This Privacy Notice (the “Privacy Notice”) relates to National Kitchen and Bath Association (“we”, “us”, “our” or “NKBA”) and can be found at the website NKBA.org website (the “Site”). We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:
The end of this Privacy Notice contains additional information for residents of California, Canada and the European Union.
Changes to the Site and this Privacy Notice
If you need extra help
If you would like help reading or understanding this notice (e.g., it is difficult for you to read or understand this Privacy Notice is in its current font size or format), please contact us.
The National Kitchen and Bath Association is a non-profit trade group that promotes professionalism in the kitchen and bath industry.
How you can contact us
Please contact us if you have any questions about this Privacy Notice or the information we hold about you.
If you wish to contact us, please:
Useful Words and Phrases
Please familiarize yourself with the following words and phrases as they have particular meanings in the EU Data Protection Laws and are used throughout this Privacy Notice:
Means any information from which a living individual can be identified.
This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion and indications of intentions about people (and their own expressions of opinion/intentions).
It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Special Categories of Personal Data
Means any information relating to:
Process or Processing
This covers virtually anything anyone can do with Personal Data, including:
What Information Do We Collect?
We collect different information about Members of the National Kitchen and Bath Association than we do non-members of the NKBA. We also collect information from visitors to our Site including visitors who purchase products from our NKBA store (“Site Visitors”), and the information we collect from Site Visitors may depend on whether the visitor is a Member or non-Member.
Personal information provided by you
We collect and Process personal information about you (including contact information such as your name, address, email addresses, mailing addresses and phone numbers (“your Contact Information”)) as follows.
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can.
Why Do We Process Your Data?
We use your Personal Data for the purposes set forth in the section “Personal information provided by you” and the purposes listed in this section. We are allowed to do so on certain legal bases go to section on “How is Processing Your Personal Data Lawful” which provides more detail on how processing your personal data is lawful.
We may record communications with you (such as telephone conversations) for the purpose of training and we will advise you on the call if we are recording the call.
We may ask you to confirm whether you would like us and other businesses that we specify to send you marketing messages when you tick the relevant boxes when you register as a Member or when you buy products from us in the NKBA store.
If you have consented to receive marketing from us, you can opt out at any time. See ‘Your Rights’ for further information.
A cookie is a small text file which is placed onto your computer (or other electronic device) when you use the Site. Browsers are typically set to create cookies automatically. You can choose to have your browser notify you when cookies are being written to your computer or accessed, or you can disable cookies entirely. By not using cookies, some of services on the Site may not function properly. To find out more about cookies, visit http://www.aboutcookies.org/.
Do Not Track (“DNT”) is a privacy preference that users can set in their web browsers. When a user turns on DNT, the browser sends a message to websites requesting that they don’t track the user. NKBA does not monitor any privacy preferences stored in DNT and will not therefore respond to or action any Do Not Track preferences that you may log in DNT. For more information about DNT, visit www.allaboutdnt.org.
If you are a Member we monitor your use of our Site through our third-party service providers, so we can both improve our Site and alert you to tasks that you may not have completed on the Site, for example failing to complete a job post in the Members section of the Site.
When Will We Delete Your Data?
The table below provides details about how long we will process your Personal Data.
|Data we process||How long this will be held for|
|Your Contact Information and Public Profile Information as a Member||The life of your Membership plus 3 years unless you are a certified Member in which we case we retain the information that is necessary to prove you attained certification.|
We do this in case you decide to rejoin NKBA as a certified Member. If you request us to delete your certification information after you cease to be a certified Member then we will do so but if you want to rejoin you will have to go through the whole recertification process again.
|If you purchase products from the NKBA store, your name, address and email address||3 years from the date of the purchase|
How Is Processing Your Personal Data Lawful?
We are allowed to process your personal data for at least the following reasons and legal basis in accordance with EU Data Protection Law:
You have given consent, such as opting in. We only send you unsolicited marketing materials if you have consented and opted in.
It is necessary for the performance of your contract for the purchase of products from the NKBA store; if we do not process your personal data we cannot process your purchase and ship the products to you.
Processing your Personal Data is also legal if it is based on our ‘legitimate interests’ for example, we analyze Members’ behavior on our Site to adapt the Site to ensure that we are providing information that is relevant for our Membership and we may send you marketing information about our products and services, To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that we do not intentionally intrude on your privacy more than necessary.
