This Privacy Policy explains our data practices regarding Personal Data (as defined below) and other information that we collect in connection with (identified as Portals):

1. your use of our websites raps.org where you can join, purchase products and services, sign up to receive RF Today, and read the latest regulatory news and information; connect.raps.org where you can participate in Regulatory Exchange (RegEx), our online regulatory community; and learningportal.raps.org where you can access online training and education;
2. your use of our mobile applications (i.e. for Convergence);
3. RAPS events you may attend;
4. your exams taken for the RAC;
5. your response to surveys conducted by RAPS.

By using our Portals, you consent to policies and practices described in this Privacy Policy. If you do not agree with the data practices described in this Privacy Policy, you should not use our Portals.

EU Data Subjects

Scope. This section applies if you are an individual located in the European Union (“EU”) (“EU Data Subject”). For these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland.

Data Controller. RAPS is the data controller for the processing of your Personal Data.

Your Rights. Subject to applicable law, you have the following rights in relation to your Personal Data:

 

• Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
• Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
• Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
• Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
• Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
• Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so: If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or if we are processing your Personal Data for direct marketing.
• Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
• Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
• Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

You may exercise your rights by contacting us as indicated under “Contact Us” section below.

Legitimate Interest. “Legitimate interests” means the interests of RAPS in conducting and managing our organization. For example, we have a legitimate interest in processing your Personal Data to analyze how the Portals, and our products and services are being used by you, and to ensure network and information security, as described in this Privacy Policy. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent by utilizing the Portal or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section above.

Data Transfers. We have entered into Data Processing Agreements for the international transfer of Personal Data collected in the European Economic Area and Switzerland with certain service providers, customers and other parties, or we rely on vendors who have self-certified to the EU-U.S. or Swiss-U.S. Privacy Shield to transfer Personal Data to the United States.

Our Collection of Your Personal Data

RAPS collects and uses information that, alone or in combination with other information, could be used to identify you (“Personal Data”) in order to deliver our products and services, administer membership, process applications, inform you of various opportunities, and provide support, as described below (please also see the “How We Use Information” section below).

Personal Data that you voluntarily provide to us. RAPS primarily collects Personal Data provided to us by individuals when they interact with our products, services, staff, and Portal.

The types of Personal Data that we collect vary based on the services offered on the Portals, but generally include your name, address, telephone number, company name, job title, email address, and other information that you voluntarily submit to us.

Moreover, when you personalize a profile on our Portals, we will collect the information that you elect to add to your profile, such as a biography, your education and job history, company information. We also collect information that is provided, posted or uploaded by users to Portals. We do not control the content that users post to Portals. At all times, you should carefully consider whether you wish to submit Personal Data and whether you wish to make your profile available to other users, and you should tailor any content you submit appropriately. You should also review any additional terms and conditions that may govern your use of our services on the different Portals.

Users may contact RAPS at any time at the contact information below to modify their preferences.

Information Received from Other Sources. We may receive information about you from publicly available and third-party databases, services, or events that provide information to RAPS, or from third parties from whom we have purchased information. This may include an individual’s name, email, job title, contact information. This helps us to update, expand and analyze our records, identify new customers and members, and provide products and services that may be of interest to you.

Automatically Collected Data. As you interact on our Portals, we may collect information about your computer or device and visits to one or more of our Portals (“Automatically Collected Data”) through cookies, web beacons and other technologies, Internet Protocol (IP) address tracking/URL tracking, and other tools (collectively, “Tracking Technologies”). The types of Automatically Collected Data collected on our Portals through the use of these and other tools that we may add from time to time may include: the search terms you used, new or returning user information, browser information, computer or device type, operating system, internet service provider, website usage, referring/exit pages, platform type, date/time stamp, number of clicks, and ads viewed. Please see the “Tracking Technologies” section below to learn more about how we use Tracking Technologies.

How We Use Information

Provide our products and services and respond to requests. We use the Personal Data we collect from you (unless otherwise restricted by law) to:

• Provide you with membership benefits and services.  For EU Data Subjects, such use is necessary for the performance of the contract between you and us.
• Provide you support or other services you have purchased from us. For EU Data Subjects, such use is necessary for the performance of the contract between you and us.
• Respond directly to your information requests (including registrations or other specific requests) or other inquiries. For EU Data Subjects, such use is necessary to respond to or implement your request prior to entering into a contract with us.
• Provide attendance, access to systems, products, or services that you have requested or have purchased from us.  For EU Data Subjects, such use is necessary for the performance of the contract between you and us.

