Privacy Policy

This Privacy Policy explains how the Model Risk Managers’ International Association (“MRMIA,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR). MRMIA is a non-profit professional association dedicated to supporting the global community of model risk management professionals.

1. Data Controller

Model Risk Managers’ International Association (MRMIA)
1600 Lena St, STE E3
Santa Fe, NM 87505
United States
Email: [email protected]
Phone: 505-670-7670

If required under GDPR, MRMIA will appoint an EU representative and update this section accordingly.

2. Personal Data We Collect

2.1 Data You Provide to Us
- Name, email address, phone number, postal address
- Professional details (job title, employer, specialization, credentials)
- Membership applications and renewal information
- Event and webinar registrations, attendance records, and participation preferences
- Donation information (excluding full payment card numbers, which are processed securely by third-party vendors)
- Volunteer involvement, committee participation, and speaker engagement records
- Communications you send to us (emails, forms, surveys, inquiries)

2.2 Data Collected Automatically
When you visit the MRMIA website, we may collect:
- IP address, device identifiers, browser type
- General geolocation data
- Website usage behavior and analytics
- Cookies and similar tracking technologies (see Section 10)

2.3 Data From Third Parties
Depending on your interaction with MRMIA, we may receive limited data from:
- Payment processors
- Event platforms and webinar hosting services
- Professional networks (e.g., LinkedIn, if you choose to connect)
- Partner organizations involved in joint initiatives

3. Legal Bases for Processing (GDPR Article 6)

3.1 Consent (Art. 6(1)(a))
Used for:
- Email newsletters and promotional communications
- Optional surveys and research participation
- Non-essential cookies
Consent may be withdrawn at any time.

3.2 Contractual Necessity (Art. 6(1)(b))
To manage:
- Membership applications and renewals
- Event registration and participation
- Delivery of member benefits and education programs

3.3 Legal Obligations (Art. 6(1)(c))
For compliance with laws, including:
- Tax reporting and donation records
- Non-profit governance requirements

3.4 Legitimate Interests (Art. 6(1)(f))
To support MRMIA’s non-profit mission, including:
- Improving services, events, and communications
- Maintaining secure systems and preventing fraud
- Conducting governance activities such as board and committee operations
- Sharing professional updates relevant to members
MRMIA balances these interests with your rights and freedoms.

4. How MRMIA Uses Personal Data

We use personal data to:
- Administer memberships and member services
- Coordinate events, conferences, committees, and educational programming
- Process donations and issue receipts
- Communicate organizational updates, professional content, and membership information
- Facilitate governance and volunteer activities
- Maintain accurate internal records
- Improve website functionality and user experience
- Comply with legal and regulatory obligations
MRMIA does not sell personal data under any circumstances.

5. Sharing and Disclosure of Personal Data

5.1 Service Providers (Data Processors)
We may share data with:
- Payment processors
- Email and communication service providers
- Event and webinar platforms
- IT and hosting providers
- Customer relationship and membership management systems
All processors operate under GDPR-compliant contracts.

5.2 Internal Organizational Roles
Personal data may be shared with:
- Board members
- Committee chairs
- Authorized volunteers
Only when necessary for administrative or governance functions.

5.3 Partners and Sponsors
Limited data may be shared for co-hosted events or professional collaborations, always with privacy protections in place.

5.4 Legal Requirements
We may disclose data if required to comply with laws, legal proceedings, or governmental requests.
MRMIA does not share personal data for third-party marketing

6. International Data Transfers

Because MRMIA operates internationally, personal data may be transferred outside the European Economic Area (EEA).
When we do so, we ensure the use of GDPR-approved safeguards, including:
- Adequacy decisions
- Standard Contractual Clauses (SCCs)
- Additional technical and organizational protections
You may request details on international transfer safeguards by contacting us.

7. Data Retention

MRMIA retains personal data only as long as necessary for the purposes collected, including:
- Membership and donation history
- Event participation records
- Legal, tax, audit, and governance requirements
- Historical records relevant to our professional mission
Once data is no longer required, it will be securely deleted or anonymized.

8. Your GDPR Rights

Under the GDPR, you may exercise the following rights:
- Right of Access – obtain a copy of your personal data
- Right to Rectification – correct inaccurate or incomplete data
- Right to Erasure – request deletion of your data
- Right to Restrict Processing
- Right to Object to processing based on legitimate interests
- Right to Data Portability
- Right to Withdraw Consent at any time
- Right to Lodge a Complaint with your national EU Data Protection Authority
To exercise these rights, contact: [email protected]

9. Data Security

MRMIA implements appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. However, no system is completely secure, and we cannot guarantee absolute protection.

10. Cookies and Tracking Technologies

The MRMIA website may use cookies to:
- Enhance user experience
- Improve website functionality
- Analyze usage data
- Support login and membership features
Where legally required, we request your consent before placing non-essential cookies.
You may disable cookies through your browser settings.

11. Children’s Privacy

MRMIA does not knowingly collect personal data from individuals under 16 years of age. If such data is discovered, it will be deleted promptly.

12. Changes to This Privacy Policy

This Privacy Policy may be updated periodically. Changes will be posted on the MRMIA website with an updated “Last Updated” date. Continued participation in MRMIA activities indicates acceptance of updates.

13. Contact Information