Introduction

The International Association of Amusement Parks and Attractions is a membership-based trade association for permanently located attractions dedicated to the preservation and prosperity of the global attractions industry. We take your privacy seriously. This privacy policy describes our practices regarding the collection and use of your personal data when you visit the websites or mobile applications linking to this privacy policy (including www.IAAPA.org, our “Site”) or otherwise use our services or interact with us. The term “personal data” as used in this privacy policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier, or one or more factors specific to you.

Who We Are

The International Association of Amusement Parks and Attractions is the controller and responsible for the personal data collected and used as described in this privacy policy (“IAAPA”, “we”, “us” or “our”). We are based in Orlando with offices at 9205 Southpark Center Loop, Suite 300, Orlando, FL 32819, United States of America. Information privacy is a constant responsibility so we may make changes to this privacy policy as we adopt new personal data and privacy practices. We will post any changes we make to this privacy policy on this page. Please check back frequently to see any updates or changes to this privacy policy.

How to Contact Us

If you have any questions or comments regarding this privacy policy or our collection or use of your personal data, please contact us:
-  By e-mail at InfoSec@IAAPA.org
-  By post at 9205 Southpark Center Loop, Suite 300, Orlando, FL 32819, United States of America

If you wish to confirm whether we are processing your personal data, have access to the personal data we may have about you, or exercise any other privacy rights described in this privacy policy, please fill out our Data Subject Access Request (DSAR) form.

We will provide reasonable access to your personal data at no cost to IAAPA members, trade show and conference attendees, and others upon request.

Requests to access or correct personal data made by residents of Hong Kong requires a Data Access Request (DAR) made in the prescribed form and submitted to our Hong Kong office. DAR forms are available from the website of the Office of the Privacy Commissioner for Personal Data  and should be submitted:
-  By e-mail at: InfoSec@IAAPA.org
-  By post at: Level 15, Zoroastrian Building, 101 Leighton Road, Causeway Bay, Hong Kong

Children and Privacy

Our Site is not directed to children under the age of 13. If you are not 13 years or older, do not use our Site. We do not knowingly attempt to solicit or receive personal data from children. If we learn that personal data of persons less than 13 years-of-age has been collected through our Site, we will take the appropriate steps to delete this information.

How We Collect and Use Your Personal Data

IAAPA collects personal data about our members and other customers. With a few exceptions, this information is limited to the kind of information found on business cards or company websites: first name, last name, job title, employer, phone number, professional address, professional e-mail, and area of expertise. We use this information to provide members and customers with goods and services, such as registration to and information about IAAPA events and expos, membership, subscriptions, certification, and more.

The information we collect includes:

  • Personal Data that You Give Us
    • Membership
      When you become an IAAPA member we collect information about your company that includes (but is not limited to) name of company, size, type, attendance, address, phone number, e-mail address. We may also collect your personal data including (but not limited to) name, professional address, professional phone number, and professional e-mail address.

      We process your personal data as is necessary for the performance of your membership agreement, or to answer questions or take steps at your request prior to you becoming a member. This includes processing your personal data for membership administration, to deliver membership benefits to you, and to inform you of IAAPA-related events, content, and other opportunities. IAAPA may also use this information to help understand our members’ needs and interests to better tailor our products and services to you as necessary in our legitimate interests.

      It is often the case that a company rather than an individual is a member of IAAPA, and there may be an associate of the company responsible for ensuring the company roster of individuals is kept up to date and accurate within the self-service IAAPA member portal.

    • Events
      We host many events throughout the year, including in-person events like IAAPA Attractions Expo and virtual events such as live webinars. Collectively these will be referred to as “events.” If you register for one of our events and you are a member, we will access the information in your member account to provide you with information and services associated with the event. If you are not a member and you register for one of our events, we will collect your name and contact information. IAAPA may employ third-party partners to collect, process, and manage registration information and use it to provide you with confirmation and services associated with the event. This information may also be used to contact you about future events and opportunities with IAAPA, where you have given your consent if required under the applicable law.

      We keep a record of your participation in IAAPA events as an attendee or presenter. This information may be used to provide you with membership services or to tell you about other events and services, provided you have given your consent if required under the applicable law. It may also be used to help us understand our members’ needs and interests to better tailor our products and services.

