February 2026
Introduction
This Privacy Notice is to help you understand the types of personal data IASIR may collect about
you when you interact with us and the ways in which we use this information.
Who are we?
IASIR is the controller of the personal data processed on this website as detailed in this Privacy
Policy. You can contact us in writing at 1415 28th Street, Suite 400, West Des Moines, IA 50266
or through our website.
What types of lawful basis may we rely on to collect and use your personal data?
The laws on data protection set out different reasons for which an organization may collect and
process your personal data. We rely on the following:
Consent
In specific situations, we can process your data with your consent.
For example, if you select to receive marketing emails from us.
Contract
We have the right to process your personal data if it is necessary to fulfill a contract we have
with you, such as your membership in our organization.
Legitimate interest
We may use your data to pursue our legitimate business interests, or the legitimate interests of
a third party, in a way which might reasonably be expected as part of running our business and
is not overridden by your rights. For example, when you visit our website, we may collect
information about your browser or operating system in order to improve our site to ensure that
content is presented most effectively for you and your computer.
Legal obligation
If there is legal obligation, we may need to collect and process your personal data. For example,
we may be required to pass along the details of people involved in criminal activity affecting
our organization.
What type of personal data do we collect and why do we collect it?
“Personal Data” is any information that enables you to be identified, directly or indirectly, by
reference to an identifier such as your name, identification number, location data, online
identifier, or one or more factors specific to your physical, physiological, genetic, mental,
economic, cultural or social identity. We only collect the following information:
Personal data you give us
We may collect and process the following personal data:
• Contact information
• Membership information• Dues payment information
• Purchase information
• Certification information
Personal data we collect from you
With regard to each of your visits to the IASIR website, we will automatically collect the
following information:
• Technical information
• Information about your visit
• Location information
Personal data we collect from others
If you send or receive emails through our list serve or email marketing service, we may collect
the following information:
• Information about when you open an email or click a link
• Your IP address
• Browser or email client type
Non-personal data
We collect information that is sent to us automatically by your web browser and we may use
this information to generate aggregate statistics about visitors to our site, including, without
limitation:
• IP addresses
• Browser type and plug-in details
• Device type (e.g., desktop, laptop, tablet, phone, etc.)
• Operating system
• Local time zone
(Please check your web browser if you want to learn what information your browser sends or
how to change your settings.)
How do we use your personal data?
We will only process your personal data, including sharing it with third parties, where (1) you
have provided your consent which can be withdrawn at any time, (2) the processing is
necessary for the performance of a contract to which you are a party, (3) we are required by
law, (4) processing is required to protect your vital interests or those of another person, or (5)
processing is necessary for the purposes of our legitimate commercial interests, except where
such interests are overridden by your rights and interests.
We may use personal data for the following purposes:
Personal data you give to us
We will use this personal data:• to carry out our obligations arising from your membership, or any other contract entered into
between you and us and to provide you with the information, products and membership
services that you request from us
• to organize events that you have purchased or registered for, and to provide you with
information and other materials relating to the content of the event, the speakers, sponsors
and other attendees
• to provide our newsletter and publication, provided you have given your consent
• to respond to your questions and provide related membership services
• to provide you with information about other events, products and services we offer that are
similar to those that you have already purchased, provided you have not opted-out of receiving
that information
• to provide you or permit selected third parties to provide you with information about events,
products or services we feel may interest you, provided you have given your consent
• to transfer your information as part of a merger or sale of the business
• to notify you about changes to our membership service
• to ensure that content from our site is presented most effectively for you and your computer
Information we collect about you
We will use this personal data:
• to administer our site and for internal operations, including troubleshooting, data analysis,
testing, research, statistical and survey purposes
• to improve our site to ensure that content is presented most effectively for you and your
computer
• as part of our efforts to keep our site safe and secure
• to measure or understand the effectiveness of advertising we serve to you and others, and to
deliver relevant advertising to you
• to make suggestions and recommendations to you and other users of our site about goods or
services that may interest you or them.
