ASCRL Membership Agreement
Section VII.
ASCRL Privacy Policy and ASCRL Statement of Compliance With General Data Protection Rules
You agree to ASCRL’s Privacy Policy and General Data Protection Rules.
You further expressly consent to ASCRL’s processing your personal data for the purposes of ASCRL’s compliance with and performance of the ASCRL Membership Agreement and ASCRL Mandate, for ASCRL’s use in the conduct of its present and future business, for ASCRL’s use for statistical, analytical, purposes in the course of ASCRL’s business and in support thereof, and for the purposes of performing services for you and other ASCRL Members.
You understand and agree that your consent is given for the use of your personal data for the foregoing purposes, and as stated in ASCRL’s Privacy Policy and Statement of Compliance With General Data Protection Rules, and for any other lawful purpose.
You further warrant and represent that you have read and agree to the ASCRL Privacy Policy and Statement of Compliance With General Data Protection Rules, which contains important information concerning your rights regarding your personal data.
The ASCRL Privacy Policy and Statement of Compliance With General Data Protection Rules may be changed or modified, consistent with law, by posting the change on the ASCRL website. Such change will become effective immediately when posted, and your explicit consent will be deemed to be given to the change at the time you access your membership account and or submit a claim, whichever is sooner.
ASCRL Privacy Policy and ASCRL Statement of Compliance With General Data Protection Rules
ASCRL’s legal name is the American Society for Collective Rights Licensing, Inc. ASCRL’s business address is 1050 30thStreet NW Washington, DC, 2007. ASCRL’s website is www.ASCRL.org. ASCRL is a controller of personal data and ASCRL determines the purposes and means of processing your personal data. ASCRL may also act as a processor of personal data. This privacy policy and statement of compliance with general data protection rules is designed to inform you about ASCRL’s handling of personal data and important rights you have regarding your personal data.
A. Your Personal Data.
Your personal data includes your membership registration information, membership registration identification materials that you provide, your email, financial information pertaining to how you have directed ASCRL to make payments to or for you, information concerning who you may designate as a payment agent, information concerning remuneration that may be or that has been distributed to you, tax information you provide to ASCRL, and other information that ASCRL collects that relates to you and that is identifiable with you. Please note that ASCRL does not collect data concerning racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometrical data, or health or sexual orientation data. ASCRL may also obtain personal data from organizations with whom ASCRL transacts business, including, for example, and not by way of limitation, reprographic rights organizations and collective management organizations, from whom ASCRL obtains funds in order to make reprographic remuneration distributions to members. ASCRL might also obtain personal data that concerns you from the International ISBN Agency or its affiliates, the International Organization for Standardization, publishers in whose works your authorship or copyrightable content is included, and from Internet or web-based platforms on which your work is published, as well as your legally appointed agents and representatives.
B. What We Do With Your Data.
ASCRL may process your personal data by performing certain operations with your data, including, for example, its inclusion in an ASCRL data base, and by ASCRL computer reporting and computer and non-computer analysis functions that occur on and off of the computer data base (such as the creation of financial reports, distribution histories, auditing, membership data reports, and other reports), and by other means that involve its collection, recording, organization, structuring, storage, adaptation or alteration, and or its retrieval, consultation, use, disclosure by transmission, dissemination, or by making it available, or by its alignment and or combination, or by its restriction, erasure or destruction.
ASCRL may also outsource the processing of ASCRL business office functions to third party processing firms that assist us with the processing of our business operations and financial transactions. ASCRL does not authorize these entities to use or disclose your personal data except where they may do so for the payment purposes that they are authorized to perform, and for the purposes of reporting directly to ASCRL. ASRL maintains a written confidentiality agreement with third party processing firms in which is included a condition that, at ASCRL’s request, they destroy certain data, including personal data if ASCRL requests the same.