Manifestly public personal data
How We Keep Your Data Secure
We use technical and organizational measures to safeguard your Personal Data. For example, we use secure connections on our website when you register as a new Member or buy anything from our NKBA store and provide your Contact Information. This means that we convert your data into data that makes it harder for hackers to access your Personal Data on our Site (excluding the Personal Data you include in your Public Profile Information).
While we endeavor to use reasonable physical, organizational, technical and administrative procedures to protect to safeguard your Personal Data, no data transmission or storage system can be guaranteed to be perfectly secure. For at least this reason, we cannot guarantee the security or integrity of any Personal Data that is transferred from you or to you via the internet. If you have any particular concerns about your information or have reason to believe that your interaction with us is no longer secure, please contact us.
Who Will Have Access To Your Personal Data?
We may disclose your personal data to NKBA’s service providers for the purpose of obtaining their assistance with the Site and managing Member-related data. Key service providers who may access your Personal Data are:
The above service providers are data processors which means they process Your Personal Data on our documented instructions only.
We also share your Personal Data with Shopify who process your payment information when you buy something from the NKBA store. We pass your name, address and payment card information to them. They are a data controller of your Personal Data in their own right as a payment process provider. Please see their web site at https://www.shopify.com/legal/privacy for a copy of their privacy notice.
The NKBA is based in and your Personal Data is primarily stored in the United States. As such, and to the extent it is lawful, your Personal Data may be disclosed to or accessible by United States federal or state law enforcement.
The NKBA may aggregate and/or anonymize the Personal Data it collects and provide the aggregated and/or anonymized data to third parties for analytic or marketing purposes.
Transfers of your information out of the EEA
Notice To European Union Residents
If you are a data subject for the purposes of the EU Data Protection Law you have the following rights under that law.
These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal data, please contact firstname.lastname@example.org. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months. Please note that exceptions apply to some of these rights which we will apply in accordance with the law.
Right to access personal data relating to you
You may ask to see what Personal Data we hold about you and be provided with:
Requests for your Personal Data must be made to NKBA via GDPR form in writing and a copy will be retained on your file. If and to the extent the Site provides such functionality, you may also be able to obtain a copy of your information via such functionality.
To help us find the information easily, please give us as much information as possible about the type of information you would like to see.
If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.
There are certain types of Personal Data which we are not obliged to disclose to you, which include personal data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations.
Right to correct mistakes in your information
You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like us to do this, please:
If you are a Member, you may also be able to correct the mistake by logging into the Site and navigating to the page that lists your Contact Information or Public Profile Information. If the information is not correctable via the Site, you may correct it as described above.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please see the section on “Right to withdraw consent”
Rights in relation to automated decision taking/making
We do not currently carry out any automated decision making.
Right to prevent processing of personal data.
You may request that we stop processing your Personal Data temporarily if:
Right to erasure
You can ask us to erase your Personal Data where:
Right to withdraw consent
You have the right to withdraw consent you have given us at any point. This is a vital and necessary aspect of consent, and we are aware that you may wish to withdraw consent at any time. The following table lists the various ways in which you may withdraw your consent.
|Purpose for which consent was obtained from you:||How you have given your consent:||How you can withdraw consent|
|To receive direct marketing by e mail||Tick box on the NKBA site||Go to notifications|
What will happen if your rights are breached?
Depending on the applicable jurisdiction, you may be entitled to compensation for damage in the event your right of privacy is breached. By way of example, if you are a resident of the EU, you may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important you read this Privacy Notice – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. Similarly, if you are a resident of the European Union you may complain to the Information Commissioner’s Office, in which case information about how to do this is available on the website at www.ico.org.uk.
Notice to California Residents
Under California law, California residents may request a list of all third parties to which we have disclosed certain personal information (as defined by California law) during the preceding year for those third parties’ direct marketing purposes. If you are a California resident and would like to receive such a list, please contact us at the mailing address listed in the “Contact” section of the Site. For any such request, include the statement “California Privacy Rights” in the body of your request, as well as your name, street address, city, state, and zip code. Please provide enough information for us to determine if this applies to you. You must also attest to the fact that you are a California resident and provide a current California address for our response. Please note that we will not accept requests via the telephone, email, or by facsimile, and we are not responsible for notices that are not labeled or sent properly or that do not have complete information.
Notice to Canadian Residents
In certain Canadian jurisdictions you may have the right to request access to any of your personal information that we hold about you. You may withdraw consent to our further use of your personal information subject to legal and contractual restrictions at any time. To enquire about your right to request access or to withdraw consent please contact NKBA’s privacy officer at privacy@NKBA.org.