The privacy of all individuals that interact with the National Institute of Building Sciences (Institute) is important to us, as is the Institute's ability to be transparent about how we collect, use, and share information about you. This notice is intended to help you understand:

• What information we collect about you
• How we use information we collect
• How we share information we collect
• How we store and secure information we collect
• How to access and control your information
• Other important privacy information

Data Collected

The Institute collects information about you when you provide it to us or when you use the Institute's offerings, or when it is provided by one of the Institute's vendors or suppliers working in support of our offerings by interacting with you. Personal data collected by the Institute generally includes:

• Name;
• Employer and Title;
• Contact information (Address, Phone number(s), E-mail address);
• Professional credentials (including license or member numbers) and experience; and
• Payment information (only for purchased offerings, such as but not limited to membership, training programs, or events, typically in the form of credit card or check information).

The Institute does not collect sensitive Personally Identifiable Information (PII) such as social security numbers, or Protected Health Information (PHI).

How Personal Data is Collected

The Institute collects personal data under various circumstances. Most common are when an individual:

• Becomes a member of the Institute and/or its Councils;
• Registers for a conference or similar in-person event;
• Registers for a webinar, continuing education course or other online offering;
• Completes a form to download information from the Institute website;
• Participates as a speaker, author, or in a similar capacity;
• Purchases a product;
• Subscribes to a publication, product or service;
• Participates in Institute surveys; or
• Offers products or services in response to requests for proposals or as contractors to the Institute.

Account and Profile Information: We collect information about you when you register for an account on our websites or a vendor's/supplier's website, create or modify your profile, set preferences, sign-up for e-mails or newsletters, or make purchases. We also keep track of your e-mail preferences when you select settings within our offerings.

Payment Information: We collect certain payment and billing information for certain paid offerings. For example, we ask you to designate a billing representative, including name and contact information, upon membership or event registration. You might also provide payment information, such as payment card details, which we collect via our vendor's secure payment processing offerings, such as meeting and training registrations or report downloads.

Your use of our offerings: We keep track of certain information about you when you visit and interact with any of our offerings. This information includes your engagements with the Institute; the features you use; publications and e-mails you receive; events and meetings you attend; the links you click on; the downloads or uploads you complete; and how you interact with the Institute using our offerings.

Device and Connection Information: We log general information about your computer, phone, tablet, or other devices you use to access the Institute's websites and offerings. This device information includes your connection type and settings when you install, access, update, or use our offerings. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. How much of this information we collect depends on the type and settings of the device you use to access our offerings and websites.

Cookies and Other Tracking Technologies: The Institute and our third-party partners, such as our advertising, e-mail marketing and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Websites, offerings and devices.

How Personal Data is Used

How we use the information we collect depends in part on which of the Institute's offerings you use, how you use them, and any preferences you have communicated to the Institute. Below are the specific purposes for which we use the information we collect about you.

• Membership administration;
• Provision of member benefits;
• Delivery of products and services;
• Management of subscriptions;
• Communication of Institute events, products, services, offerings, benefits and opportunities;
• Direct marketing;
• Member and customer data analysis;
• Development of membership rosters or directories; and
• Product and services customization and development.

Legal Basis for Collecting and Processing Personal Data (for EU citizens)

If you are a citizen of the European Union (EU), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on our offerings you use and how you use them. This means we collect and use your information only where:

• We need it to provide you our offerings, including to operate our offerings, provide support and personalized features and to protect the integrity and security of our offerings;
• It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for industry information and engagement, to market and promote our offerings and to protect our legal rights and interests;
• You provide the Institute unambiguous, explicit consent to do so for a specific purpose; or
• We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. a vendor or industry partner) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may result in you no longer using the Institute's offerings.

Third Parties with Which Personal Data May Be Shared

The Institute may share personal data with several other parties. These include:

• Sponsors of Institute activities;
• Exhibitors at Institute events;
• Publishers of Institute publications;
• Professional or licensing bodies for the purpose of reporting continuing education; and
• Service providers who perform functions such as marketing, research, shipping and fulfillment.

In exceptional circumstances, we may share information about you with a third-party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect the Institute, our members, or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires the Institute to disclose information to assist in preventing the death or serious bodily injury of any person.

Site of Processing and Storage of Personal Data

We use server, data, application, and website hosting service providers based in the United States to store the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is 100% safe from intrusion by others. The Institute will make its best efforts in good faith to ensure that systems and databases under its control are appropriately secured, and that service providers and vendors utilized conform with leading cybersecurity practices.

Personal Data Automatically Collected

The Institute may collect certain personal data automatically, in particular of individuals visiting the Institute's websites, using cookies and other technologies.

Data Retention

Personal data may be retained by the Institute for so long as necessary or useful to pursue the legitimate interests of the Institute. Other factors may include: the duration of the business or contractual relationship between the Institute and an individual; archiving of historical information; and legal requirements, including limitations periods during which a legal claim might be brought.

Individual Rights Regarding Personal Data

You have the right to request a copy of your information, to object to our use of your information (including for marketing/communication purposes), to request the deletion or restriction of your information, to request that the Institute correct any errors or incompleteness in your personal data, or to request your information in a structured, electronic format. You can exercise some of the choices by logging into our web-based offerings and using settings available within your account.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which the Institute is permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

Third Party Provided Content

The Institute does not screen or monitor content to its websites provided by third-parties. The Institute retains the rights, but not the responsibility, to edit or remove any third-party provided content and/or terminate a user's account for any reason in its sole discretion. By accessing third-party provided content you acknowledge that the Institute has no obligation or liability relating to any such content or activities of users on the websites.

By providing content you acknowledge that such content does not violate any applicable local, state national or international laws; is not confidential or proprietary; is not unlawful, inaccurate, deceptive, offensive, threatening, defamatory, harmful or objectionable; and is not designed to disrupt computer software or hardware or telecommunications equipment the Institute's or other's websites or associated services.

Contact

Inquiries regarding this privacy notice or other privacy concerns should be directed to:

National Institute of Building Sciences
1090 Vermont Avenue, NW, Suite 700
Washington, DC 20005-4950
(202) 289-7800 x131 phone
(202) 289-1092 fax
www.nibs.org
nibs@nibs.org

Policy Updates

The Institute may change or update this privacy policy periodically. We will post any privacy policy changes on this page. We will also maintain an archive of prior versions of this policy which can be made available upon request. We encourage you to review this privacy policy whenever you use our offerings to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this privacy policy, you will need to halt your usage of the Institute's offerings and deactivate all account(s) with the Institute.

Last Updated: January 22, 2020