undertake reasonable efforts to remove your (or your child’s) personal data from our systems.
Limiting the personal data we collect
Individuals have choices when it comes to the data they share with NAAG. When we ask individuals to provide personal data, they can decline. In some instances, the use or function of a product or service may require some personal data; if you decline to provide personal data in those circumstances, you may be unable to use a product or service. In other instances, we need to collect personal data by law or to enter into or carry out a contract with you; if you do not provide the data, we will not be able to enter into the contract. Our cookie notice describes how you can limit what personal data we collect through automatic means.
Our Cookie Notice
We automatically collect personal and non-personal data from visitors to our websites and users of our online service by using automated technologies, including cookies. “Cookies” are small text files that a website saves on a computer or mobile device when an individual visits a website. Cookies assist us in enhancing a user’s experience when visiting any of our websites or using our online services. They also help us understand how people use our sites and services, so that we can better serve our members and users.
We also use data analytics tools, including Google Analytics and Matomo, to provide us with personal data about your use of our websites and online services. These companies may use information collected from visitors over time and across websites and online services. Learn more about the privacy practices of Google Analytics and Matomo on those companies’ websites.
You may configure your internet browser to reject cookies. However, this may affect your ability to effectively use our website and online services. Our site is not configured to recognize “do not track” signals.
If you would like to learn more about cookies and other tracking technologies, and what you can do to limit organizations’ ability to track you online, the U.S. Federal Trade Commission publishes a consumer guide that may be of interest, available here.
Data Use and Disclosure
How we use personal and non-personal data
We use personal data to run our organization and to serve our members and program participants. For example, we use personal data to respond to member and event participant inquiries; determine organizational priorities; and provide information about NAAG events and services, as well as public policy issues affecting our members. Additionally, we use personal data to improve our website and other online services, and to help us figure out ways to improve our events, products, and services.
We may also use personal data to detect, prevent, or otherwise address fraudulent, malicious, or damaging use of any of our systems, services, products, or property; to the extent allowable by law in an emergency or where necessary to protect public safety; or as required by law.
We use non-personal data for a variety of purposes. For example, we may use aggregated and anonymized data to improve our websites, understand our visitors’ needs, and administer websites and online services. We reserve the right to use and disclose non-personal data for any lawful purpose.
How we share personal and non-personal data
We will not sell or otherwise disclose personal data to third parties for commercial gain or to allow other organizations or companies to market their own products or services to you. However, we may work with other organizations—such as event planning companies or software companies—who use or store personal data on our behalf, so that we can run our organization or better serve our members and program participants. We also occasionally share personal data with other U.S. or non-U.S. organizations that share our mission of public service. Before disclosing personal data to another organization under these circumstances, we will require the organization to treat the information in a way that is consistent with this Privacy Policy and, where required by law, will obtain your prior consent.
We may also disclose personal data (i) to the extent allowable by applicable law, in order to detect, prevent or otherwise address fraudulent, malicious or damaging use of any of our systems, services, products or property, (ii) to the extent allowable by applicable law, in an emergency or where necessary to protect public safety and (iii) as required by law, such as in response to a valid warrant or subpoena.
We occasionally provide non-personal data to other organizations, primarily for research purposes. However, we reserve the right to share non-personal data with third parties whenever allowable by applicable law.
How we secure personal data
We are committed to protecting the security of personal data. We use reasonable security technologies and procedures to protect users’ personal data from unauthorized access, use, alteration, or disclosure and from accidental loss or corruption. We require any third parties to whom we disclose personal data to also employ reasonable security measures to protect personal data.
That said, no system can guarantee absolute security. If we discover a data security incident affecting personal data that we have collected, we will notify affected individuals at least to the extent required by law.
Our data retention policy
We retain personal data for as long as is reasonably necessary to fulfil an individual’s request, as long as is reasonably necessary for a legitimate organizational interest of ours, or as long as you provide continued consent to our retention of your personal data. If you have questions about whether we have retained specific personal data about you, please contact privacy@naag.org.
Location of data
We are a U.S.-based organization, with our headquarters in Washington, D.C. We store personal data on our servers or the servers of trusted service providers who use or store personal data on our behalf. We may export personal data from the United States in any manner allowable by law and consistent with this Privacy Policy.
Updates
We reserve the right to amend this Privacy Policy and Cookie Notice at any time, for any reason allowable by applicable law. We will post any new Privacy Policy and/or Cookie Notice on our website, and we will provide a prominent disclosure on our homepage, www.naag.org, if we implement changes to our Privacy Policy and/or Cookie Notice that will result in materially less protection for personal data collected after the effective date of the new policy. We will not use or disclose personal data we collected pursuant to this version or an earlier version of our Privacy Policy in a manner that is materially less protective than this version of our Privacy Policy without first obtaining your consent.
Need further assistance?
You can contact us at privacy@naag.org or at the following postal address with any questions, concerns, or requests to delete, export, correct, or restrict our use of your personal data.
Chief Administrative Officer
National Association of Attorneys General
1850 M St., NW, 12th Floor
Washington, D.C. 20036
Individuals located in the European Union have a right to lodge a complaint about our privacy policies or practices with the data protection supervisory authority in their country of habitual residence. Contact information for EU data protection authorities is located here. Individuals located in other nations may have similar rights to lodge a complaint with their own local authorities.