    • Payments
      You may choose to purchase goods or services from us using a payment card. We process payment cards, but do not store your information.

    • Content
      We offer a great deal of content to our members. In addition to producing our own original content, we partner with a third-party to produce IAAPA News Flash, a daily newsletter roundup of industry news published by media from around the world. In the e-mail and online versions of IAAPA News Flash, we will offer you links to other organizations that we believe will be useful to you. We are not responsible or liable for content provided by these third-party websites or personal data they may happen to gather from you.

      If you are a member, we pull the membership information you provided for your roster to create mailing lists, both print and digital. Mailing lists are provided to a third-party partner for distribution of content.

      Members may subscribe or unsubscribe from Funworld, IAAPA News Flash, and other communications at any time. We strive to honor your decision to unsubscribe from our communications to the fullest extent of our capabilities, but there is a chance you will still receive IAAPA communications for a period of time after you have requested to unsubscribe.

    • Research
      We regularly conduct surveys that we use to produce industry reports, identify member needs, and develop new products and services. Personal data may be collected to facilitate participation incentives (such as gift cards) as necessary in our legitimate interests, or where you have given your consent if required under the applicable law. Participation in surveys is voluntary.

    • Your Correspondence With Us
      If you correspond with us by e-mail, the postal service, or other form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of upcoming events, publications, or other services; or to keep a record of your complaint, accommodation request, and the like. If you wish to “erase” your personal data or stop our communications with you, please submit a completed DSAR form. In Hong Kong, please submit a DAR form in the prescribed form (available from the website of the Office of the Privacy Commissioner for Personal Data) to InfoSec@IAAPA.org or send to us by post to Level 15, Zoroastrian Building, 101 Leighton Road, Causeway Bay, Hong Kong.
  • Personal Data that We Collect
    Like most websites, our Site collects certain information automatically and stores it in log files. The information may include Internet protocol (IP) addresses, the region or general location where your computer or device is accessing the Internet, browser type, operating system, and other usage information about the use of our Site. We use this information to help us design our Site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. We also use cookies to help us to analyze the use of our Site to customize and improve the content and the layout of our Site. For more information about our use of cookies, please see our Cookie Policy.

  • Personal Data from Third Parties
    Sometimes we receive personal data about individuals from third parties. These can include third-parties that administer resources promoted by IAAPA, such as webinars, online learning, and registration.

“Do Not Track” Signals

We do not respond to web browser “do not track” signals. As such, your navigation of our Site may be tracked as part of the gathering of quantitative user information described above. If you arrive at our Site by way of a link from a third-party site that does respond to “do not track” requests, the recognition of any “do not track” request you have initiated will end as soon as you reach our Site.

When and How We Share Personal Data with Others

There are circumstances where we wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed in this privacy policy.

We will share your personal data with:

  • Our affiliates, branches, or associated offices.

  • Third-party vendors, consultants, and other service providers who we employ to perform tasks on our behalf. These companies include our payment processing providers, website analytics companies (e.g., Google Analytics), CRM service providers (e.g., Salesforce), e-mail service providers (e.g., Magnetmail), events management (e.g. Expotech, Experient), and others.

  • Our data center provider (based in the United States).

  • Advertising partners who enable us to deliver personalized ads to your devices or similar advertising where you have given your consent if required under the applicable law.

  • Our marketing partners who may contact you by post, email, telephone, SMS or by other means, subject to your consent if required under the applicable law. If you do not wish to be contacted, please see the Opting Out section of this privacy policy.
  • Another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution, or similar event. In the case of a merger or sale, we will permanently transfer your personal data to a successor company. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

  • Third parties including (without limitation) public authorities, to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce other agreements you may have with IAAPA, or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection). We reserve the right to release information that we collect to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.
  • Any other third party where you have provided your consent.


We may also share aggregated or anonymous information that cannot identify you with third parties. For example, we may disclose the number of visitors to our Site or the number of people who have downloaded a particular document.

In addition, we share member personal data in the following ways:

  • Member Directory
    To help our members connect, we offer access to a directory of our full membership. The information available in this directory includes company name, contact information, and company website. This information is only available to your fellow members. Members may request this information for no charge only once a year and are restricted from using it more than three times a year.

