DAMA International Privacy Policy
Last Updated: April 23, 2025
Data Management Association International, Inc. (“DAMA-I,” “we,” “our,” or “us”) is recognized as the world's leading data management professional association. We strive to provide our members, customers, and other users of our website with the best products and services available and recognize that building a long-term business relationship with you depends a great deal on trust. We provide this privacy notice to describe how we collect, use, share, and otherwise process the personal information we collect.
Personal Information We Collect
DAMA-I collects personal information directly from you primarily to respond to your questions and requests, including those related to certification and membership. We also collect certain types of customer information automatically, such as your IP address when you visit our website. Finally, we may get information about you from third parties, such as an updated mailing address from a shipping vendor or an employment background check from a provider of those services.
DAMA-I collects the following categories of personal information:
| Category of Data | Source of Data | Business or Commercial Purpose of Processing |
| Name, contact information, and other identifiers | We usually collect this information directly from you. In some cases, we might collect your information from someone else, such as proctors of certification exams or providers of employment background checks. | Communicate with you. Provide the products, services, or information you have requested or purchased. Manage our human resources and meet legal requirements. |
| Commercial information, including products or services purchased, obtained, or considered | We collect this information when you purchase our products or services. | Provide the products or services that you have requested or purchased. Evaluate and improve the provision of our products or services. |
| Financial data such as bank account numbers, credit or debit card numbers, and similar information | We collect bank account information from employees, contractors, vendors, and related persons for payment purposes. | Provide the products, services, or information you have purchased. Manage our human resources and meet legal requirements. |
| Internet and other electronic network activity | When you visit our website, our systems automatically collect information such as IP address, browser type and language, operating system, device type, and hardware attributes. We collect information such as browsing activity on our site, ads viewed or clicked, and search terms used. | Communicate with you. Evaluate and improve our systems and websites. Diagnose technical issues and ensure the security of our systems and data. |
| Geolocation | When you visit our website, you provide DAMA-I with a general location associated with your IP address. | Provide location‑specific notices and services. |
| Audio, electronic, visual, or similar information | You may choose to access our social media platforms, where you may choose to provide photos and other user‑generated content. | Communicate with you. |
| Professional or employment‑related information | We collect this information from job applicants, employees, former employees, and related persons, as a normal part of our human resources processes. We may also collect this information from third-party networking sites, such as LinkedIn or service providers. | Manage our human resources and meet legal requirements. |
| Education Identifiers | We collect this information from job applicants, employees, former employees, and related persons, as a normal part of our human resources processes. We may also collect this information from third-party networking sites, such as LinkedIn or service providers. | Manage our human resources and meet legal requirements. |
| Sensitive Personal Information | Under some circumstances, we may collect Social Security, driver’s license, state identification card, or passport numbers, racial or ethnic origin identifiers, and information about religious or philosophical beliefs from job applicants, employees, and related persons, as part of our legally required human resources processes. Under some circumstances, we may collect health information. | Manage our human resources and meet legal requirements. DAMA-I does not collect or process sensitive personal information for the purpose of inferring characteristics about any individual. |
| Protected classifications under federal law | We collect this information only as required by law, typically in requests for voluntary self-identification as part of the employment process. See, https://www.eeoc.gov/publications/employers-guide#:~:text=If%20an%20employer%20invites%20applicants%20to%20voluntarily,used%20only%20in%20accordance%20with%20the%20ADA. | Manage our human resources and meet legal requirements.
|
| Other | You may choose to provide additional personal information, such as your opinions, experiences, or suggestions, when communicating with us. | Communicate with you. |
Retaining Your Personal Information
We retain personal information only as long as necessary for the purposes provided in this notice or to meet other legal, regulatory, tax, or accounting requirements. In general, we retain your personal information for five years after your DAMA-I membership ends or seven years after your DAMA-I certification expires. Data and records retention is managed pursuant to a Record Retention Policy adopted by the Board of Directors.
We may retain an anonymized form of your personal data, which will no longer refer to you or have personally identifying information, for an indefinite period.
Sharing and Selling Your Personal Information
DAMA-I will not sell, rent, or lease your personal information to others outside of DAMA-I without your permission, and has not done so within the last twelve (12) months.
Disclosing Your Personal Information
DAMA-I discloses your personal information to other DAMA-I entities and/or business partners for our business and operational purposes. For example, we may disclose your personal information to the vendor who currently manages registration and administration of the testing for the CDMP® certification process, and your personal information may reside in the IT infrastructure of various external providers of IT services. These DAMA-I entities and/or business partners are governed by our privacy policies with respect to the use of this data and are bound by this Privacy Policy and applicable confidentiality agreements. The table below lists the categories of personal information we have disclosed to third parties for a business purpose in the preceding twelve (12) months:
| Category of Data | Category of Recipients | Business or Commercial Purpose of Disclosure |
| Name, contact information, and other identifiers | Service providers | Communicate and conduct business with you. Evaluate and improve our systems and websites. Diagnose technical issues and ensure the security of our systems and data. |
| Commercial information, including products or services purchased, obtained, or considered | Service providers | Communicate and conduct business with you. Evaluate and improve our systems and websites. Diagnose technical issues and ensure the security of our systems and data. |
| Financial data such as bank account numbers, credit or debit card numbers, and similar information | Service providers | Communicate and conduct business with you. Pay contractors. |
| Internet and other electronic network activity | Service providers | Communicate and conduct business with you. Evaluate and improve our systems and websites. Diagnose technical issues and ensure the security of our systems and data. |
| Geolocation | Service providers | Provide location‑specific notices and services. |
As a benefit to DAMA-I members and certificants, DAMA-I will include your name and relevant biographical information in our Member Directory. Your name and personal information will not be included unless you affirmatively request DAMA-I to do so. In addition, if at any time you would like to have your name removed, please follow the directions given below to opt-out.
