NIRSA Privacy Policy

1. About Us

NIRSA is an advocate for the advancement of recreation, sport, and wellbeing in higher education. As a membership organization, our focus is on providing resources, networking, and professional development that support the advancement of the campus recreation profession. 

NIRSA is the data controller of the personal information that you provide to us as a member, as part of the NIRSA Connect community, or when you access our services, trainings, or events. If you have any questions about this Policy, how to manage the use of your personal information or to request removal of your data from our records, you can contact us at: 

NIRSA Data Protection Lead 
5060 SW Philomath Blvd. #355, Corvallis, Oregon 97333 
Phone: 541-766-8211 
Email: nirsa@nirsa.org 
Web: www.nirsa.org 

2. Information Covered by this Policy

As used in this Policy, the terms “information”, “personal information” or “personal data” means information that can be used to identify you, the processing of which is subject to applicable data privacy laws. “Personal information” and “personal data” can include information such as your name and e-mail address, but can also include indirect identifiers such as your IP address or device identifier.  

Note that we may use information about you to create and use anonymous, pseudonymous, statistical, or aggregated data (collectively, “Aggregated Data”), including analytical and statistical data regarding your use of the Services, such as bug/crash reports, to enable us to maintain, develop, and improve the features and performance of the Services, and otherwise for the purposes described in this Policy. Such Aggregated Data does not allow another party to identify you or any other specific user, and is not personal information subject to this Policy. 

3. Personal information collected by NIRSA

The personal information, in any format, that we collect and hold, is handled in accordance with this Policy. Where we ask you to provide information by which you can be identified when visiting our website, or using any NIRSA services, you can be assured that this Policy applies. This Policy will always explain what personal information we are collecting about you and for what purpose.  

Generally, you may provide us with two categories of data: User Data and Services Usage Data. The types of information that you may provide in each category, along with the technologies that we use to collect such information, are generally described in the sub-sections below. Some personal information that you submit can be removed at any time upon your request. Note, however, that some personal information is necessary to use the Services. As such, even if you remove all personal information from your account, we may retain some of your personal information to comply with our legal obligations or as necessary to provide the Services to you.

a. User Data

“User Data” is the personal information that you provide when you register for our Sporting Events, sign up to receive the Services, send us messages in connection with the Services, or otherwise submit personal information for processing by the Services. Any User Data that we receive about you is provided directly by you, or on your behalf, on a voluntary basis. The scope of User Data that we process will vary depending on your use of the Services, but may include the categories below:  

• Use of the Services. You will be required to provide personal information to use or access certain tools and features of the Services. If you register for an account for the Services. For example, individuals who sign up for membership, register for an event, or create a NIRSA profile provide us with contact and demographic information via an online profile or through print or online application or registration forms.  
• Account Registration. To register for an account, you will be required to provide us with personal information such as your contact information, including your name, address, email, and professional role, which are used for communicating NIRSA benefits to you (such as to email you a receipt or mail you a membership resources packet). You may opt out of non-transactional emails at any time if you do not wish to receive informational or promotional messages from NIRSA.  
• Payment Processing: If you purchase a membership to NIRSA, or if you elect to donate to us, you will be asked to provide payment card information so that we may process your transaction, including the cardholder’s name, payment card number, CVV number, payment card expiration date, billing address, shipping address, and the recipient’s name, telephone number, and email address. Note that we use third-party payment processors (such as Paypal) to process donations. You are responsible for reviewing the terms of such third-party payment processors before submitting your donation. By donating, you agree to allow our payment processors to process your payment information according to their applicable terms and our Terms.  Any payment information processed by NIRSA is solely used for transactional purposes. 
• Communications with NIRSA. You may choose to provide us with responses to surveys, questionnaires, and reviews. When you send e-mail messages to NIRSA, we may receive personal information about you, and may use the information that you provide to respond to your communication and/or as described in this Policy. Such information may be made public to users of the Site and other third parties (with your consent where required by applicable law). Demographic information that NIRSA collects via online profiles or surveys is shared at the individual’s discretion.  
• Event Participation Information: If you elect to participate in a Sporting Event, you will be asked to provide information about the participants for purposes of enabling their participation,  including the participating school or organization, role in the Sporting Event (i.e., coach, player, or parent), state of residence, team name, logo, first and last name of each team member, and player jersey number (where available). This information may be made public on the Site and related Services in the format of a team roster as well as promotional materials regarding the Sporting Event. 
• Additional Information: Additional information that you provide to us, including through feedback, contact us forms, customer service phone calls (which may be recorded for quality assurance purposes, with your consent where required by applicable law), messages, emails, mail, posts to public discussion boards, or otherwise. 

