DAMA International Privacy Policy
Last updated: 25 June 2026
Data Management Association International, Inc. (“DAMA International®,” “we,” “our,” or “us”) is recognized as the world's leading data management professional association. We strive to provide our members, customers, and other users of our website with the best products and services available and recognize that building a long-term business relationship with you depends a great deal on trust. We provide this privacy notice to describe how we collect, use, share, and otherwise process the personal information we collect. For details on the specific cookies we use and how to manage them, please see our Cookie Policy.
Personal Information We Collect
DAMA International® collects personal information directly from you primarily to respond to your questions and requests, including those related to certification and membership. We also collect certain types of customer information automatically, such as your IP address when you visit our website. Finally, we may get information about you from third parties, such as an updated mailing address from a shipping vendor or an employment background check from a provider of those services.
DAMA International® collects the following categories of personal information:
| Category of Data | Source of Data | Business or Commercial Purpose of Processing |
|---|---|---|
| Name, contact information, and other identifiers | We usually collect this information directly from you. In some cases, we might collect your information from someone else, such as proctors of certification exams or providers of employment background checks. | Communicate with you. Provide the products, services, or information you have requested or purchased. Manage our human resources and meet legal requirements. |
| Commercial information, including products or services purchased, obtained, or considered | We collect this information when you purchase our products or services. | Provide the products or services that you have requested or purchased. Evaluate and improve the provision of our products or services. |
| Financial data such as bank account numbers, credit or debit card numbers, and similar information | We collect bank account information from employees, contractors, vendors, and related persons for payment purposes. | Provide the products, services, or information you have purchased. Manage our human resources and meet legal requirements. |
| Internet and other electronic network activity | When you visit our website, our systems and service providers may automatically collect information such as your IP address, browser type and language, operating system, device type, hardware attributes, referring pages, pages viewed, clicks, scroll activity, time spent on pages, traffic sources, search terms used, and other information about how you interact with our website. | Communicate with you. Evaluate, maintain, secure, and improve our systems, websites, content, and user experience. Diagnose technical issues. Understand traffic patterns and site performance. |
| Geolocation | When you visit our website, you provide DAMA International with a general location associated with your IP address. | Provide location-specific notices and services. |
| Audio, electronic, visual, or similar information | You may choose to access our social media platforms, where you may choose to provide photos and other user-generated content. | Communicate with you. |
| Professional or employment-related information | We collect this information from job applicants, employees, former employees, and related persons, as a normal part of our human resources processes. We may also collect this information from third-party networking sites, such as LinkedIn or service providers. | Manage our human resources and meet legal requirements. |
| Education identifiers | We collect this information from job applicants, employees, former employees, and related persons, as a normal part of our human resources processes. We may also collect this information from third-party networking sites, such as LinkedIn or service providers. | Manage our human resources and meet legal requirements. |
| Sensitive personal information | Under some circumstances, we may collect Social Security, driver's license, state identification card, or passport numbers, racial or ethnic origin identifiers, and information about religious or philosophical beliefs from job applicants, employees, and related persons, as part of our legally required human resources processes. Under some circumstances, we may collect health information. | Manage our human resources and meet legal requirements. DAMA International does not collect or process sensitive personal information for the purpose of inferring characteristics about any individual. |
| Protected classifications under state or federal law | We collect this information only as required by law, typically in requests for voluntary self-identification as part of the employment process. | Manage our human resources and meet legal requirements. |
| Other | You may choose to provide additional personal information, such as your opinions, experiences, or suggestions, when communicating with us. | Communicate with you. |
Retaining Your Personal Information
We retain personal information only as long as necessary for the purposes provided in this notice or to meet other legal, regulatory, tax, or accounting requirements. In general, we retain your personal information for five years after your DAMA International® membership ends or seven years after your CDMP® certification expires. Data and records retention is managed pursuant to a Record Retention Policy adopted by the Board of Directors. We may retain an anonymized form of your personal data, which will no longer refer to you or have personally identifying information, for an indefinite period.
Sharing and Selling Your Personal Information
DAMA International® will not sell, rent, or lease your personal information to others outside of DAMA International® without your permission, and has not done so within the last twelve (12) months.
Disclosing Your Personal Information
DAMA International® discloses your personal information to other DAMA International® entities and/or business partners for our business and operational purposes. For example, we may disclose your personal information to the vendor who currently manages registration and administration of the testing for the CDMP® certification process, and your personal information may reside in the IT infrastructure of various external providers of IT services. These entities and/or business partners are governed by our privacy policies with respect to the use of this data and are bound by this Privacy Policy and applicable confidentiality agreements.
