Privacy Policy

Last Updated: April 23, 2025

Data Management Association International, Inc. (“DAMA-I,” “we,” “our,” or “us”) is recognized as the world's leading data management professional association. We strive to provide our members, customers, and other users of our website with the best products and services available and recognize that building a long-term business relationship with you depends a great deal on trust. We provide this privacy notice to describe how we collect, use, share, and otherwise process the personal information we collect.

Personal Information We Collect
DAMA-I collects personal information directly from you primarily to respond to your questions and requests, including those related to certification and membership. We also collect certain types of customer information automatically, such as your IP address when you visit our website. Finally, we may get information about you from third parties, such as an updated mailing address from a shipping vendor or an employment background check from a provider of those services.

DAMA-I collects the following categories of personal information:

Category of Data Source of Data Business or Commercial Purpose
of Processing
Name, contact
information, and
other identifiers
We usually collect this
information directly from
you. In some cases, we
might collect your
information from someone
else, such as proctors of
certification exams or
providers of employment
background checks.
Communicate with you. Provide the
products, services, or information
you have requested or purchased.
Manage our human resources and
meet legal requirements.
Commercial
information, including
products or services
purchased, obtained,
or considered
We collect this information
when you purchase our
products or services.
Provide the products or services that
you have requested or purchased.
Evaluate and improve the provision
of our products or services.
Financial data such
as bank account
numbers, credit or
We collect bank account
information from employees,
contractors, vendors, and
Provide the products, services, or
information you have purchased.
2
debit card numbers,
and similar
information
related persons for payment
purposes.
Manage our human resources and
meet legal requirements.
Internet and other
electronic network
activity
When you visit our website,
our systems automatically
collect information such as
IP address, browser type
and language, operating
system, device type, and
hardware attributes. We
collect information such as
browsing activity on our site,
ads viewed or clicked, and
search terms used.
Communicate with you. Evaluate
and improve our systems and
websites. Diagnose technical issues
and ensure the security of our
systems and data.
Geolocation When you visit our website,
you provide DAMA-I with a
general location associated
with your IP address.
Provide location-specific notices and
services.
Audio, electronic,
visual, or similar
information
You may choose to access
our social media platforms,
where you may choose to
provide photos and other
user-generated content.
Communicate with you.
Professional or
employment-related
information
We collect this information
from job applicants,
employees, former
employees, and related
persons, as a normal part of
our human resources
processes. We may also
collect this information from
third-party networking sites,
such as LinkedIn or service
providers.
Manage our human resources and
meet legal requirements.
Education Identifiers We collect this information
from job applicants,
employees, former
employees, and related
persons, as a normal part of
our human resources
Manage our human resources and
meet legal requirements.
3
processes. We may also
collect this information from
third-party networking sites,
such as LinkedIn or service
providers.
Sensitive Personal
Information
Under some circumstances,
we may collect Social
Security, driver’s license,
state identification card, or
passport numbers, racial or
ethnic origin identifiers, and
information about religious
or philosophical beliefs from
job applicants, employees,
and related persons, as part
of our legally required
human resources
processes. Under some
circumstances, we may
collect health information.
Manage our human resources and
meet legal requirements. DAMA-I
does not collect or process sensitive
personal information for the purpose
of inferring characteristics about any
individual.
Protected
classifications under
federal law
We collect this information
only as required by law,
typically in requests for
voluntary self-identification
as part of the employment
process. See,
https://www.eeoc.gov/public
ations/employersguide#:~:text=If%20an%20e
mployer%20invites%20appli
cants%20to%20voluntarily,u
sed%20only%20in%20acco
rdance%20with%20the%20
ADA.
Manage our human resources and
meet legal requirements.
Other You may choose to provide
additional personal
information, such as your
opinions, experiences, or
suggestions, when
communicating with us.
Communicate with you.
4

We do not use automatic decision-making or engage in profiling that results in legal
effects or similarly significant effects on you. We do not collect biometric information.

Retaining Your Personal Information
We retain personal information only as long as necessary for the purposes provided in this notice or to meet other legal, regulatory, tax, or accounting requirements. In general, we retain your personal information for five years after your DAMA-I membership ends or seven years after your DAMA-I certification expires. Data and records retention is managed pursuant to a Record Retention Policy adopted by the Board of Directors.

We may retain an anonymized form of your personal data, which will no longer refer to
you or have personally identifying information, for an indefinite period.

Sharing and Selling Your Personal Information
DAMA-I will not sell, rent, or lease your personal information to others outside of DAMAI without your permission, and has not done so within the last twelve (12) months.

Disclosing Your Personal Information
DAMA-I discloses your personal information to other DAMA-I entities and/or business
partners for our business and operational purposes. For example, we may disclose
your personal information to the vendor who currently manages registration and
administration of the testing for the CDMP® certification process , and your personal
information may reside in the IT infrastructure of various external providers of IT
services. These DAMA-I entities and/or business partners are governed by our privacy
policies with respect to the use of this data and are bound by this Privacy Policy and
applicable confidentiality agreements. The table below lists the categories of personal
information we have disclosed to third parties for a business purpose in the preceding
twelve (12) months:

Category of Data Category of Recipients Business or Commercial
Purpose of Disclosure
Name, contact
information, and other
identifiers
Service providers Communicate and conduct
business with you. Evaluate
and improve our systems and
websites. Diagnose technical
5
issues and ensure the security
of our systems and data.
Commercial
information, including
products or services
purchased, obtained, or
considered
Service providers Communicate and conduct
business with you. Evaluate
and improve our systems and
websites. Diagnose technical
issues and ensure the security
of our systems and data.
Financial data such as
bank account numbers,
credit or debit card
numbers, and similar
information
Service providers Communicate and conduct
business with you. Pay
contractors.
Internet and other
electronic network
activity
Service providers Communicate and conduct
business with you. Evaluate
and improve our systems and
websites. Diagnose technical
issues and ensure the security
of our systems and data.
Geolocation Service providers Provide location-specific
notices and services.