You are responsible for verifying the accuracy of User Data you submit to the Services, whether on your own behalf or behalf of a third party, and ensuring that any personal information that you provide (directly or indirectly) is kept up to date for the purposes for which you provide it. Inaccurate information may affect your ability to use the Services, the information you receive when using the Services, and our ability to contact you. 

b. Services Usage Data

We use cookies, pixel tags, local storage, and other technologies which automatically collect information about your use of the Services (“Services Usage Data”).  A “cookie” is a piece of data sent to your browser by a website you visit. Depending on the types of information collected, cookies may constitute personal information. For example, when you visit, use, and interact with the Site, we automatically collect the following types of Services Usage Data: 

• Usage and Engagement Data: Metadata about your activities on and use of the Site, such as the types of content that you view or engage with, the features you use, and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, computer connection, your IP address. 
• Log Data: Information that your browser automatically sends whenever you visit the Site, such as your IP address, browser type and settings, the date and time of your request, and how you interacted with the Site. 
• Device Information: Name and model of your device, the operating system used, and (if you access the Services via a web browser) the browser that you are using. 

You may be able to configure your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. Note that refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website. To learn more about our use of cookies, see our Cookie Notice. 

4. How We Collect Personal Information

In addition to personal information that you submit directly to the Services, or in communications with us, we collect personal information from the following sources: 

• Sporting Events. We may collect personal information relating from attendees on-site at the Sporting Events that we organize, manage, hold, or otherwise administer as part of providing the Services, such as Participants, parents or guardians of Participants, coaches, referees, administrators, or volunteers at the Sporting Event. 
• Service Providers. We may receive personal information that you submit directly to our service providers in connection with registration for Sporting Events. For example, as part of the registration and administration process, we may share with, or receive from, our service providers the personal information submitted by or on behalf of participants in connection with their participation in the Sporting Event (such as name, phone numbers, email addresses, or other demographic data), as applicable. 

All such personal information is processed for the purposes described below.  

5. Information Retention and Deletion

In addition to personal information that you submit directly to the Services, or in communications with us, we collect personal information Personal information that we collect will be processed in accordance with this Policy and our internal retention guidelines. We will retain the personal information that you provide for as long as necessary to fulfill the purpose(s) for which it was collected, such as to enable or improve your access to or use of the Services. Additionally, we may be required to retain personal information after your membership expires for legal or other legitimate business purposes. This may include retention of personal information that may be necessary to meet our contractual obligations to you, to identify issues, or to resolve legal proceedings.  For more information, see our standard document retention policies. 

We will destroy or de-identify, aggregate, and anonymize personal information when it is no longer necessary for the purposes for which it was collected or otherwise processed; when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; when you object to the processing and there are no overriding legitimate grounds for the processing; when your personal information has been unlawfully processed; and when it is no longer necessary to comply with legal obligations.  

6. What NIRSA does with the information we collect

NIRSA advocates for our members and strives to provide benefits and resources to advance the campus recreation profession. The lawful basis for processing personal information is by consent, legitimate interest, and to meet legal responsibilities. We only collect personal information for the purposes stated in this Policy, including to facilitate your use and our administration and operation of the Services, to provide you with information or services you request, and to develop and improve the Services, including by: 

• Fulfilling the reason you provided the information (e.g., to send you product and service information); 
• Providing certain features or functionalities of the Services (including, where applicable, verifying the eligibility of, and registering, participants for our Sporting Events, and maintaining a list of verified and eligible participants for our Sporting Events), as well as supporting, personalizing, and developing the Services; 
• Establishing and managing your use of the Services, including by sending you account-related e-mails, responding to your e-mails, submissions, comments, requests for technical support or assistance, or complaints; 
• Developing, customizing, and improving the Services, and the resources that NIRSA provides (including without limitation diagnosing technical and service problems, administering the Services; managing our communications; and analyzing and enhancing the Services; protecting the security of our networks and information systems); 
• Identifying and protecting against fraud, prohibited or illegal activities, as well as potential third-party claims and other liabilities; 
• Personalizing your experience with the Services and delivering product and service offerings relevant to your interests; 
• Conducting testing, research, analysis, and service development; 
• Protecting the rights, property or safety of participants, volunteers, attendees, officials, staff, or other individuals who attend our Sporting Events; 
• Complying with applicable laws, rules, and regulations. 
• As described to you when collecting your personal information or as otherwise set forth in this Policy. 

Gender, ethnicity, and salary data – while all optional for users to provide – helps us to forecast trends in the industry and tailor the development of future benefits to better meet members’ needs. 

