LAST UP DATED: 10 / 0 4/ 2024
C200 Privacy Policy
The Committee of 200 (“C200”, “our”, “we” or “us”) is the premier women’s business leadership organization. Members are expected to support each other by fostering an environment where the exchange of ideas as well as personal and business information is held in the strictest confidence. C200 has developed this Privacy Policy statement (“Privacy Policy”) set forth below to help to assist visitors or end users of (referenced herein with “you” or “your” or generally, as a “user”) www.c200.org and any associated websites owned by C200, mobile applications, or social media channels, and/or Programs (referenced here as the “Site and Programs”) to understand the collection and usage of personally identifiable information (“PII”). PII refers to information that can specifically identify an individual (e.g., name, address, phone, email.) Please review this Privacy Policy in full before using or submitting PII to the Site. If you do not agree with the Privacy Policy, do not use the Site.
Your privacy is important to us. As a C200 member, your information contained on the C200 website or The Committee Room (i.e., the internal C200 members-only social network) may not be used for any purpose, or for solicitation, outside of authorized C200 business and is complementary to the separate Confidentiality Policies applicable to all C200 members and staff. If you still have any questions or concerns, please contact us at info@c200.org.
INFORMATION WE COLLECT
We collect personal information that you voluntarily provide to us when you register for an account, to attend an event, applications for programs and/or membership, express an interest in obtaining information about us or our site, programs, and/or services, when you participate in activities or otherwise when you contact us.
Personally Identifiable Information: We may collect information that specifically identifies you (“Personally Identifiable Information”) when you interact and provide information on any of our Site and Programs, such as when you apply for C200 membership or register for a C200 event or program. The types of Personally Identifiable Information we collect on our Site and Programs will vary based on the services offered on the Sites, but may include, among other things, your name, address, phone number, company affiliation and title or position, birth year, race, billing and delivery information, e-mail address, credit card or other financial information.
Non-Personal Information: As you use any of our Site and Programs, we may also collect information and data that is not Personally Identifiable Information (i.e., not specifically identified to you), but which may disclose other aspects of your browsing history or certain other information using a variety of software tools and technologies. This information is called “Non-Personal Information”.
Cookies and Similar Technology: Some of the software tools used include cookies, tags and web beacons and may also include Internet Protocol (IP) address and URL tracking data. “Cookies” are pieces of software code or text that are placed on your computer when you browse any of our Sites. “Tags” and “web beacons” refer to software code scripts that are primarily used to track your activities on our Sites.
Cookies and other related techniques are generally pieces of information, which C200 uses for record-keeping purposes and which the Site may transfer to C200’s and/or your computer’s web browser for storage on C200’s hosting platform or your computer’s hard drive. Cookies and other related techniques enable C200 to manage and/or customize your experience on the Site, including available advertisements. Cookies and other related techniques also make web-surfing or Site review easier by automatically performing certain functions such as saving your personal preferences and by providing targeted content. Many consider the use of cookies or similar data collection to be industry standard practices. As such, your web browser is likely to accept cookies or allow other identifiers.
The types of Non-Personal Information collected on our Sites using software tools and other technologies, may include, among other things:
- The search terms you used, your user identification
- Information from your browser
- Type of computer and operating system
- Your internet service provider
- Areas of our website that you use and have used, the website page you entered our website from and the next website you went to after leaving our Site, dates and times of Site use,
If you would prefer not to receive cookies or allow identifiers, however, you can alter the configuration of your browser to refuse cookies or surf anonymously. If you choose to have your browser refuse cookies or surf anonymously, you should understand that it is possible that some areas of the Site will not function properly or as quickly.
USE OF INFORMATION
C200 may use PII collected from the website to operate the Site, provide, and/or enhance certain features, tools, and functionality, to improve the quality of the Site. Other examples of PII usage are included below:
- Transactional Information/Confirmations: C200 will send invoice reminders, order confirmations, and program registrations confirmations to users that are actively using paid services, membership, and/or programs.
- Customer Service: To respond to inquiries from members and non-members and maintain a receipt of historical record of those service issues and
- Demographic and Survey Information: C200 may use demographic information for administrative and operational business management/analyses, marketing, monitoring, and other purposes to improve C200’s website, programs, and services. Analyses and surveys will be aggregated and not identify any particular user.