The table below lists the categories of personal information we have disclosed to third parties for a business purpose in the preceding twelve (12) months:
| Category of Data | Category of Recipients | Business or Commercial Purpose of Disclosure |
|---|---|---|
| Name, contact information, and other identifiers | Service providers | Communicate and conduct business with you. Evaluate and improve our systems and websites. Diagnose technical issues and ensure the security of our systems and data. |
| Commercial information, including products or services purchased, obtained, or considered | Service providers | Communicate and conduct business with you. Evaluate and improve our systems and websites. Diagnose technical issues and ensure the security of our systems and data. |
| Financial data such as bank account numbers, credit or debit card numbers, and similar information | Service providers | Communicate and conduct business with you. Pay contractors. |
| Internet and other electronic network activity | Service providers | Communicate and conduct business with you. Evaluate and improve our systems and websites. Diagnose technical issues and ensure the security of our systems and data. |
| Geolocation | Service providers | Provide location-specific notices and services. |
As a benefit to DAMA International® members and certificants, DAMA International® will include your name and relevant biographical information in our Member Directory. Your name and personal information will not be included unless you affirmatively request DAMA International® to do so. In addition, if at any time you would like to have your name removed, please follow the directions given below to opt out.
Website Analytics and Behavioral Insights
As referenced in the above table, we want to provide additional information about our collection and use of data generated by Internet activities. We use third-party analytics and website improvement tools to better understand how visitors use our website and to improve performance, navigation, content, and user experience. These tools only run after you provide consent through our cookie banner. You can change your preferences at any time by clicking the Cookie Settings button in the lower-left corner of any page on our website.
Google Analytics 4 helps us measure website traffic and usage trends. Google Analytics may collect information such as pages visited, traffic sources, approximate location derived from IP address, device and browser information, and interactions with our website. For more information, please review the Google Privacy Policy.
Microsoft Clarity helps us understand how visitors interact with our website through behavioral analytics tools, which may include heatmaps and session replay features. Clarity may collect information such as page interactions, clicks, scrolling activity, device information, browser information, and similar usage data. For more information, please review the Microsoft Privacy Statement.
AI Assistant
Our website includes an AI assistant that can answer questions about DAMA International, certifications, membership, and related topics in real time. The AI assistant is powered by Anthropic's Claude language model and is delivered through our own infrastructure hosted on Cloudflare.
Visitors are free to choose whether they would like to utilize the AI assistant and what they input into the AI assistant. By utilizing the AI assistant, you acknowledge that you understand the information you input may be used as set forth in this Privacy Policy and that you are interacting with a fully automated service, not a human. Here is how we handle the information input into the AI assistant:
- Information collected: the text of your question, the assistant's response, approximate location (country, region, city), language detected, and a timestamp.
- IP addresses: IP addresses are processed during your session for routing and abuse prevention but are cryptographically hashed before storage, so stored logs cannot be linked back to you.
- What we do not collect: names, email addresses, or any other directly identifying information from chat sessions.
- Use: operating the assistant, identifying common questions, fixing inaccurate responses, and improving the quality of future responses.
- Retention: chat logs are retained for 30 days and then automatically deleted.
- Third-party processors: messages you send to the AI assistant are processed by Anthropic (the provider of the Claude language model) and routed through Cloudflare (our hosting and edge network provider). For more information about how each of these providers handles data, please review their privacy policies.
Your Privacy Options
Depending on your jurisdiction, you may have the following options available to manage your personal data:
- Request access to personal information: You may request that we disclose: (1) the categories of personal information we have collected about you; (2) the sources from which we collected the personal information; (3) the business or commercial purpose for the collection, selling or sharing of personal information; (4) the categories of third parties to whom we disclose personal information; (5) the categories of personal information that we sold or disclosed for a business purpose; and (6) the specific pieces of personal information we have collected about you.
- Request to opt out: You may request to opt out of the sale or sharing of your personal information, the use of your personal information for targeted advertising, and the use of your personal information for profiling.
- Request to correct: If you find that we have inaccurate personal information about you, you may request that we correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of processing the personal information.
- Request to delete: You may request that we delete your personal information.
- Request data portability: You may request a copy of your personal data in a portable and readily usable format that allows you to transmit the data to another controller without impediment.
- Manage cookie preferences: You may accept or reject non-essential cookies at any time using the cookie banner on our website or by clicking the Cookie Settings button in the lower-left corner of any page.
We will not discriminate or retaliate against you for exercising your privacy options.
