The Grocery Manufacturers Association (GMA)1 is deeply committed to personal privacy and the security of the personal information of everyone who interacts with our organization online. We value the trust of people who visit our website and engage with us digitally.
This policy also describes how GMA stores personal information, how we keep personal information secure, and the choices people have about what we do with their personal information.
GMA strives to make all reasonable, good-faith efforts to ensure the privacy of those who visit our website and engage with us digitally. All personal information is utilized appropriately for our legitimate and necessary business purposes, such as providing information about our organization, our events, and our services. And we believe all of our uses of personal information are within the reasonable expectations of anyone who shares their personal information with us.
II. HOW GMA COLLECTS PERSONAL DATA
GMA collects a wide variety of personal information in many different ways, such as when someone creates a GMA user account, registers for a conference or training event, joins a committee or working group, or submits a resume for employment consideration. This information is usually shared with us voluntarily and typically includes name, title, place of employment, employer address, and contact information. Other examples of our personal information collection include online bookstore purchase histories and biographical information for conference speakers.
Occasionally, GMA receives personal information from other sources, such as a partner organization that is assisting us with marketing one of our events. However, regardless of how we receive personal information, we remain respectful of everyone's privacy and limit our use of personal information to that which is both reasonable and reasonably expected (see Section III).
III. HOW GMA USES PERSONAL DATA
GMA primarily uses personal information to communicate with people who work for our member companies regarding industry updates and our offerings (member services, working group calls, meetings, conferences, webinars, training, publications, etc.). We also communicate with representatives of non-member companies regarding offerings available to non-member participants.
GMA makes all reasonable efforts to limit such communications to that which is reasonably necessary for our legitimate business interests. For example, we do not market our annual Legal Conference to everyone in our database, but instead select individuals with employee titles such as “counsel” and “attorney” to craft a targeted list of contacts most likely to be interested in this event.
Other uses of personal information include providing conference attendee lists (which are published via conference websites and apps), communicating with speakers and presenters for our events, and processing financial transactions.
GMA does engage various third parties for functions that it does not have the capacity to conduct with our own staff, which often necessitates sharing personal information with those third parties. Such functions include marketing GMA events (via Meetings & Incentives Worldwide), coordinating with speakers and presenters for our events (via Cadmium CD), and creating conference apps (via Touchpoint). These third parties will only use this personal information for the purpose for which it was shared.
GMA also conducts joint events with various partners, primarily the Food Marketing Institute (FMI). GMA and its partners do share personal information for the sole purpose of marketing such joint events.
While highly unlikely, exceptional circumstances may require GMA to use personal information in other manners or share it with outside parties, such as compliance with a court order or if we become aware of a matter that is an immediate threat to public safety.
Please note that GMA does not sell anyone's personal information to third parties. And while we track responses to marketing emails, this tracking does not include personal information (only raw data such as the number of “clicks” on a particular email).
IV. HOW GMA STORES PERSONAL DATA
Personal information is also stored on our website and the websites for our conferences and other events. In addition to storing cookies, the GMA website has a Career Center which collects resumes for positions at GMA and our member companies (resumes are kept for three years before being deleted). GMA conference and other event websites typically include attendee lists (name, title, and company) and more detailed information for conference speakers (including contact information).
GMA does not store financial information (such as credit card numbers) used for purchases. We do not have access to any financial information for online transactions, which are processed through PayPal. For paper or telephone purchases, all financial information is destroyed after the transaction has been processed.
GMA respects everyone's privacy and right to reasonably control the use of their personal information. Therefore, anyone may send an email to firstname.lastname@example.org and we will purge all of the sender's personal information from our records2 (though we may require additional information to determine where the personal data is stored).
V. HOW GMA SECURES PERSONAL DATA
Both the GMA website and our MatrixMaxx database are hosted by Amazon Web Services (AWS), which provides all technical security measures. For more information on AWS cloud security, please click here.
Additionally, both the GMA website and our database are protected by a secure socket layer (SSL), which is the industry standard security protocol. SSL encrypts web traffic between a user and the website or database, rendering any stolen or intercepted data useless unless it can be decrypted. Such decryption is virtually impossible even with access to state-of-the-art resources and technology.
Should GMA be the victim of a data breach, GMA will provide notice to all potentially impacted contacts within seventy-two (72) hours of discovery.
VI. ADDITIONAL INFORMATION
2 Not including purely transaction information such as conference attendance and bookstore purchases.