Marketing. We also use your contact information to contact you by email, mail or by phone regarding information that we think may be of interest to you. If you do not wish to receive marketing materials, brochures, or emails from RAPS, you may inform us of your preference by changing your preferences online, or by faxing a letter, email or calling RAPS at the contact information below. You may also email us directly and unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails.

Portals may send you push notifications from time-to-time in order to update you about any events or information. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.

Where required by the applicable law (for example, if you are an EU Data Subject), we will send you marketing information or notifications only with your consent, which was given at the time you provided us with the Personal Data. For EU Data Subjects, please refer to the “EU Data Subjects” section below for information on your rights. For California residents, please consult the “Your Privacy Rights” section below for additional considerations.

With your permission, we may also use information you provide to us as a testimonial posted on the Portals.

Automated Decision-Making and Profiling.  Automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of Personal Data to evaluate certain things about an individual) may be utilized to provide information of related services of interests to RAPS users when explicit consent or contractual agreement is provided.

Correspondence. If you correspond with RAPS via email, phone, fax, mail, our web forms, or other form of communication, we may retain the correspondence and the information it contains. We may use the information for business purposes, including responding to your inquiry, notifying you of RAPS-related opportunities, and other marketing purposes (please read the Marketing section above for more information on our marketing practices and how to opt out or unsubscribe).  We may also use this data to analyze response times, questions or issues, in order to determine customer needs to improve practices and create solutions.

URL and IP Address. RAPS collect information about users’ IP addresses, including users’ utilization of our Portals, to help us design our Portals to better suit our users’ needs. We may use information about your IP address to help diagnose problems with our server, administer our Portals, analyze trends, track visitor movements, and gather information that assists us in identifying visitor preferences. We also may use your IP address to enhance our security and investigate an actual or potential security incident. For EU Data Subjects, this use of your information is necessary for our legitimate interests in understanding how the Portals and our Services are being used by you, to improve your experience on it and ensuring network and information security. For more information about what we mean by legitimate interests, and when we may process Personal Data for our legitimate interests, please see the “EU Data Subjects” section below.

Aggregated Data. We may also compile, anonymize and/or aggregate Personal Data and other information collected about Portals’ visitors, as described in this Privacy Policy, and use such anonymized and/or aggregated data for our business purposes, including disclosing such data to our partners, service providers, advertisers and/or other third parties for marketing or promotional purposes. This aggregate information does not identify you. For EU Data Subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Portals and our products and services are being used by you and to improve your experience on it. For more information about what we mean by legitimate interests, and when we may process Personal Data for our legitimate interests, please see the “EU Data Subjects” section below.

Disclosure of Information

RAPS discloses Personal Data in accordance with the terms set forth in this section. 

We share your Personal Data with third parties who provide certain services to us to assist us in meeting business operation needs.  These parties are authorized to process your Personal Data, on our behalf and pursuant to our instructions, only as necessary to provide these services to us. We share your Personal Data with the following service providers:

• Association Management Systems (AMS) for membership and ecommerce
• Content Management Systems (CMS) as necessary to serve website content
• Learning Management Systems (LMS) as necessary to serve online courses and webcasts
• Email and Marketing Automation provider as necessary for sending emails to our users
• Online community platform and app that integrates with the above services
• Providers of payment processing and accounting, as necessary to process payment from our users
• Customer Relationship Management (CRM) platform as necessary for sales lead tracking
• Providers of event registration systems and services as necessary for events
• Customer service providers
• Sales and marketing providers as necessary for marketing efforts
• Providers for RAC certification examinations
• Providers of research and analytics services, including Google Analytics
• Providers of cloud computing infrastructure services

We may also disclose Personal Data to third parties in the following circumstances: (1) if you request or authorize (when required by the law, we will inform you in advance of the third parties to which we may provide your data and the purpose for doing so, and we will obtain your prior consent for such use); (2) the information is provided (a) to comply with the law (for example, to comply with a search warrant, subpoena or other legal process), (b) to enforce an agreement we have with you, (c) to protect our rights, property or safety, or the rights, property or safety of our employees or others, (d) to investigate fraud, or (e) to respond to a government request or to lawful requests by public authorities, including to meet national security or law enforcement requirements; (3) to address emergencies or acts of God; (4) to address disputes, claims, or to persons holding a legal or beneficial interest; (5) if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, in which case your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.