Personal data we receive from other sources
We will combine this information with information you give to us and information we collect
about you. We will use this information and the combined personal data for the purposes set
out above (depending on the types of information we receive).
You have choices when it comes to the technology you use and the data you share. When we
ask you to provide personal data, you can decline. IASIR requires some personal data to provide
you with various services. If you choose not to provide data necessary to provide you with a
service or feature, we cannot provide that service or feature. Likewise, where we need to
collect personal data by law or to enter into or carry out a contract with you and you do not
provide the data, we will not be able to enter into the contract; or if this relates to an existing
service we are providing, we may have to suspend or cancel it. We will notify you if this is the
case at the time. Where providing the data is optional and you choose not to share personal
data, features like personalization that use such data will not work for you.
Do we share personal data?
We may share your personal data for the purposes described in this Privacy Notice with:
• members of our organization
• partners, suppliers and sub-contractors
• analytics and search engine providers that assist us in the improvement and optimization of
our site
• trusted third-party companies and individuals
• in the event that we sell or buy any business or assets, in which case we will disclose your
personal data to the prospective seller or buyer of such business or assets
We will only transfer your personal data to trusted third-parties who provide sufficient
guarantees in respect of the technical and organizational security measures governing the
processing to be carried out and who can demonstrate a commitment to compliance with those
measures.
We will never sell your personal data to third parties with whom you do not have an existing
relationship. We may sell access to your information (including personal data) to our strategic
business partners with whom you have an existing relationship in order for our partners to
better target their products and services to you. Our partners will not have direct access to your
personal data but rather will have the ability to communicate with you through your
participation with our site.
What are your rights regarding the processing of your personal data?
Correction and removal
If any of the information that we have about you is incorrect or you wish to have information
(including personal data) removed from our records, please contact us at 1415 28th Street, Suite
400, West Des Moines, IA 50266 or through our website.
Opting Out
Additionally, if you prefer not to receive marketing messages from us, please let us know by
clicking on the unsubscribe link within any marketing message that you receive or by sending a
message to us through our website.
You have the right to ask us not to process your personal data for marketing purposes. We will
usually inform you (before collecting your personal data) if we intend to use your personal data
for such purposes or if we intend to disclose your information to any third party for such
purposes. You can exercise your right to prevent such processing by checking certain boxes on
the forms we use to collect your personal data. You can also exercise the right by contacting us
using the Contact Us section on our site.
Under European data protection law, in certain circumstances, you have the right to:
• Request access to your personal data
• Request correction of your personal data
• Request erasure of your personal data• Object to processing of your personal data
• Request restriction of processing your Personal Data Request
• Transfer of your personal data
How do we handle children's privacy?
Our site is not directed to children under the age of 13; if you are not 13 years or older, do not
use our site. We do not knowingly collect personal data from children under the age of 13. If we
learn that personal data of persons less than 13 years-of-age has been collected through our
site, we will take the appropriate steps to delete this information.
Does our privacy policy apply to external links?
Our website and forum posts by members may contain links to other websites. However, once
you have used these links to leave our site, you should note that we do not have any control
over that other website. Therefore, we cannot be responsible for the protection and privacy of
any information which you provide when visiting such sites and such sites are not governed by
this privacy statement. You should exercise caution and look at the privacy statement
applicable to the website in question.
How do we handle any personal data in posts on our member forum?
Due to the real-time nature of the forum, it is impossible for IASIR staff to review messages or
confirm the validity of information posted. If you provide personal information in a post, that
personal information will be publicly posted (to members) and otherwise disclosed without
limitation as to its use by us. You control your posts and can edit and delete the posts you make
in an open thread at any time. If the thread is locked, you will need to report your own post and
ask admin to delete it for you.
How do we store and secure data?