Recipients of your data may include the International Federation of Reproduction Rights Organizations, other reprographic rights organizations, other collective management organizations, trade associations that conduct or may conduct business with ASCRL, tax authorities such as the Internal Revenue Service, foreign tax authorities, state escheat authorities, banks and depository institutions. Some or all of these entities may not be the subject of an adequacy decision concerning the suitability of safeguards for the protection of data when transfer occurs. When transfer is made to an international organization or third country, ASCRL employscontractual clauses between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organization that concern the handling of personal data. Where applicable, these clauses are posted on the ASCRL website under the heading “Data Transfer Agreement Restrictions.” ASCRL directors and employees may also have access to personal data for the purposes of performing the job functions.
Your personal data is not intended by ASCRL to be used for purposes that are not related to ASCRL’s business. Although various entities and people may have access to personal data in the course of ASCRL’s business, each entity’s and person’s access to personal data is typically restricted to the personal data each respectively needs in order to perform their designated functions for ASCRL, or to conduct their designated business with ASCRL, and accordingly each will not likely have, or be permitted access to, all of your personal data because it will not be needed for their particular function or for the conduct of their particular business.
C. Why Do We Collect Your Data?
We collect data for the following purposes and for the following legal reasons:
To perform ASCRL’s business.
To contract for funds with sister reprographic rights organizations and collective management organizations.
To comply with obligations that we have to sister reprographic rights organizations and collective management organizations.
To collect, to administer, and to distribute funds for reprographic rights for you and for other ASCRL memberts.
To perform obligations and to exercise rights under the ASCRL Membership Agreement and Mandate.
To report on and to administer the activities of ASCRL as an organization.
To prepare reports and data concerning the ASCRL’s members and constituents in order to properly represent the scope and consistency of the constituency, and to share the reports and data with other organizations that may find this information useful or necessary for the purposes of their business relationships with ASCRL.
To identify open claims periods, to notify ASCRL members or possible members of their eligibility for claims, and the status of the claims, and to manage claims.
To administer ASCRL member accounts and to enforce the ASCRL Membership Agreement and Mandate.
To perform bank business, including the collection, transmittal, and adjustments of deposits, and to audit accounts.
To detect and to prevent fraudulent or improper activity and to foster compliance with the ASCRL Membership Agreement and Mandate
To process payments through third party processing firms, and banks, and fund depositories.
To comply with our legal obligations and to comply with tax laws and other laws.
To conduct the business of ASCRL and to do things that are ordinary, necessary, desirable, or ancillary for or to the purposes of conducting that business.
To understand and to explain ASCRL operations, and their history, for statistical and archival purposes, and to enable ASCRL to determine how ASCRL can best perform its functions for the benefit of ASCRL members.
D. How Long Do We Keep Your Personal Data?
ASCRL retains your personal data while you are a member of ASCRL. ASCRL also retains your data during any open claims period for which you have submitted a claim. If you terminate your ASCRL membership, ASCRL retains your data for the purposes of making adjustments to your claims, and for any period for which ASCRL provides an indemnity or has a legal obligation to any sister collecting societies concerning your claims. ASCRL retains your data for the period of time during which ASCRL has a reporting obligation to any sister society, and for any period of time for which ASCRL might be required to retain data by the Internal Revenue Service or state tax authorities. After you terminate your membership, ASCRL will retain your data for the purposes of developing historical reports, and for statistical and analytical purposes, for use by ASCRL in performing its business. In light of the foregoing, ASCRL will not ordinarily destroy your personal data because it is retained for analytical, statistical, and historical reference in order for ASCRL to conduct business, but your personal data may be destroyed when according to these criterion, the personal data is no longer needed and it may be destroyed as soon as ASCRL determines that it is not longer needed.
