The Society of Research Administrators International, Inc. ("SRAI") respects the privacy of its members, visitors to its website, and others with whom SRAI interacts in the delivery of its services. SRAI strongly believes that if electronic commerce and online activities are to flourish, consumers must be assured that information provided online is used responsibly and appropriately.
Scope
This Privacy Statement applies to all personal data we process, whether collected online through our websites (including srainternational.org and subdomains), offline, or through other interactions. It applies to individuals worldwide and is designed to comply with the
- European Union General Data Protection Regulation (GDPR),
- UK GDPR,
- California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA),
- Virginia Consumer Data Protection Act (VCDPA),
- Colorado Privacy Act (CPA),
- Connecticut Data Privacy Act (CTDPA),
- Other U.S. state privacy laws,
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA),
- Gulf Cooperation Council data protection regulations, and
- Other applicable laws.
Definitions
"Personal data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
"Controller" means the entity that determines the purposes and means of processing personal data.
"Processor" means the entity that processes personal data on behalf of the controller.
"Sensitive Personal Information" includes data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, and precise geolocation data.
To protect online privacy, SRAI has implemented the following:
What Information Does SRAI Collect?
Most data SRAI collects is used only to help us better serve our members. It is our general policy to collect and store only personal information that our members and visitors knowingly provide. If our privacy statement changes, we will notify all users by e-mail or a special announcement placed on the website.
We collect the following categories of personal data:
- Identifiers: Name, contact details, organization, title, account login credentials.
- Professional Information: Employment details, conference participation, committee membership.
- Payment Information: Credit card details, billing address (processed through PCI-DSS compliant processors), or bank details.
- Technical Data: IP address, browser type, operating system, device identifiers, cookies, usage analytics.
- Communications: Emails, inquiries, survey responses.
- Sensitive Personal Information (only when voluntarily provided): demographic data, dietary or accessibility needs for events.
Legal Bases for Processing (GDPR/UK GDPR)
We process personal data under the following lawful bases:
- Consent (Art. 6(1)(a)): e.g., marketing communications, optional profile fields.
- Contract (Art. 6(1)(b)): e.g., event registrations, membership services.
- Legal Obligation (Art. 6(1)(c)): e.g., financial record retention.
- Legitimate Interests (Art. 6(1)(f)): e.g., improving our services, preventing fraud.
- Vital Interests (Art. 6(1)(d)): e.g., emergency situations at events.
Purposes of Processing
We process your personal data for:
- Providing membership and event services.
- Processing payments and fulfilling transactions.
- Sending communications, newsletters, and updates.
- Managing committees, working groups, and governance.
- Analyzing website and service usage.
- Complying with legal obligations.
- Protecting our rights, property, and safety.
SRAI uses cookies on its website for functionality, analytics, and marketing. Insofar as those cookies are not strictly necessary for the provision of the website and SRAI services, SRAI will ask you to consent to its use of cookies when you first visit the website and as you are asked to provide information, when appropriate.
The SRAI website incorporates privacy controls which affect how it will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct communications and limit the publication of your information. You can access the privacy controls via the SRAI website under Profile > My Account > Privacy Settings.
Sharing and Disclosure
We share personal data with:
- Service providers under written contracts requiring appropriate security measures, confidentiality obligations, and compliance with applicable data protection laws.
- Event sponsors and partners (with your consent where required).
- Regulatory bodies as required by law.
- Affiliates for internal administrative purposes. We do not sell personal data as defined by CCPA/CPRA or other applicable privacy laws without your consent.
From General Users: SRAI does not collect any personal information from users browsing its Website. Only aggregate data -- such as the number of hits per page -- are collected. Aggregate data are only used for internal and marketing purposes and do not provide any personally identifying information. We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.
From the Society of Research Administrators International's Members, Conference Registrants, and Other Customers: To gain access to members-only resources and personalization features on srai.org, members and other users are asked to register and provide some limited information. This information is submitted voluntarily. SRAI asks users to provide their name, organization name, business telephone, address and e-mail. Similar information may be submitted to SRAI through membership applications, conference or webinar registration, publication orders, subscriptions, and contest registrations. Additionally, for some e-mails sent by SRAI to its members through its listservs and electronic newsletters, we will collect specific information regarding what the recipient does with that email. For those emails, SRAI will monitor whether a recipient subsequently clicks through to links provided in the message. Other information collected through this tracking feature includes: the date and time of the "click," a message number from which the message was sent, tracking URL number and destination page.
