May 7, 2019 - Version 1.2 - Download the M3AAWG Privacy Notice
We know that your privacy is important. At M3AAWG we are committed to helping you understand how we manage and protect it. This Privacy Notice is provided to inform you of our privacy policies, data collection and usage practices, and our communications with Members and Non-members.
If you have questions or concerns regarding this Privacy Notice, you can contact the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) using this simple online form.
M3AAWG Executive Director
M3AAWG owns and operates the website located at www.m3aawg.org and www.M3AAWG.org. This Privacy Notice describes our practices regarding how personal data we collect on the Messaging, Malware and Mobile Anti-Abuse Working Group (“M3AAWG”) website is used and shared with third parties. By visiting the M3AAWG website or otherwise submitting your personal data to us, you agree to the practices described in this statement. The information that we receive through our website depends on what you do during your visit and what service(s) you request.
All Website Visitors – Members and Non-Members
Cookies and Other Tracking Technologies
Social Media Widgets
IP Addresses and Log Files
An IP address is a number that is automatically assigned to your computer whenever you are surfing the Web. Web servers, the computers that “serve” web pages, automatically identify your computer by its IP address. M3AAWG collects IP addresses for purposes of system administration, to report aggregate information to third parties and to track the use of our site. When visitors request pages from our site or click on a link in a mailing sent through our website, our servers may log the visitors’ IP addresses. We reserve the right to use IP addresses to identify a visitor or mailing list member when we feel it is necessary to enforce compliance with the site’s policies or to protect M3AAWG, the site, its visitors, its services, our internet service provider (ISP) partners, our members or others.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information that we may collect about you. Under some circumstances this information may be used for purposes of systems administration, fraud prevention or server troubleshooting and security.
European Union Users and Other Non-U.S. Users
If you visit our website from a country other than the United States and provide any personal data, your communications will result in the transfer of your personal data across national borders. If you provided your personal data when visiting our website from outside of the United States, you acknowledge and agree that this data may be transferred from your then-current location to our offices and servers and to those of our affiliates, agents, and service providers located in the United States. The United States and such other countries may not have the same level of data protection as those that apply in the jurisdiction where you live or work.
For site visitors who reside in the European Union, we will only transfer your personal data outside of the European Union to those (a) jurisdictions with “adequate protection” as used in the General Data Protection Regulation (the GDPR) governing transfer of personal data outside of the European Union, or (b) entities that have instituted appropriate safeguards as contemplated by the GDPR. In the absence of either of the matters described above, we will only transfer your personal data outside of the European Union with your expressed informed consent. This consent is obtained during registration for each of our meetings and as part of the members’ login process, either initially or periodically, for confirmation.
All Members, individuals with a membership relationship, Non-members, or Guests or Speakers are required to register for the meeting they are attending. The Personal Data required for a registration include name, organizational affiliation, email address, country of residence, mobile phone number, and optionally meal preferences, work title, and emergency contact information.
The meeting registration requires reading and agreeing to this Privacy Notice and an Opt-In acceptance to receive communications related to the meeting. These communications may be by email, texts or mobile phone calls, or written notes and may cover hotel arrangements, meeting logistics, meeting agenda information, and security information.
Personal data collected for the meeting is retained for 45 days and then only name, organizational affiliation, and email address is retained for 15 months. Then all personal data is deleted.
All meeting presentations voluntarily given to M3AAWG for posting on website pages only accessible by members may remain in the archives until such time as M3AAWG decides there is no value or need to retain the information for the members.
Our Members are individuals, companies, organizations and/or institutions that have an agreed membership relationship with us. We collect additional information from those who make this choice. All Member data is covered by this policy.
Membership in M3AAWG is conferred to those entities that submitted a membership request and agreed to the governing documents and policies of M3AAWG and were accepted by the M3AAWG Board of Directors. The information required in a membership application includes the name; address; website URL; a statement explaining why the entity wants a membership; the individual submitter’s name, organizational title and contact information; and owned domain names and sending IP ranges. Other information may be requested as part of a Board of Directors review for membership acceptance and for renewal of the membership every 12 months. Additionally, billing and payment information is obtained as part of our collection of membership dues and other sponsorship commitments. All information submitted during an initial membership request and during renewal reviews may be retained in our archival databases as needed for our contractual membership requirements and for potential legal review.
Individuals who have a contractual relationship – either as an employee or a contractor with a Member entity company, organization and/or institution or as an individual entity – may voluntarily create a membership relationship with M3AAWG by requesting a Member ID to access the Members-only section of our website. Requesting a Member ID requires reading and agreeing to this Privacy Notice and an Opt-In acceptance of including your email contact information in our Members’ email communication list and receiving emails from other members through the Members’ Directory. Additionally, an individual is required to provide certain Personal Data including name, title, company/organization name (entity that holds the membership), and email address.