 

  • IAAPA Attractions Industry Marketplace
    IAAPA Attractions Industry Marketplace connects potential buyers with our manufacturer and supplier members through a searchable directory. We provide a third-party with the company and company member representative’s name, professional phone number, professional website, and professional e-mail address to list in the searchable directory. The third-party provider may reach out to you with additional opportunities to promote your listing in the directory.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Transferring Your Data from the EU to the United States

Our headquarters are located in Orlando, Florida, and we have offices in Alexandria, Virginia, United States; Brussels, Belgium; Hong Kong and Shanghai, China; and Mexico City, Mexico. Information we collect may be processed in any of these offices but hosted on our service providers’ cloud servers on our behalf in the United States. However, we will always protect your information in accordance with this privacy policy wherever processed. In all cases, any transfer of your personal data will be compliant with applicable data protection laws.

With respect to European personal data, we have put in place appropriate safeguards to protect data (generally, either the Standard Contractual Clauses or the EU-US Privacy Shield) that comply with the law on cross-border data transfers. For more information on the appropriate safeguards in place, please contact us at the details above.

How We Store and Secure Your Information

To help protect the privacy of personal data you transmit through use of our Site and to ensure that your personal data is not subject to unauthorized access, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. We train our employees about the importance of confidentiality and maintaining the privacy and security of your information. Your personal data is stored on partner servers.

How long we hold your personal data for will vary and will depend principally on:

  • the purpose for which we are using your personal data – we will need to keep the personal data for as long as is necessary for the relevant purpose; and

  • legal obligations – laws or regulations may set a minimum period for which we have to keep your personal data.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

We will store your personal data, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the personal data is processed. We use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically and reasonably feasible to remove it. Otherwise, we will seek to delete your personal data within a reasonable timeframe upon request.

Links to Third-Party Websites

The Site contains links to and from the websites of our partners, sponsors, advertisers, affiliates, and other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Your Rights

Correction and Removal

If any of the personal data that we have about you is incorrect, or you wish to have personal data removed from our records, please fill out our Data Subject Access Request (DSAR) form. In Hong Kong, please submit a DAR form in the prescribed form (available from the website of the Office of the Privacy Commissioner for Personal Data) to InfoSec@IAAPA.org or send to us by post to Level 15, Zoroastrian Building, 101 Leighton Road, Causeway Bay, Hong Kong.​

Opting Out

Additionally, if you prefer not to receive marketing messages from us, please let us know by clicking on the unsubscribe link within any marketing message that you receive, or by contacting us using the contact details provided in the How to Contact Us section of this privacy policy. We will usually inform you before collecting your personal data if we intend to use your personal data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes. If you wish to opt out of the use of your data in this way, unsubscribe through the link in any marketing message or contact us via the information above. We strive to honor your wishes concerning your personal data, but you may continue to receive communications from us for a period of time.

Your European Rights

The European Union’s General Data Protection Regulation (GDPR) and other countries’ privacy laws provide certain rights for data subjects who reside in Europe. More information is available on the website of the United Kingdom’s Information Commissioner’s Office. Your European rights include:


-  Request access to your personal data. You may have the right to request access to any personal data we hold about you as well as related information, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making.

- Request correction of your personal data. You may have the right to obtain without undue delay the rectification of any inaccurate personal data we hold about you.

- Request erasure of your personal data. You may have the right to request that personal data held about you is deleted.

- Request restriction of processing your personal data. You may have the right to prevent or restrict processing of your personal data.

-  Request transfer of your personal data. You may have the right to request transfer of personal data directly to a third party where this is technically feasible.

​Where you believe that we have not complied with our obligations under this Privacy Policy or European data protection law, you have the right to make a complaint to an EU Data Protection Authority, such as the UK Information Commissioner’s Office.

Your Californian Rights


Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your personal data with third parties. If you reside in California and have provided your personal data to us, you may request information about our disclosures of certain categories of personal data to third parties for direct marketing purposes. To make such a request, please contact us using the contact details provided in the How to Contact Us section of this privacy policy.

Your Rights in Hong Kong


Hong Kong’s Personal Data (Privacy) Ordinance provides rights for data subjects in Hong Kong. More information is available on the website of the Privacy Commissioner for Personal Data, Hong Kong. Your rights in Hong Kong include the right to be informed by a data user whether it holds your personal data, the right to be provided with a copy of such data, and the right to obtain correction of any inaccurate personal data held about you.