How Does SRAI Use Data Collected?
SRAI uses information voluntarily submitted by members and other customers in the following ways:
SRAI may process your information included in your personal profile on our website ("profile data"); personal data that you provide in the course of the use of our services ("service data"); and information that you post for publication on our website or through our services ("publication data"). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. Profile data, service data, and publication data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is your consent and our legitimate interests, in the proper administration of our website and business.
SRAI may process information contained in any inquiry you submit to it regarding goods and/or services ("inquiry data"). The inquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is your consent.
SRAI may process information relating to its customer and member relationships, including customer and member contact information ("relationship data"). The relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between SRAI and you or your employer. The source of the relationship data is you or your employer. The relationship data may be processed for the purposes of managing relationships with customers and members, communicating with customers and members, conducting the corporate membership activities of SRAI, keeping records of those communications, and promoting its products and services to customers. The legal basis for this processing is your consent and SRAI's legitimate interests, in the proper management of our customer relationships.
SRAI may process information relating to transactions, including purchases of goods and services, that you enter into with it and/or through the SRAI website ("transaction data"). The transaction data may include your contact details, your credit card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and SRAI and/or taking steps, at your request, to enter into such a contract and our legitimate interests, in the proper administration of the SRAI website and business. SRAI does not maintain such data in its own systems but the data are maintained by the data processor(s) with whom it has business relationships.
SRAI Committees or Subgroups wishing to use data are required to submit a request that is reviewed by the Executive Office and may undergo secondary review by the Data Integrity Committee, or its designee. This ensures that data is being used for a legitimate purpose and appropriate safeguards are in place to maintain security and confidentiality of data, as appropriate.
SRAI may process information that you provide to it for the purpose of subscribing to SRAI email notifications and newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and newsletters. The legal basis for this processing is your consent and the performance of a contract between you and SRAI and/or taking steps, at your request, to enter into such a contract.
SRAI may process information contained in or relating to any communication that you send to it ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. SRAI's website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is SRAI's legitimate interests, in the proper administration of the SRAI website and business and communications with users.
SRAI may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims. The legal basis for this processing is SRAI's legitimate interests in the protection and assertion of its legal rights, your legal rights and the legal rights of others.
SRAI may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is SRAI's legitimate interests in the proper protection of its business against risks.
In addition to the specific purposes for which SRAI may process your personal data set forth herein, it may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which SRAI is subject, or in order to protect your vital interests or the vital interests of another natural person. SRAI may employ artificial intelligence (AI) to process data it collects and will implement appropriate safeguards, including human review rights where required by law.
SRAI does not use facial recognition technology on general conference photography or crowd images.
Disclosures to Third Parties. SRAI also makes member contact information available through the SRAI Membership Directory to other members using its website and to those who register for its conferences. On occasion, SRAI may also provide limited data to third parties that offer products and services relevant to research administration, including names, job titles, and business addresses only. For SRAI to be able to provide business telephone numbers or e-mail addresses, users must consent to SRAI disclosing such information to third parties through clear, prominent opt-in disclosures on the membership application form, conference registration form or any other form on which they are providing information. Users may contact SRAI at communications@srai.org or +1-703-741-0140 to express their preferences if they determine later that they do not wish to have the information shared.
SRAI may disclose your personal data to any Committee, or Subgroup of SRAI insofar as reasonably necessary for the purposes, and on the legal basis, set out in this policy.
SRAI may disclose your personal data to our insurers and professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims.
SRAI may disclose your personal data category or categories to our suppliers or subcontractors insofar as reasonably necessary for them to provide support to the services and activities of SRAI.
Third parties wishing to use SRAI data must seek approval from the Executive Office and potentially a secondary review by the Data Integrity Committee, which reviews all requests and ensures that data is used for legitimate purposes. Requesters must disclose if artificial intelligence (AI) will be used to analyze data.
