1. Introduction
1.1 The American Railway Engineering and Maintenance-of-Way Association (AREMA) is committed to safeguarding the privacy of our website visitors, members, and all other AREMA stakeholders. AREMA is dedicated to advancing our mission: The development and advancement of both technical and practical knowledge and recommended practices pertaining to the design, construction and maintenance of railway infrastructure. To do so, we strive to engage in competent data management. We recognize that your privacy is important to you, and we therefore take the privacy of your personal information seriously as we work to advance our social purpose and the business underlying it.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and AREMA stakeholders.
1.3 This policy is broadly applied to all AREMA stakeholders as a guideline for AREMA’s intentioned behavior. This policy, under the mandate of the European Union General Data Protection Regulation (GDPR), only applies to individuals in the European Union (EU) and the European Economic Area (EEA). However, AREMA is subject to the law if it processes personal data accessed over the internet of individuals residing in the EEA. This data processing can occur when AREMA services and programs are offered to EU residents via internet communication.
1.4 By using our websites and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy. Cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our services, and improving them based on that information. AREMA only collects aggregate data such as IP addresses and number of hits per page. These data do not provide personally identifying information.
1.5 AREMA.ORG, AREMAFOUNDATION.ORG and CONFERENCE.AREMA.ORG incorporate privacy controls which affect how we will process your personal data across all our websites while giving you the appropriate control over your personal information. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. You can access the privacy controls within your online account and/or unsubscribe from email communications.
1.6 In this policy, "we", "us" and "our" refer to the Association (AREMA).
2. How we use your personal data
2.1 In this Section we have set out:
- the general categories of personal data that we may process;
- in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
- the purposes for which we may process personal data; and
- the legal basis of the processing.
AREMA takes your privacy seriously and only processes and collects data necessary for serving our members and advancing our mission.
2.2 We may process data about your use of our websites and services ("usage data"). AREMA websites collect aggregate data, such as IP addresses and the number of hits per page. This usage data may be processed for the purposes of analyzing the use of the website and services, as well as for carrying out services for you. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website services and offering services to appropriate AREMA stakeholders.
2.3 We may process your AREMA Web Portal account data ("account data"). This data is information you submit to AREMA during the member joining process. Information that is required to process expectations of membership and other requested services includes your name, address, and email. Additional information (that may determine a membership category) such as place of work, professional designations, and resume information is voluntary. This information helps us understand the composition and needs of members and other stakeholders. The account data may be processed for the purposes of providing our services and communicating important association related content with you (membership, educational information, etc.). You can change your communication/preference settings at any time to limit the correspondence. The legal basis for this processing is either by consent or contractual, namely your elective creation of an AREMA Web Portal account and/or AREMA membership.
- AREMA uses member contact information to send information about meetings and membership benefits and discounts, general association news, award and leadership opportunities, and other communication we feel would be of interest to you. Membership contact information is also used to contact members when necessary for administrative purposes. The online Membership Directory is provided for informational purposes, and members have the option to opt-out of this listing if desired. There is an option to opt-out of directory listings and communications.
- AREMA may provide its annual meeting registration lists for one-time use by third parties promoting meetings, publications, or products of interest. AREMA only provides these lists to groups we feel have content or services relevant to our stakeholders. Members are only included on these lists if they opt-in during the registration process. Opting into this communication is not required to register for the meeting. These lists may include mailing/email addresses. Any other data in not collected by AREMA.
2.4 We may process your personal data that are provided in the course of the use of our membership, education, registration, and housing systems and services ("service data"). The service data may include name, email address, demographic information, date of birth, interests, specialties, educational details and employment details. The service data may be processed for the purposes of operating our websites, providing our services, ensuring the security of our websites and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the delivery of our contractual obligations, namely the provision of services you have requested or have paid for.
2.5 We may process information that you post for publication on our websites or through our services ("publication data"). The publication data may be processed for the purposes of enabling such publication and administering our websites and services. The legal basis for this processing is either consent (e.g. for abstract submissions, AREMA meeting presentation submissions) OR our legitimate interests, namely the proper administration of our websites and advancing our social purpose and the business underlying it.
2.6 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your payment and transaction details. The transaction data is processed for the purpose of supplying the purchased goods and services, like membership and annual meeting registration, and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our websites and advancing our social purpose and the business underlying it.
2.7 We may process information that you provide to us for the purpose of subscribing to our email notifications and newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. We use the information to share relevant notifications and news we believe would be of interest to you based on your expressed interests in AREMA's mission and services. The legal basis for this processing is your consent.
2.8 We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our websites and advancing our social purpose and the business underlying it, as well as communications with users.
2.9 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, obtaining or maintaining insurance coverage, and managing risks. The legal basis for this processing is our obligation to meet legal or contractual requirements, the protection and assertion of our legal rights, your legal rights and the legal rights of others, as well as protecting the organization against risks.
2.10 In addition to the specific purposes for which we may process your personal data set out in this Section , we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.11 Please do not supply any other person's personal data to us unless we prompt you to do so and the individual has consented to having their data shared.
3. Providing your personal data to others.
3.1 We may disclose your personal data to companies that we work with in advancing our social purpose and the business underlying it (including our subcontractors, suppliers, and vendors) insofar as reasonably necessary for the purposes set out in this policy. Registration for the annual meeting through a third-party software is an example of this. All the vendors AREMA uses are compliant with personal data security. For more information on these vendors please contact AREMA.