Your Privacy Options
You have the following options available to manage your personal data::
Request access to personal information: You may request that we disclose: (1) the categories of personal information we have collected about you; (2) the sources from which we collected the personal information; (3) the business or commercial purpose for the collection, selling or sharing of personal information; (4) the categories of third parties to whom we disclose personal information; (5) the categories of personal information that we sold or disclosed for a business purpose; and (6) the specific pieces of personal information we have collected about you.
Request to opt-out: You may request to opt out of the sale or sharing of your personal information, the use of your personal information for targeted advertising, and the use of your personal information for profiling.
Request to correct: If you find that we have inaccurate personal information about you, you may request that we correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of processing the personal information.
Request to delete: You may request that we delete your personal information.
Request data portability: You may request a copy of your personal data in a portable and readily usable format that allows you to transmit the data to another controller without impediment.
We will not discriminate or retaliate against you for exercising your privacy options.
Methods for submitting your data subject request If you wish to submit a data subject request or have any questions or concerns about our privacy policies and information practices, please do so by submitting an email request to or by mailing a written request to DAMA International, Inc., 2512 East Evergreen Blvd #1023, Vancouver, WA 98661-4323. To protect your privacy, we will take reasonable steps to verify your identity before accepting and processing your request. You may designate an authorized agent to make a request. The agent will follow the same procedures described above. If you use an authorized agent, we may require proof that the agent acts on your behalf.
Links to Third Party Websites
Links to third party web sites are provided solely as a convenience to you. If you use these links, you will leave the Site. DAMA-I has not reviewed all these third-party sites and does not control and is not responsible for any of these sites, their content or their privacy policies. Thus, DAMA-I does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites linked to this Site, you do this entirely at your own risk.
Children's Privacy
We do not knowingly collect any information from children under the age of 18. If we learn that a child under the age of 18 has provided us with personal information, we will delete it in accordance with applicable law. If you are a parent or guardian and believe we have inadvertently collected information from your child in a manner not permitted by law, please contact us via email at privacy@DAMA.org
Privacy Policy Updates
If there are updates to the terms of this Privacy Policy, we will post those changes and update the revision date listed on this document, so you will always know what information we collect online, how we use it, and what choices you have.
How to Contact Us
DAMA-I is the entity responsible for your information under this Privacy Policy. If you have any questions about this Policy, or about our data privacy practices, please contact us via email at privacy@DAMA.org or by mail at 2512 East Evergreen Blvd #1023, VANCOUVER, WA 98661-4323.
For Those Residing Outside The US
Here are some important points which apply to residents of countries other than the US:
Controller (also known as Data Controller, Personal Information Handler, APP Entity, or Organization) - The controller is Data Management Association International, Inc. You may contact us via email at privacy@DAMA.org or by mail at 2512 East Evergreen Blvd #1023, Vancouver, WA 98661-4323.
Data Protection Officer (DPO) – DAMA-I does not have a data protection officer; however, you may contact our privacy team by sending an email to privacy@DAMA.org.
Failure to Provide Personal Data - If you fail to provide the personal data we request we may be unable to respond to your communications or provide Products and Services to you.
Legal Basis - The table below shows the legal basis for processing your personal data, which depends on our purpose for processing the data.
| Purpose of Processing | Legal Basis |
| Provide the products, services, or information you have requested or purchased. Manage our human resources | Processing is necessary for the formation or performance of a contract with you. |
| Meet legal requirements (related to human resources) Provide location‑specific notices | Processing is necessary for our compliance with legal obligations. |
| Diagnose technical issues and ensure the security of our systems and data | Processing is necessary for our legitimate interest in ensuring network and information security. |
| Evaluate and improve our systems and websites. | Processing is necessary for our legitimate interest in ensuring and improving the quality of our products and services, including our website. |
| Communicate with you | Processing is done with your consent. |
| Where legitimate interest is not a valid legal basis our legal basis is your consent. | |
Transfers – DAMA-I is a US legal entity, separate from its chapters which are separately incorporated entities with affiliation agreements with DAMA-I. Personal information you provide to DAMA-I goes directly to the US; there is no transfer of personal information between legal entities. US laws and regulations may not be as protective of your personal privacy as the laws and regulations in your country. However, we will comply with applicable extraterritorial legal and regulatory obligations in relation to your personal data.