As a benefit to DAMA-I members and certificants, DAMA-I will include your name and relevant biographical information in our Member Directory. Your name and personal information will not be included unless you affirmatively request DAMA-I to do so. In addition, if at any time you would like to have your name removed, please follow the directions given below to opt-out.

Your Privacy Options
You have the following options available to manage your personal data: Request access to personal information: You may request that we disclose: (1)the categories of personal information we have collected about you; (2) the sources from which we collected the personal information; (3) the business or commercial purpose for the collection, selling or sharing of personal information; (4) the categories of third parties to whom we disclose personal information; (5) the categories of personal information that we sold or disclosed for a business purpose; and (6) the specific pieces of personal information we have collected about you.
Request to opt-out: You may request to opt out of the sale or sharing of your personal information, the use of your personal information for targeted advertising, and the use of your personal information for profiling.
Request to correct: If you find that we have inaccurate personal information about you, you may request that we correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of processing the personal information.
Request to delete: You may request that we delete your personal information.
Request data portability: You may request a copy of your personal data in a portable and readily usable format that allows you to transmit the data to another controller without impediment. We will not discriminate or retaliate against you for exercising your privacy options.

Methods for submitting your data subject request If you wish to submit a data subject request or have any questions or concerns about our privacy policies and information practices, please do so by submitting an email request to privacy@DAMA.org or by mailing a written request to DAMA International, Inc., 2512 East Evergreen Blvd #1023, Vancouver, WA 98661-4323. To protect your privacy, we will take reasonable steps to verify your identity before accepting and processing your request. You may designate an authorized agent to make a request. The agent will follow the same procedures described above. If you use an authorized agent, we may require proof that the agent acts on your behalf.

Links to Third Party Websites
Links to third party web sites are provided solely as a convenience to you. If you use these links, you will leave the Site. DAMA-I has not reviewed all these third-party sites and does not control and is not responsible for any of these sites, their content or their privacy policies. Thus, DAMA-I does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites linked to this Site, you do this entirely at your own risk.

Children's Privacy
We do not knowingly collect any information from children under the age of 18. If we learn that a child under the age of 18 has provided us with personal information, we will delete it in accordance with applicable law. If you are a parent or guardian and believe we have inadvertently collected information from your child in a manner not permitted by law, please contact us via email at privacy@DAMA.org

Privacy Policy Updates
If there are updates to the terms of this Privacy Policy, we will post those changes and
update the revision date listed on this document, so you will always know what
information we collect online, how we use it, and what choices you have.

How to Contact Us
DAMA-I is the entity responsible for your information under this Privacy Policy. If you
have any questions about this Policy, or about our data privacy practices, please
contact us via email at privacy@DAMA.org or by mail at 2512 East Evergreen Blvd
#1023, VANCOUVER, WA 98661-4323.

For Those Residing Outside The US
Here are some important points which apply to residents of countries other than the US:
Controller (also known as Data Controller, Personal Information Handler, APP Entity, or Organization) - The controller is Data Management Association International, Inc. You may contact us via email at privacy@DAMA.org or by mail at 2512 East Evergreen Blvd, #1023, Vancouver, WA 98661-4323.
Data Protection Officer (DPO) – DAMA-I does not have a data protection officer; however, you may contact our privacy team by sending an email to privacy@DAMA.org.
Failure to Provide Personal Data - If you fail to provide the personal data we request we may be unable to respond to your communications or provide Products and Services to you.
Legal Basis - The table below shows the legal basis for processing your personal data, which depends on our purpose for processing the data.

Purpose of Processing Legal Basis
Provide the products, services, or
information you have requested or
purchased.
Manage our human resources
Processing is necessary for the
formation or performance of a contract
with you.
Meet legal requirements (related to
human resources)
Provide location-specific notices
Processing is necessary for our
compliance with legal obligations.
Diagnose technical issues and ensure
the security of our systems and data
Processing is necessary for our
legitimate interest in ensuring network
and information security.
Evaluate and improve our systems and
websites.
Processing is necessary for our
legitimate interest in ensuring and
improving the quality of our products
and services, including our website.
Communicate with you Processing is done with your consent.
Where legitimate interest is not a valid legal basis our legal basis is your
consent.

Transfers – DAMA-I is a US legal entity, separate from its chapters which are separately
incorporated entities with affiliation agreements with DAMA-I. Personal information you
provide to DAMA-I goes directly to the US; there is no transfer of personal information
between legal entities. US laws and regulations may not be as protective of your
personal privacy as the laws and regulations in your country. However, we will comply
with applicable extraterritorial legal and regulatory obligations in relation to your
personal data