We collect, store and process the information from our Portals which can vary in location depending on the service. If you are outside the U.S., then your Personal Data and other information may be transferred to the U.S. portal to provide a service. The data privacy and data protection laws outside your country may offer less protection than the laws in your country. In some cases, we have entered into Model Contractual Clauses for the international transfer of Personal Data collected in the European Economic Area and Switzerland with certain service providers, customers, and other parties, or we rely on vendors who have self-certified under the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks.

The Portals use interfaces and links with social media websites or platforms that are owned and/or controlled by third parties, such as Boxwood, Facebook, LinkedIn, Twitter and others (“Provider Sites”). If you choose to “like” or share information from a Website through any Provider Sites, or if you are a member of a Provider Site that interfaces with or links from our Portals, the information that you share with the Provider Sites will be governed by the specific privacy policies and terms of service of the Provider Sites and not by this Privacy Policy. You should review the privacy policy of that Provider Site before choosing to access and use any Provider Site, including interacting with our pages on those sites.

How You Can Access and Change Information

RAPS acknowledges that you have the right to access your Personal Data. Our Portals and Apps allow you to access, correct, amend, or delete inaccurate data. In case you request us to remove data, we will respond within 30 days.

Upon request, RAPS will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied.

If you are an EU Data Subject, please see the “EU Data Subject” section below for information on your rights in relation to the Personal Data we hold about you.

Our Security Measures to Protect Your Personal Data

We are committed to taking reasonable efforts to secure the information that you choose to provide us, and we use a variety of security technologies and procedures to help protect against unauthorized access to or alteration, disclosure, or destruction of Personal Data.

We retain your Personal Data for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. We retain Personal Data collected through the Portals we process on behalf of our Clients for as long as needed to provide services to our Client and pursuant to our contract with that Client.  Contractual and financial information is retained for seven years, contractual RAPS governance information is retained permanently, and marketing leads are retained for 3 years.

Tracking Technologies

RAPS and its Portals use cookies and other technologies to analyze trends, administer the Portals, track users’ movements around the Portals, to gather demographic information about our user base as a whole and to collect information about your browsing habits in order to make advertising relevant to you and your interests, as described below.

When you first visit the Portals, you will be asked to consent to the use of cookies and similar technologies on the Portals in accordance with this Policy, and if you accept, we will store cookies and similar technologies on your computer.

I. What Are Cookies
Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information. For example, cookies can store your session information for easy log-in to a website or Platform, or your language or user interface customization preferences or may allow websites to record your browsing activities (for example, number of page views, number of visitors, and time spent on each page). 
We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for a set period of time or until you delete it. 

II. How We Use Cookies
We classify cookies in the following categories:

Categories of Use	Purpose	User Action
Strictly Necessary	These cookies link the actions of a user during a browser session in order to allow navigation around web pages, access to secure areas of the Portals or Platforms and help make the services available through our Portals and Platforms work. Without these cookies, basic functions of the Portals and Platforms would not work. On the Platforms, we use session cookies for authentication and authorization purposes and to track a visitor’s identity during a particular session.	Because these cookies are strictly necessary to deliver our services, users cannot refuse them. You can block or delete these cookies by changing the browser settings as explained below
Preferences	These cookies are used to store choices you make and your preferences regarding our services (such as your user name, language or the region you are in, enable user interface customization). These cookies allow us to provide enhanced, more personalized features (such as enabling customer support for users via live support chat). These cookies are not essential for using our services. However, without these cookies, certain functionality may become unavailable or may not function properly. On the Platforms, we use user interface customization cookies to store Clients’ preferences such as grid preferences (columns, sort order, etc.) or to enable certain functions, such as to prepopulate the input of the RSS feed dialog.	You can block or delete these cookies by changing the browser settings as explained below.
Analytics	These cookies allow us to recognize and count the number of visitors and to see how visitors move around the Portals and Platforms when they are using it. This helps us to improve the way our Portals and Platforms work, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like number of page views, number of visitors, and time spent on each page. In particular, we use cookies from Google Analytics, a web analytics service provided by Google Inc. (“Google”). The information collected by Google (including your internet protocol (IP) address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of evaluating your use of the Portals, compiling reports on the Portals activity and providing further services to us relating to the Portals usage. Learn more about Google Analytics’ privacy practices, and see a copy of Google’s privacy policy, at the following link: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631. We use Analytics cookies from HotJar on the Portals to analyze and evaluate the use of our sites and improve our services and features. Learn more about HotJar’s privacy practices here. On our CMS, Kentico, we use Kentico analytics to track visits across pages on the Platforms and landing pages. We use Analytics cookies from RealMagnet (provided by Higher Logic, Inc.) for analytics and marketing automation tracking for conversion on the Platforms.  Higher Logic’s privacy policy is at the following link https://www.higherlogic.com/privacy.	You can block or delete these cookies by changing the browser settings as explained below. You can also prevent your data from being collected by Google Analytics on the Portals by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