E. Your Agreement Concerning the Use of Your Personal Data
By executing the ASCRL Membership Agreement, and Mandate, you agree to ASCRL’s control of and processing of your personal data when or because: 1) it is necessary for the performance of a contract to which you are a party, including, without limitation the ASCRL Membership agreement and Mandate, 2) in order to take steps at your request prior to entering into a contract and because it is necessary for our compliance with a contract and legal obligations ASCRL has to you or others, 3) because it is necessary for ASCRL and sister organizations to exercise authority that you have provided, and / or 4) because ASCRL and you agree that ASCRL will use your data, and that it will continue to be necessary for ASCRL to use your data, to conduct ASCRL’s business now, and in the future. You agree and explicitly consent to ASCRL’s use of your personal data in all manner that is consistent with the ASCRL Membership Agreement and the ASCRL Mandate and that ASCRL has a compelling and ongoing need to analyze and process your data and to share the data with the third parties with whom ASCRL share data in order to continue ASCRL’s future operations. You also agree that ASCRL may use your data in any manner permitted by applicable General Data Protection Regulations as may be in force and effect even if this ASCRL Membership Agreement may impose restrictions on the use of your data that are greater than those imposed by applicable General Data Protection Regulations in force and effect at any given time.
F. Your Rights Concerning your Data.
You have important rights concerning your personal data:
You may withdraw your consent as to processing of personal data after withdrawal is given without affecting the lawfulness of processing based on consent before the withdrawal of consent is provided. You agree that you will withdraw consent by notifying ASCRL in writing by email to : GDPRConsent@ASCRL.Org.
You have the right to be informed regarding ASCRL’s collection and use of your personal data. Please refer to ASCRL’s GDPR policies, as set forth in this ASCRL Membership Agreement for this information.
You have the right to obtain a copy of your personal data. Personal data is accessible to you on your ASCRL dashboard. You may request data that is not accessible on your dashboard, or when your dashboard is disabled, and the information will be provided to you without charge, or with a reasonable administrative charge if the request for information is unfounded, repetitive, or excessive. Please contact the ASCRL Data Protection Officer with your request. Their information appears on the ASCRL website www.ascrl.org.
You have the right to the rectification of any personal data ASCRL holds about you that is inaccurate or incomplete. You should notify the ASCRL Data Protection Officer concerning corrections to personal data.
You have the right to be forgotten and to ask ASCRL to delete any personal data that ASCRL holds about you when a) the personal data is not necessary relative to the purpose for which it was collected or processed, b) you withdraw the consent upon which the processing was based and ASCRL does not have any other legal ground for the processing of the data, c) you object to the processing of the data and there is no overriding interest for ASCRL to continue the processing of the data, d) your data was unlawfully processed, or e) your personal data must be erased in order to comply with a legal obligation. If there are specific legal reasons ASCRL cannot comply with your request, ASCRL will notify you of those reasons, and why your data cannot be erased.
You have the right to restrict the processing of your personal data when a) you contest its accuracy, b) you have objected to ASCRL’s processing of the personal data and ASCRL’s legitimate interests in process the data have not been resolved, c) the processing is unlawful but you do not want the data erased, and / or d) ASCRL no longer requires your personal data but you need it in connection with a legal claim.
You may object to the processing of your personal data where ASCRL does not have a compelling legitimate ground for the processing that overrides your interests, rights and freedoms, or the processing is not necessary for a legal claim.
You have the right to object o ASCRL’s use of data for particular purposes.
Please note that while you have right to withdraw consent to the use of your personal data at any time (without affecting the lawfulness of processing based on consent before withdrawal of consent was provided), and can request restriction to or object to the processing of your data, you do not have a right of erasure or restriction of personal data you have provided to ASCRL for ASCRL’s use for lawful purposes or for the performance of contracts with you or that you have authorized, and may not object to processing where ASCRL has a compelling legitimate ground for the processing that overrides your interests, rights, and freedoms or the processing is necessary for a legal claim.
Please note that your provision of your data to ASCRL is a requirement of your agreement with ASCRL and may be required for ASCRL’s transaction of business, and / or its compliance with third party agreements including, for example and not by way of limitation, agreements to obtain funds from sister societies, agreements to process payments to you through third party processors, agreements with banks or depositories to credit your account, to perform agreements with other ASCRL Members, and for other legal purposes.