- Partner and Business Usage: We also may share your contact information with third parties including, without limitation, C200’s vendors, members, or business partners, to (i) facilitate or implement the foregoing, (ii) advertise the services or activities of others, including C200’s members, (iii) provide, improve, or advise you of C200’s programs, events, volunteer opportunities, products, services, or software solutions, (iv) process payments or order fulfillment, or (v) allow for online registration for programs, events, or services, the online provision of software applications, and/or for other internal business purposes. Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
- Member Directory and other Lists: As a professional organization, some Personally Identifiable Information you provide may be published on the Sites and in print or digital form in a variety of ways that allow other members and the public to find you, including, but not limited to, directories, membership lists, and other types of registration lists for our programs and events (“Directory Lists”). Directory Lists will not include sensitive information, such as credit card or bank information, or social security numbers. Your contact information will be shared only with other members, as described below. You may request that your information be omitted from Directory Lists by contacting us in writing at info@c200.org
- Legal Action: C200 may disclose PII when legally required to do so in accordance with subpoenas, government requests or regulations, or legal proceedings. C200 may also disclose PII to protect against misuse or unauthorized use of the Site and Programs or as is otherwise required to limit legal liability, protect or defend C200’s rights, property, or interests, or protect the safety, rights, or property of others.
You can manage your profile and email preferences, including opting out of email either online in your C200 account or by contacting us at info@c200.org.
LEGAL BASES FOR PROCESSING COLLECTED INFORMATION
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply
with laws, to provide you with Site and Programs to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If you are in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
- Performance of a We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Site and Programs or at your request prior to entering into a contract with you.
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
MANAGING THE COLLECTION OF NON-PERSONAL INFORMATION
You can opt out of targeted information contacts by us by contacting us. You may also block or disable cookies on your computer (typically done by adjusting the settings on your browser), which will restrict the collection of Non-Personal Information obtained by us using cookies. Doing so, however, may prevent you from accessing certain functions on our Sites.
THIRD PARTY LINKS
Please note that you may be subject to the privacy policies of other non-C200 companies when you hit a link on any of our Sites that takes you to a site not operated by us. These other privacy policies may not be as restrictive or protective of your information and data as we are. To ensure your privacy is protected, we recommend that you review the privacy statements of these other linked sites.
INFORMATION SECURITY
We implement commercially reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. We restrict access to Personally Identifiable Information to our business contractors and other third parties who may need to know that information to operate, develop or improve our services or for other legitimate business reasons with a strict NDA in place. These contractors and other third parties are bound by confidentiality obligations and may be subject to discipline, including termination and legal redress, if they fail to meet these obligations.
Sensitive information, such as your credit or debit card number is not stored with C200 nor re-used (unless granted permission by the user for recurring membership renewal dues.) Your credit card number is encrypted and protected when transmitted through C200’s secure payment processor. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Clover (formerly BluePay). You may find their privacy notice link(s) here: https://www.clover.com/privacy-policy.
C200 also audits and requires specific vendor security measures to be in place to serve as reasonable safeguards when carrying out their work on C200’s behalf.
DATA RETENTION
We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
PRIVACY RIGHTS
Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section.
We will consider and act upon any request in accordance with applicable data protection laws.
- If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
- If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section below or updating your preferences in your C200 account.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, Email info@c200.org for assistance, or by contacting us using the details provided below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non- marketing purposes.
Account Information: If you would at any time like to review or change the information in your account or terminate your account, you can contact us at info@c200.org or change your account information in your C200 account profile.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshooting problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
If you have questions or comments about your privacy rights, you may email us at info@c200.org.
YOUR DATA PRIVACY RIGHTS
You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:
- Right to know whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request the deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to non-discrimination for exercising your rights
- Right to opt out of the processing of your personal data if it is used for targeted
advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)
Depending upon the state where you live, you may also have the following rights:
- Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including California’s and Delaware’s privacy law)
- Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including Oregon’s privacy law)
- Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including California’s privacy law)
- Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including Florida’s privacy law)
EXERCISING YOUR RIGHTS
To exercise these rights, you can contact us by emailing info@c200.org, calling us directly at (312) 255-0296, by editing your information directly in your user account, or by referring to the contact details at the bottom of this document.
Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.
You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent from our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit: info@c200.org.
CONTACT INFORMATION
If you have questions or comments about this notice, you may contact our Data Protection Officer
(DPO) by email at davez@dave.consulting, by phone at (312) 285-0630, or contact us by post at:
Data Protection Officer for C200 (The Committee of 200)
3712 N Broadway, Suite 437
Chicago, IL 60613 United States
If you have any further questions or comments, you may also contact us by post at the following corporate address:
The Committee of 200
332 S Michigan Ave
Suite 900
Chicago, IL 60604 United States
Phone: 312.255.0296
NO GUARANTEE
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. Accordingly, and despite our efforts, we cannot guarantee or warrant the security of any information you transmit to us.
CHANGES TO THE PRIVACY POLICY
As C200, its membership and services change from time to time and as the legal rules governing information privacy change, this Privacy Policy is expected to change as well. We reserve the right to amend the Privacy Policy at any time, for any reason. The date of the last revision to the Privacy Policy will be indicated by a “Last Updated” or “Effective” date next to the section where any changes have occurred.
If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
If you have questions about this Privacy Policy, please contact us at info@c200.org.