Financial transactions relating to SRAI, its website and services may be handled by its payment services providers. SRAI will share transaction data with its payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
Consent to Use Credit Card Account Information
SRAI does not disclose credit card account information provided by its members and customers. When members and customers choose to pay using their credit cards, SRAI submits the information needed to obtain payment to the appropriate clearinghouse.
International Transfers of Information
SRAI Collects SRAI collects information globally and primarily stores that information in the United States. SRAI may transfer, process and store your information outside of your country of residence, to wherever it or its third-party service providers operate for the purpose of providing Services. Whenever SRAI transfers your information, it takes steps to protect it.
International Transfers within SRAI: To facilitate its global operations, SRAI transfers information to the United States and allows access to that information from countries in which it has operations for the purposes described in this policy. These countries may not have equivalent privacy and data protection laws to the laws of many of the countries where SRAI's customers and members are based. When SRAI shares information about you within and among SRAI affiliates and processors, it makes use of standard data protection methodologies and contractual data protection clauses, which have been approved by the European Commission, adequacy decisions where available, and other legally recognized transfer mechanisms.
If we transfer your personal data to a recipient outside of the European Union, we will only do so in compliance with the European General Data Protection Regulation. If you have questions about the international transfers of your personal data or the appropriate safeguards we have in place or wish to obtain a copy of such safeguards, please contact us.
How Does SRAI Use Cookies?
Cookies are files that contain information created by a web server that can be stored on a User's hard disk for use either during a particular session ("per-session" cookie) or for future use ("persistent" cookie). SRAI uses cookies only to facilitate automated activity, store and track passwords, determine appropriate solicitations, and review navigation patterns. Cookies are not used to disseminate significant information about Users over the Internet or to analyze any information that Users have knowingly or unknowingly provided. Registration enables the site to better determine members' interest areas and provide the most relevant information.
SRAI Policy Towards Children
The Services are not directed to individuals under age 16. SRAI does not knowingly collect personal information from children under age 16. If SRAI becomes aware that a child under age 16 has provided it with personal information, it will take steps to delete such information. If you become aware that a child has provided SRAI with personal information, please contact our support services.
What Privacy Issues Arise With Links To Other Sites?
SRAI websites contain links to other web sites. SRAI has no control over and is not responsible for the privacy policies or content of such other sites.
Retaining and Deleting Personal Data
SRAI's data retention policies and procedures are designed to help ensure that it complies with its legal obligations in relation to the retention and deletion of personal data. Personal data that SRAI processes for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
SRAI will retain your personal data as follows:
- Active membership information: Duration of membership plus seven (7) years.
- Historical membership records: Permanently retained for organizational historical purposes, in anonymized or pseudonymized form where possible, as part of SRAI's corporate history.
- Financial data: Seven (7) years from transaction date or as required by applicable law.
- Event registration data: Three (3) years from event date.
- Marketing communications: Until consent is withdrawn or data subject objects.
- Website analytics: Twenty-six (26) months.
- Correspondence: Three (3) years from last communication.
Notwithstanding the other provisions of this Section regarding personal data, SRAI may retain your personal data where such retention is necessary for compliance with a legal obligation to which it is subject, or in order to protect your vital interests or the vital interests of another natural person.
Security
We implement administrative, technical, and physical safeguards including encryption of data in transit and at rest, access controls and authentication mechanisms, regular security assessments, employee training on data protection, incident response procedures, and vendor security requirements aligned with industry standards.
Amendments
SRAI may update this policy from time to time by publishing a new version on its website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
SRAI may notify you regarding significant changes to this policy by email or through other means of communication reasonably designed to assure that you receive notice.
Your Rights
You have rights under various national and international data protection laws and regulations. Some of the rights are complex, and you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
- The right to complain to a supervisory authority;
- The right to withdraw consent;
- The right to non-discriminatory treatment for exercising privacy rights; and
- The right to appeal decisions regarding rights requests where provided by law.
To exercise these rights, contact us using the information below. We will respond within timeframes required by applicable law.
What Means Of Redress Are Available?
If any User suspects SRAI has handled its personal information in a manner that does not comply with this privacy statement, please contact SRAI by e-mailing to communications@srai.org or by calling +1-703-741-0140.