Methods for submitting your data subject request: If you wish to submit a data subject request or have any questions or concerns about our privacy policies and information practices, please do so by submitting an email request to privacy@dama.org or by mailing a written request to DAMA International®, Inc., 2512 East Evergreen Blvd #1023, Vancouver, WA 98661-4323. To protect your privacy, we will take reasonable steps to verify your identity before accepting and processing your request. You may designate an authorized agent to make a request. The agent will follow the same procedures described above. If you use an authorized agent, we may require proof that the agent acts on your behalf.
Links to Third-Party Websites
Links to third-party websites are provided solely as a convenience to you. If you use these links, you will leave the site. DAMA International® has not reviewed all these third-party sites and does not control and is not responsible for any of these sites, their content, or their privacy policies. DAMA International® does not endorse or make any representations about them, or any information, software, or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites linked to this site, you do this entirely at your own risk.
Children's Privacy
We do not knowingly collect any information from children under the age of 18. If we learn that a child under the age of 18 has provided us with personal information, we will delete it in accordance with applicable law. If you are a parent or guardian and believe we have inadvertently collected information from your child in a manner not permitted by law, please contact us via email at privacy@dama.org.
Privacy Policy Updates
If there are updates to the terms of this Privacy Policy, we will post those changes and update the revision date listed on this document, so you will always know what information we collect online, how we use it, and what choices you have.
How to Contact Us
DAMA International® is the entity responsible for your information under this Privacy Policy. If you have any questions about this Policy, or about our data privacy practices, please contact us via email at privacy@dama.org or by mail at 2512 East Evergreen Blvd #1023, Vancouver, WA 98661-4323.
For Those Residing Outside the US
Here are some important points which apply to residents of countries other than the US:
- Controller (also known as Data Controller, Personal Information Handler, APP Entity, or Organization): The controller is Data Management Association International, Inc. You may contact us via email at privacy@dama.org or by mail at 2512 East Evergreen Blvd #1023, Vancouver, WA 98661-4323.
- Data Protection Officer (DPO): DAMA International® does not have a data protection officer; however, you may contact our privacy team by sending an email to privacy@dama.org.
- Failure to Provide Personal Data: If you fail to provide the personal data we request, we may be unable to respond to your communications or provide products and services to you.
Legal Basis: The table below shows the legal basis for processing your personal data, which depends on our purpose for processing the data.
| Purpose of Processing | Legal Basis |
|---|---|
| Provide the products, services, or information you have requested or purchased. Manage our human resources. | Processing is necessary for the formation or performance of a contract with you. |
| Meet legal requirements (related to human resources). Provide location-specific notices. | Processing is necessary for our compliance with legal obligations. |
| Diagnose technical issues and ensure the security of our systems and data. | Processing is necessary for our legitimate interest in ensuring network and information security. |
| Evaluate and improve our systems and websites. | Processing is necessary for our legitimate interest in ensuring and improving the quality of our products and services, including our website. |
| Understand website usage through analytics and behavioral insights tools (such as Google Analytics 4 and Microsoft Clarity). | Processing is necessary for our legitimate interest in ensuring and improving the quality of our products and services, including our website. |
| Operate our AI assistant and improve its quality. | Processing is done with your consent. |
| Communicate with you. | Processing is done with your consent. |
Where legitimate interest is not a valid legal basis our legal basis is your consent.
Transfers: DAMA International® is a US legal entity, separate from its chapters which are separately incorporated entities with affiliation agreements with DAMA International®. Personal information you provide directly to DAMA International® goes directly to the US; in that case, there is no transfer of personal information between legal entities. Some of our service providers (such as Google, Microsoft, Anthropic, and Cloudflare) may process personal data in countries outside of your country of residence, including the United States. US laws and regulations may not be as protective of your personal privacy as the laws and regulations in your country. Where required by applicable law, we rely on Standard Contractual Clauses approved by the European Commission, or other appropriate safeguards, to ensure an adequate level of protection for personal data transferred outside of the European Economic Area, the United Kingdom, or Switzerland. We will comply with applicable extraterritorial legal and regulatory obligations in relation to your personal data.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have additional rights such as:
- Right to Withdraw Consent: withdraw consent to the processing of your personal data.
- Right to restriction of processing: restrict processing of your personal data provided that one of the following conditions is met:
- You dispute the accuracy of your data (restriction can be made for the duration of the review on our side).
- In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion.
- If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims.
- After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate interests outweigh yours.
- Right to object: object to data processing at any time (with effect for the future) if we collect and process personal data from you on the basis of our legitimate interests.
- Right to lodge a complaint: lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal information violates applicable law.