3.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.3 In cases where pursuing AREMA’s vision involves partnering with an outside organization and sharing personal data, we will request the appropriate permission from the applicable individuals. This applies in cases like the biennial Railway Interchange Event.
3.4 Financial transactions relating to our websites and services may be handled by our payment services provider, PayPal, and the payment service providers of our subcontractors and suppliers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. Financial information will in no way be used for marketing purposes, nor will they be shared with any third parties unless the third party manages the billing for AREMA. You can find information about the payment services providers' privacy policies and practices at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
3.5 Each such third party will act as a data controller in relation to the data that we supply to it; its own privacy policy will govern that third party's use of your personal data. When contacting you, each such third party will supply a copy of their privacy policy upon request. The privacy policies of these currently used third-party vendors can be seen at:
3.6 In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.7 If in the future we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that purpose and any other relevant information.
4. Retaining and deleting personal data
4.1 This Section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data while maintaining the integrity of stakeholder information.
4.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary.
4.3 To maintain historical and statistical information, member data will be retained indefinitely. Non-member data will be retained a maximum of seven years. These policies will be superseded upon individual and direct request, in writing, that personal data be expunged.
4.4 Notwithstanding the other provisions of this Section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. Amendments
5.1 We may update this policy from time to time by publishing a new version on our website.
5.2 We may notify you of changes to this policy by email.
6. Rights under GDPR
6.1 Under GDPR, EU- and EEA-based website visitors and stakeholders have the right to request access to one’s data, amend (rectify) this data, limit our processing of this data, right to request the withdrawal of this data, and have the data shared with you in a timely manner via a commonly-used, machine-readable format.
6.2 Although only bound by law to provide these services to EU-based individuals, AREMA values the privacy and protection of all our stakeholders.
6.3 To the extent that the legal basis for our processing of your personal data is:
- consent; or
- necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
6.4 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
6.5 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. If you wish to withdraw your consent, please contact AREMA Headquarters:
Membership Department
(301) 459-3200
membership@arema.org
6.6 You may exercise any of your rights in relation to your personal data by written notice to us:
Membership Department
AREMA
4501 Forbes Boulevard, Suite 130
Lanham, MD 20706
7. About cookies
7.1 A “cookie” is a small summary text file that is stored by your mobile phone (e.g., iPhone or Android) or by your browser (e.g., Internet Explorer, Chrome, Firefox, Safari or Opera). Cookies allow a website to store such things as user preferences, allowing the website to recognize a user and respond appropriately. When you access any AREMA website, we may use cookies to help provide you with a better, more relevant and faster experience with us and our websites. There are several different types of cookies based on their use:
- Some cookies we use to remember your preferences for tools found on our websites, so you don't have to reenter them each time you switch a page or each time you visit. They will remember your user login, the language you prefer and other things such as what video streaming speeds you use. In some cases, the information used by cookies may be considered personal information if you are reasonably identifiable based on information readily available to us.
- Some cookies are created and used by web analytics software (such as Google Analytics) to track how many individual unique users we have, and how often they visit the site. Unless you are signed into the site, these cookies cannot be used to identify you personally. If you are logged in, the login process links you to your stored membership record that includes your username and email address.
- Some cookies are used by geo-targeting software, which tries to identify what country you are in based on the information supplied by your browser when it requests a webpage. This cookie is completely anonymous and is only used to help target content and advertising.
7.2 When you register with us, we generate cookies that signal whether you are signed in or not. We use these cookies to determine which account you are signed in with, and if you should get access to a service. It also allows us to associate any comments you post with your Advertising cookies.
8. Cookies used by our service providers
8.1 Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
8.2 We use Google Analytics to analyze the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy.
8.3 Third parties that we use in conjunction with our webpages may also set their own anonymous cookies, for the purposes of tracking the use of their application or tailoring the application for you. Because of how cookies work, we cannot access these cookies, nor can the third parties access the data in cookies used by us. The privacy policies of these currently used third-party vendors can be seen at:
9. Managing cookies
9.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- https://support.google.com/chrome/answer/95647?hl=en (Chrome);
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
- https://help.opera.com/en/latest/web-preferences/#cookies (Opera);
- https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
- https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
- https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
9.2 Blocking all cookies will have a negative impact upon the usability of many websites.
10. Our details
10.1 Our websites are owned and operated by AREMA.
10.2 Our principal place of business is at:
AREMA
4501 Forbes Boulevard, Suite 130
Lanham, MD 20706
10.3 You can contact us:
- by post, to the postal address given above or;
- by emailing us at info@arema.org
11. Data protection point of contact
11.1 For any issues related to data protection please contact:
Director, Information Technology Services
info@arema.org
11.2 This contact may be changed as needed by AREMA.
12. Copyright and Trademark Notices
The content of material provided by AREMA is copyrighted by AREMA or used by AREMA under license. AREMA and its licensors retain all copyrights and other proprietary rights in or relating to any content, including any software, provided. All rights are reserved, and such content may not be reproduced, downloaded, modified, published, displayed, disseminated, or transferred, in any form or by any means, except with the prior written agreement of AREMA. You may not sell, transfer, reproduce, transmit, distribute, perform or display such content for any commercial purpose without the prior express written consent of AREMA.