International Society of Hotel Associations

PRIVACY POLICY

International Society of Hotel Associations (hereinafter referred to as "the Association," "we," "us," or "our") is a nonprofit membership association headquartered in Boston, Massachusetts. We are committed to protecting the privacy and personal information of our members, website visitors, and all individuals who interact with us across the United States and Canada.

This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website, become a member, attend our events, or otherwise engage with us. Please read this policy carefully. By using our website or services, you agree to the terms described herein.

If you have questions or concerns, please contact us using the information provided in Section 12.

This Privacy Policy applies to:

• All visitors to our website (the "Site")
• Current and prospective members of the Association
• Attendees of Association events, conferences, and webinars
• Subscribers to our newsletters, publications, and communications
• Individuals who contact us by email, phone, or other means

This policy applies regardless of whether you are located in the United States or Canada, and we strive to comply with applicable privacy laws in both countries, including Massachusetts state law, applicable U.S. federal law, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), as well as applicable provincial privacy legislation.

3.1  Information You Provide Directly

We collect personal information that you voluntarily provide to us, including:

• Contact information: full name, mailing address, email address, and telephone number
• Professional information: job title, employer/organization name, and professional credentials
• Membership information: membership type, membership history, and committee or volunteer involvement
• Payment information: billing address and payment card details (processed securely through a third-party payment processor; we do not store full card numbers)
• Event registration details: session preferences, dietary requirements, and accessibility needs
• Communications: messages, feedback, and correspondence you send to us

3.2  Information Collected Automatically

When you visit our Site, we automatically collect certain technical information, including:

• Device and browser information: IP address, browser type and version, operating system, and device identifiers
• Usage data: pages viewed, links clicked, time spent on pages, referring URLs, and navigation paths
• Cookie and tracking data: information collected via cookies, web beacons, and similar technologies (see Section 6)

3.3  Information from Third Parties

We may receive information about you from third parties, such as:

• Payment processors and billing platforms
• Event management platforms and registration services
• Professional directories or partner organizations, where you have authorized sharing
• Social media platforms, if you interact with our social media accounts

4.  How We Use Your Information

We use the personal information we collect for the following purposes:

• Membership administration: processing applications, renewals, and maintaining member records
• Communications: sending newsletters, announcements, policy updates, and member benefits information
• Event management: registering attendees, processing payments, and coordinating Association programs
• Website operation: maintaining, improving, and securing our Site and digital services
• Customer support: responding to inquiries, resolving disputes, and providing assistance
• Legal compliance: fulfilling our legal obligations and enforcing our policies
• Analytics: understanding how our Site and services are used to improve member experience
• Fundraising and development: communicating about sponsorship and charitable giving opportunities, where applicable

We will not use your personal information for purposes materially different from those described above without your prior consent.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

• Service providers: We share information with vendors and service providers who perform functions on our behalf (e.g., payment processing, email delivery, event platforms, IT hosting), subject to confidentiality obligations.
• Member directory: With your consent, we may include your name and professional contact information in a member directory accessible to other members.
• Legal requirements: We may disclose information as required by law, court order, or government authority, or to protect the rights, property, or safety of the Association, our members, or the public.
• Business transfers: In the event of a merger, reorganization, or dissolution of the Association, personal information may be transferred to a successor organization under the same privacy protections.
• With your consent: We may share your information for any other purpose with your explicit consent.

6.  Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your experience. Cookies are small text files stored on your device that help us recognize returning visitors, analyze Site usage, and personalize content.

Types of cookies we use:

• Strictly necessary cookies: Required for the Site to function; they cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our Site (e.g., Google Analytics). These are collected in aggregate and anonymized where possible.
• Functional cookies: Remember your preferences and settings to improve your experience.

You may control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Site. We do not currently respond to "Do Not Track" browser signals, but we do not use tracking for cross-site behavioral advertising.

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Generally:

• Active member records are retained for the duration of your membership plus a period of seven (7) years to comply with legal and financial recordkeeping requirements.
• Website usage data and analytics are retained for up to twenty-four (24) months.
• Communications and correspondence are retained for a minimum of three (3) years.

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data disposal procedures.

We implement reasonable and appropriate technical, administrative, and physical safeguards to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction. These measures include:

• Encrypted transmission of data using Secure Socket Layer (SSL/TLS) technology
• Access controls limiting staff access to personal information on a need-to-know basis
• Regular security assessments of our systems and third-party service providers
• Incident response procedures in the event of a data breach

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights or freedoms, we will notify you and applicable regulatory authorities as required by law.

9.1  Rights of U.S. Members and Residents

Depending on your state of residence, you may have certain rights regarding your personal information, including the right to access, correct, or delete your data. Massachusetts residents may also have rights under Massachusetts data privacy law. We will respond to verifiable requests within the timeframe required by applicable law.

9.2  Rights of Canadian Members and Residents

Individuals in Canada have rights under PIPEDA and applicable provincial laws, including the right to access personal information we hold about you, request corrections, and withdraw consent to certain uses of your information. To exercise these rights, please contact our Privacy Officer (see Section 12).

9.3  General Rights

Regardless of location, you may:

• Access or update your membership profile information through your member account portal
• Opt out of marketing and promotional emails by clicking the "unsubscribe" link in any email we send
• Request a copy of the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information, subject to our legal retention obligations

To submit a privacy request, please contact us at the address listed in Section 12. We may need to verify your identity before fulfilling your request.

Our Site and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under this age without parental consent, we will take steps to delete such information promptly. If you believe we may have inadvertently collected information from a minor, please contact us immediately.

Our Site may contain links to third-party websites, resources, or partner organizations. This Privacy Policy applies solely to our Site and services. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal information.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

International Society of Hotel Associations

Attn: Privacy Officer

374 Marlborough Street

Boston, Massachusetts 02115

Email: info@isha.biz

Phone: +1-617-536-0590

We will respond to all privacy inquiries within thirty (30) days, or within the timeframe required by applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will notify you by posting the updated policy on our Site with a revised effective date and, where appropriate, by sending an email notification to members.

Your continued use of our Site or services following the posting of changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

International Society of Hotel Associations  ·  Boston, Massachusetts