For individuals who attend or participate in our Sporting Events: note that a Sporting Event may be filmed, photographed and/or otherwise recorded. NIRSA reserves all rights to broadcast, record, and/or otherwise distribute any and all content related to each such Sporting Event, including the right to use the names, voice, signature, photograph, images, appearance, likeness, and performance data of participating parties in connection with promotion of the Sporting Event. If you do not consent to the processing of your personal information for such purposes, you should not participate in our Sporting Events 

7. Sharing of Personal Information

NIRSA does not process the personal information that you provide except as required to provide the Services to you, as specified in this Policy, with your consent, or as otherwise permitted by law. A non-exhaustive list of examples of our sharing of personal information is below: 

• We may share your personal information with companies (including NIRSA affiliates) who assist us in providing the Services and related services (for example, electronic banking companies that help process credit card payments). Our service providers are required by contract to protect the confidentiality of the personal information we share with them and to use it exclusively to provide specific services on our behalf. 
• From time to time, NIRSA may partner with third parties that offer information, coupons, special discounts, contests, games, promotions, and special events related to your use of the Services. We may provide limited personal information to these entities related to their collaborations with us on promotions, events, special offers, and other joint projects. The use of the personal information that you submit by such third parties may also be governed by these third parties’ privacy policies. 
• NIRSA may share personal information submitted under this Policy with government authorities in the scenarios described below. In such cases, we reserve the right to raise or waive any legal objection or right available to us at our discretion: 
  • if we are required by law, regulation, or legal process (such as a court order or subpoena), including in response to requests from public and government authorities outside your state of residence or to protect our rights, privacy, safety or property, or that of you or others anywhere we conduct business; 
  • in response to requests by government agencies, such as law enforcement authorities; and/or 
  • if we have a good faith belief that the disclosure is necessary or appropriate to comply with law or legal process. 
• We also may share personal information when we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of NIRSA, the Services, our users, or others; to prevent and protect NIRSA and its users from fraudulent, abusive, unlawful, or unauthorized use of the Services; to otherwise enforce our rights and agreements; and otherwise in connection with our Terms and other agreements with you, in each case as permitted by applicable laws.
• We reserve the right to disclose or transfer any information we have about you as part of, or during negotiations of, any merger, sale of company assets, or acquisition, or in any other situation where personal information may be transferred as one of NIRSA’s assets. 

We will not collect additional categories of personal information or use the personal information that we collect for purposes that are materially different, unrelated, or incompatible with the purposes stated in this Policy without providing notice to you.   

a. Event Attendance

From time to time, we may share the list of attendees for certain Sporting Events (such as a conference, exhibits, showcase, or other similar promotional event) with exhibitors who have registered for that event to enable them to create mailing labels, or to prepare or improve their promotional materials for the event. If you do not wish to be included in such shared lists, you may opt-out at any time by following the instructions in your NIRSA member profile settings. 

b. Emails

Email addresses are used for official NIRSA business only and are not shared with third parties, including Associate Members, without your permission or as otherwise authorized by this Policy. After registration, NIRSA event registrants may have their email addresses shared with companies who are exhibiting at the same event for the express purpose of receiving promotional emails from exhibitors; however, registrants can opt out from such promotional correspondence by selecting the opt-out functions in their NIRSA profile settings.

We only send promotional e-mails to persons who have provided their e-mail addresses directly to us. If you do not wish to receive or you are inadvertently sent promotional e-mails from NIRSA, you may opt out by contacting us using the information provided at the bottom of the page, or by clicking the “unsubscribe” link at the bottom of each promotional e-mail. Please note that even if you opt out of receiving e-mails from NIRSA, you may still receive relationship e-mails from us, including responses to e-mails that you send to us, notices of updates or changes to our policies and procedures, or other messages relating to your account or your use of the Services.

c. NIRSA Connect

The Association’s online networking platform makes discussion boards and document sharing available to users. It also contains the NIRSA member directory. All individual NIRSA members are automatically added to the NIRSA Discussion Group upon joining or renewing. You may edit your discussion group email preferences and your Connect Profile privacy settings at any time. You can also adjust what profile information is viewable by others in the Member Directory. Please remember that any information that is disclosed in NIRSA Connect is viewable to all members and you should exercise caution when deciding to disclose your personal information. You may opt out of the NIRSA Connect platform, as well as any other non-transactional NIRSA communication services, adjust your communication settings, and edit your Connect profile by logging in to your account. 

8. External links to other sites

The NIRSA website contains links to other internet sites external to the NIRSA domain. NIRSA is not responsible for the privacy practices or the content of external websites. NIRSA does not have any control over other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting external sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.  

9. Protecting Personal Information

We take reasonable measures to protect personal information from misuse, interference, and unauthorized loss, access, modification or disclosure in compliance with applicable data protection laws. Unfortunately, despite such measures, no data transmission over the Internet and no database or other depository of information can be one hundred percent secure. As such, we cannot and do not guarantee or warrant the security of any personal information. We will not be and are not liable for disclosures of personal information due to errors in transmission, networks that we do not control, or unauthorized acts of third parties. 