The personal data that you provide to us is generally stored on servers located in the United
States. If you are located in another jurisdiction, you should be aware that once your personal
data is submitted through our site, it will be transferred to our servers in the United States and
that the United States currently does not have uniform data protection laws in place.
All information you provide to us is stored on our secure servers. Any payment transactions will
be encrypted using SSL technology.
How long do we store data?
We will store your personal data, in a form which permits us to identify you, for no longer than
is necessary for the purpose for which the personal data was provided. We may retain and use
your personal data as necessary to comply with our legal obligations, resolve disputes, and
enforce our agreements and rights, or if it is not technically reasonably feasible to remove it.
Consistent with these requirements, we will try to delete your personal data quickly upon
request.
Use of Artificial Intelligence
We recognize that selecting AI tools requires us to consider how the tool can positively impact
IASIR, the level of effort required to implement the product, and how the product will fit into
our current workflows.
When considering new AI tools, staff and leadership will comply with the following guidelines:
• In selecting AI products to use internally, we will prefer tools that allow us to opt out of
having our data used in the product’s training data.
• We will also prefer tools that have worked with non-profits or other community
members and constituents.
• We will hold the individuals using AI tools accountable for their decision-making based
on the tools.
• We will use AI in ways that do not create new inequities or barriers to accessing vital
services. We will maintain safeguards that promote fair access to our services.
• We will aim to use AI tools in ways that do not discriminate against the communities we
serve. We will seek to use AI tools that minimize bias and ensure fair outcomes for
everyone, regardless of race, gender, ethnicity, or other factors.
• We will use AI tools that perform as intended. We will select AI tools that consistently
produce accurate outputs.
• We will explain when and how we use AI products when asked by our stakeholder
communities.
Where possible, we will employ the following practices concerning user data:
• We will conduct routine reviews to ensure that permissions to IASIR’s data used in AI
tools remain appropriate as our organization scales or roles change to prevent privilege
creep, privileges over time that are not necessary for duties.
• We will collect and store the minimum amount of information needed to execute
IASIR’s mission. We will not collect and store information just because we can ask for it.
• Where possible, we will use tools that give us the option of multi-factor authentication
to reduce the risks of unauthorized users receiving access to data.
Key security practices that IASIR will adopt in the use of AI in our organization include but are
not limited to:
• We will limit the use of sharing personally identifiable information in AI technologies.
• We will abide by key confidentiality policies by not inputting confidential information
into AI tools. Where it is unclear, we will seek consent from those who own the data.
• When we use large language models, we will make a decision about whether to opt in or
out of sharing nonprofit data with the tool being adopted for the purposes of training
their model.
Use of Cookies
Cookies are small text files placed on your device to store data that can be recalled by a web
server in the domain that placed the cookie. We use cookies and similar technologies for
storing and honoring your preferences and settings, enabling you to sign in, providing interest-
based advertising, combating fraud, analyzing how our products perform, and fulfilling other
legitimate purposes.
A web beacon is a small graphic image that is placed on a website or in an email, allowing the
email sender or site owner to check that a visitor has accessed content. Common uses are
tracking email engagement and page tagging for web analytics.
Our websites and communications may include web beacons, cookies, or similar technologies
from third-party service providers.
You have a variety of tools to control the data collected by cookies, web beacons and similar
technologies. For example, you can use controls in your internet browser to limit how the
websites you visit are able to use cookies and to withdraw your consent by clearing or blocking
cookies.
Contacting the Regulator
If you believe that IASIR has not complied with its obligations under this Privacy Notice or
European law, you have the right to make a complaint to an EU Data Protection Authority, such
as the UK Information Commissioner’s Office. You can exercise any of these rights by contacting
us using the Contact Us section on our site.
Updates to this Policy
Each time you use our site, the current version of the Privacy Notice will apply. Accordingly,
whenever you use our site, you should check the date of this Privacy Notice (which appears at
the top) and review any changes since the last version. This Privacy Notice is applicable to all
site visitors, members, and all other users of our site.