III.  Other Technologies

RAPS may use a tracking technique that employs embedded URLs to allow use of the Portals without cookies. Embedded URLs allow limited information to follow you as you navigate the Portals but are not associated with Personal Data and are not used beyond the session.

We may use widgets, which are interactive mini-programs that run on our site to provide specific services from another company (e.g., links to bookmarked sites), along with buttons or other tools that link to other companies' services (e.g., a "Like" button or third-party map). The widget, button or tool may collect and automatically send Personal Data, such as your email address, or other Information (such as your browser information, or IP address), to a third party. Cookies may also be set or used by the widgets, buttons or tools to enable them to function properly or for other purposes, which may include advertising. Information collected or used by a widget, button or tool, including cookie settings and preferences, is governed by the privacy policy of the company that created it.

We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the Apps, the events that occur within the Apps, aggregated usage, performance data, and where the Apps was downloaded from. We do not link the information we store within the analytics software to any Personal Data you submit within the Apps.

IV. Your Choices
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

• Internet Explorer
• Mozilla Firefox
• Google Chrome
• Apple Safari

Please note that if you reject cookies or disable cookies, your use of certain features or functions on our Website or Platforms or service may be limited.

To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit www.allaboutcookies.org and/or or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org, and follow the opt-out instructions there. If you access the Portals on your mobile device, you may not be able to control tracking technologies through the settings. If you wish to not have your information used for the purpose of serving you targeted ads, you may opt-out by visiting the Network Advertising Initiative’s online resources available here and following the opt-out instructions there, or if located in the European Union, visit the European Interactive Digital Advertising Alliance’s Your Online Choices opt-out tool here. By opting out of targeted advertisements you will no longer see advertisements on our Portals from third-party partners that participate in the Digital Advertising Alliance; however, you may continue to see other non-targeted advertisements on our Portals.

Inapplicability of Privacy Policies of Any Linked Portals or Other Third Parties

This Privacy Policy only addresses RAPS’ use and disclosure of your Personal Data. The Portals may contain links to other websites, so please be aware that we are not responsible for the privacy practices of other websites. We encourage you to be aware that when you go to another online resource you should carefully read their privacy policy.

California Privacy Rights

California Consumer Privacy Act (“CCPA”)

To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Data we collect:

• The right to know what Personal Data we have collected and how we have used and disclosed that Personal Data;
• The right to request deletion of your Personal Information;
• The right to be free from discrimination relating to the exercise of any of your privacy rights.

We will acknowledge any request to know or to delete within 10 days of receipt.  We will respond to such requests with 45 days. If we need more than 45 days to resolve to your request to know or delete, we will inform you accordingly.

Exercising Your Rights: California residents can exercise the above privacy rights as described here by e-mailing privacy@raps.org or by 301-770-2920.

Verification: in order to protect your Personal Data from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not provide or delete your Personal Data.

Authorized Agents: you may submit a request to know or a request to delete your Personal Data through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us.

Shine The Light Law

In addition to the information provided in this Privacy Policy, under California’s “Shine the Light” law, California residents who provide “personal information” (as defined in the statute) in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year. To obtain this information, please contact us at the contact information below. You may also submit a contact form electronically through the Portals.

Changes to the Privacy Policy

As RAPS, its products, and its services change from time to time, we may update this Privacy Policy to reflect changes to our information practices. We reserve the right to amend the Privacy Policy at any time, for any reason, and may do so by posting a new version online. Your continued use of the Portals, and/or continued provision of Personal Data to us will be subject to the terms of the then-current Privacy Policy. If we make any material changes or if otherwise required by the applicable law, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

---

If you have any questions about this Privacy Policy or our treatment of the information you provide us, please contact us, in our role as data controller, at:
Data Protection Officer:  Kris Hyde
Address: 5635 Fishers Lane, Suite 400, Rockville, MD 20852
Phone: 301-770-2920
Email: privacy@raps.org