To protect the confidentiality of the personal information that you submit, you must keep the personal information associated with your account confidential and not disclose it to any other person. You are responsible for all uses of the Services by any person using your account. 

10. Notice of Data Processing for Users in Canada

For users in Canada who are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) or the similar province-level data protection laws effected in Alberta, British Columbia, or Quebec, we have implemented the practices described below to provide you with control over any personal information that constitutes “personal data” under applicable data privacy laws. If you are not a resident of Canada subject to Canadian privacy laws, the provisions below do not apply to you. 

1. Lawful Grounds. We rely on your implied or explicit consent to process your personal information subject to Canadian privacy laws.
2. Data Transfer Notice. We are located in the United States and transfer your personal information for processing in the United States. We make the transfer to the United States in the absence of an adequacy decision because it is necessary for the performance of a contract with you, or with your consent. 
3. Retention. We will retain your personal information for as long as necessary for the purpose in which it was collected such as to perform a contract, for our or a third-party’s legitimate interest, or your consent. 
4. Individual Rights and Data Requests. Canadian privacy laws provide data subjects with various rights in relation to the processing of your personal information, depending on the relevant situation: 
   • Right of Access. You have the right to request confirmation as to whether or not your personal information is being processed by NIRSA and, if so, the right to receive a copy. 
   • Right to rectification. You have the right to challenge the accuracy of the information we hold and to request the rectification of your personal information if you find that it is inaccurate or incomplete. 
   • Right to erasure. You have the right to request the erasure of your personal information (subject to certain limitations). 
   • Right to data portability. You have the right to receive a copy of your personal information provided to us, in an interoperable format. 

To exercise any of the above rights, please use the process described in Section 12. You also have the right to lodge a complaint with the competent data protection authority, in particular in the country of your habitual residence, place of work or place of an alleged infringement if you consider that the processing of your personal information carried out by us infringes the applicable privacy laws. 

11. Consumer Privacy Laws Applicable to NIRSA

As of the “Last Updated” date indicated on this page, NIRSA is not subject to the General Data Protection Regulation of the European Union or the United Kingdom, nor to any state-level consumer data privacy laws in the U.S. If you are located outside of the United States, note that all information processed by NIRSA may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. By providing any information, including personal information, on or to the Services, you consent to such transfer, storage, and processing. 

Note that we do not use or disclose sensitive personal information unless it is specifically submitted by you. To the extent that you submit any sensitive personal information, our use of such information will be limited to the use which is necessary to provide our services to you and/or the uses to which you have consented. We retain personal information for as long as necessary to carry out the purposes for which we originally collected it and for other purposes described in this Policy. We will delete personal information in accordance with our standard document retention schedules.   

12. Exercising Data Subject Rights

To exercise the rights available to you as a data subject under applicable laws, submit a request to us by either: emailing us at nirsa@nirsa.org. We will need to verify your identity (and, where applicable, your authorized agent’s authority to make the request on your behalf) as well as other information about you to process your request. 

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.   

13. Children

If you are under 16, please do not attempt to register for the Services online or send any personal information about yourself to us, you may use the Services only with the involvement of a parent or guardian. NIRSA does not knowingly collect any personal information from children under the age of 16 without the consent of the child’s parent or guardian. Additionally, we will not collect more personal information regarding children under 16 than is necessary for them to participate in and otherwise use the Services other than the Site. 

If you believe that a child under 16 has provided us with personal information in connection with use of the Site, please contact us using the contact information provided in the “Contact Us” section below. 

14. Review of this policy

NIRSA conducts regular reviews of this Policy to ensure compliance with current regulations and ensure care of personal information. Because our privacy practices and privacy law necessarily evolve over time, we reserve the right to revise this Policy from time to time in our sole discretion, upon notice to you such as by posting the updated Policy on the Site, sending you an email to your account email, or by any other reasonable means. You should periodically review this Policy to ensure that you are familiar with the most current version. Your continued use of the Site after the “Last Updated” date posted above will constitute your acceptance of the updated Policy. You are encouraged to occasionally revisit this policy to ensure that you are aware of any changes. The NIRSA Privacy Policy was last updated as of the “Last Updated” date at the top of this page. 

15. Contact Us

If you have any questions, concerns, or complaints regarding this Policy or data processing practices, please contact us using the information below: 

NIRSA Data Protection Lead 
5060 SW Philomath Blvd. #355, Corvallis, Oregon 97333 
Phone: 541-766-8211 
Email: nirsa@nirsa.org 
Web: www.nirsa.net