If your individual personal data changes, you may change your personal membership profile through accessing the Members-only section of the website. Individuals can opt-in and opt-out of committee and special interest group (SIG) communications through the Members-only section of the website.
If you no longer want an individual, personal membership relationship with M3AAWG, you may ask to have your profile deleted by contacting us through this website form. We will respond to your request to be removed within 30 days. However, after M3AAWG deletes your personal profile, all of your emails on any M3AAWG mailing lists that you were a member of will remain in those email archives, as will any contributions to M3AAWG work, presentations or reports submitted for our meetings.
Other Important Privacy Notice Items
Security and Information Protection
The security of your information is important to us. When you enter information such as login credentials on our login form, we encrypt that information using TLS (Transport Layer Security) technology. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. No method of transmission over the internet, or method of electronic storage, is 100 percent secure, however.
When we store information that you have provided to us when registering either as a Member or a Non-member for meetings, that information is protected by security measures that include “firewalls” (a combination of computer hardware and software that helps keep unauthorized visitors from accessing information within our computer network), “intrusion detection systems” (a combination of computer hardware and software that helps detect any unauthorized visitors) and other tools such as data encryption and physical security, where appropriate.
Unfortunately, no data transmission over the internet or data repository can be guaranteed to be 100 percent secure. As a result, while M3AAWG strives to protect your personal information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your personal information. For example, we may be legally required to disclose information to the government or third parties under certain circumstances, or third parties may unlawfully intercept or access transmissions or private communications.
M3AAWG reserves the right to disclose Member and Non-member information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally), the rights or property of M3AAWG, visitors, Members, or anyone else that could be harmed by such activities. M3AAWG also reserves the right to disclose Member or Non-member information when we believe in good faith that the law requires it, such as to comply with a subpoena or similar legal process.
Credit Card Information
Credit card information is not collected or stored on our servers. When you conduct transactions through our site or as part of an on-site meeting registration process, payment and payment card information for these transactions are entered directly into a third-party processor’s systems and are not transmitted through or stored by us. The card processor provides us with an authorization code that is securely stored with the payment record on our servers.
Information Sharing and Disclosure
Except for the limited situations listed here in this Privacy Notice, we will not share your personal data with third parties. We do not sell any personal data. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal data to third parties as part of a legal process.
Contractors and Third-Party Service Providers
M3AAWG uses third parties (including contractors and service providers) to help with certain aspects of its operations, which may require disclosure of your personal data to them. For example, M3AAWG may use a third party to communicate with you (via phone or email) about our meetings logistics, meeting services or meeting agenda. We use a third party and contractors to host our website and related databases and to perform other work that we may need to outsource. M3AAWG requires these third parties to use your personal data only as necessary and, per this Privacy Notice, to perform the services they are contracted to perform. All contractors and third parties are covered by confidentially agreements in their contracts.
We may share some or all of your personal information with any current or future "affiliate" (which means a parent company, a subsidiary, joint venture, or other organization under a common control with M3AAWG), in which case we will require the affiliate to honor this Privacy Notice.
Change of Control/Asset Transfer
As M3AAWG develops, we may buy other entities or their assets or sell all or parts of our organizational assets. Member and Non-member information is generally one of the business assets involved in such transactions. Thus, in the event that the assets of M3AAWG, in whole or in parts, are acquired by a third party, Member and Non-member information, including any visitor information collected through the website or the Service, would be one of the transferred assets. In the event of a corporate change in control or sale of all or parts of our business assets, our users will be notified in accordance with the “Changes to this Policy Notice" section of this policy if their personal information is provided to the new corporate entity or asset purchaser.
We do not knowingly collect information from children under the age of 13 on the website. If you are under the age of 13, please do not use our website or provide any information to us. If we become aware that we have collected information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database. Please contact us immediately if you become aware of any underage individual using our website.
Changes to the Privacy Notice
The terms of this Privacy Notice may change from time to time. We will notify you of any material changes to this Privacy Notice by posting a notice on the homepage of the site. We encourage you to check this page periodically for any changes.
Terms and Conditions
The materials on this site are provided by M3AAWG for informational purposes only. By downloading any material from the site, you agree to our copyright notices on the material and to our Privacy Notice posted on the M3AAWG website.
We value opinions and if you have a question or comment about the M3AAWG website or a request to correct or delete your personal data, please send it to us using our online form on the M3AAWG website or send correspondence to:
781 Beach Street, Suite 302
San Francisco, California 94109, USA