G. How Do We Protect Your Data?
ASCRL’s website uses SSL certificates to protect your data. ASCRL’s third party processors also use technical safeguards to protect your data. By agreement between ASCRL and its payment processing firm, the firm is required to implement an information security program that is reasonably designed to provide for the security, confidentiality, integrity and availability of membership and claimant information, service usage, financial data, which at a minimum includes risk assessment and controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) asset classification and control (v) incident response, physical and environmental security (vi) disaster recovery, and business continuity, and (vii) employee training. Further, the contractor must take prompt corrective measures in the event of a security breach and immediately notify ASCRL of the naute of the breach and corrective and cure measures taken.
H. What Happens If There is a Data Breach?
ASCRL will post notice of data breach on the ASCRL website within 72 hours of learning of a data breach.
I. Changes To The ASCRL Privacy Policy and General Data Protection Rules.
The ASCRL Privacy Policy and General Data Protection Rules may be modified in accordance with law and as provided for in the ASCRL Membership Agreement. Changes will be posted on the ASCRL website.
Section VII.
ASCRL Privacy Policy and ASCRL Statement of Compliance With General Data Protection Rules
You agree to ASCRL’s Privacy Policy and General Data Protection Rules.
You further expressly consent to ASCRL’s processing your personal data for the purposes of ASCRL’s compliance with and performance of the ASCRL Membership Agreement and ASCRL Mandate, for ASCRL’s use in the conduct of its present and future business, for ASCRL’s use for statistical, analytical, purposes in the course of ASCRL’s business and in support thereof, and for the purposes of performing services for you and other ASCRL Members.
You understand and agree that your consent is given for the use of your personal data for the foregoing purposes, and as stated in ASCRL’s Privacy Policy and Statement of Compliance With General Data Protection Rules, and for any other lawful purpose.
You further warrant and represent that you have read and agree to the ASCRL Privacy Policy and Statement of Compliance With General Data Protection Rules, which contains important information concerning your rights regarding your personal data.
The ASCRL Privacy Policy and Statement of Compliance With General Data Protection Rules may be changed or modified, consistent with law, by posting the change on the ASCRL website. Such change will become effective immediately when posted, and your explicit consent will be deemed to be given to the change at the time you access your membership account and or submit a claim, whichever is sooner.
ASCRL Privacy Policy and ASCRL Statement of Compliance With General Data Protection Rules
ASCRL’s legal name is the American Society for Collective Rights Licensing, Inc. ASCRL’s business address is 1050 30thStreet NW Washington, DC, 2007. ASCRL’s website is www.ASCRL.org. ASCRL is a controller of personal data and ASCRL determines the purposes and means of processing your personal data. ASCRL may also act as a processor of personal data. This privacy policy and statement of compliance with general data protection rules is designed to inform you about ASCRL’s handling of personal data and important rights you have regarding your personal data.
A. Your Personal Data.
Your personal data includes your membership registration information, membership registration identification materials that you provide, your email, financial information pertaining to how you have directed ASCRL to make payments to or for you, information concerning who you may designate as a payment agent, information concerning remuneration that may be or that has been distributed to you, tax information you provide to ASCRL, and other information that ASCRL collects that relates to you and that is identifiable with you. Please note that ASCRL does not collect data concerning racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometrical data, or health or sexual orientation data. ASCRL may also obtain personal data from organizations with whom ASCRL transacts business, including, for example, and not by way of limitation, reprographic rights organizations and collective management organizations, from whom ASCRL obtains funds in order to make reprographic remuneration distributions to members. ASCRL might also obtain personal data that concerns you from the International ISBN Agency or its affiliates, the International Organization for Standardization, publishers in whose works your authorship or copyrightable content is included, and from Internet or web-based platforms on which your work is published, as well as your legally appointed agents and representatives.
B. What We Do With Your Data.
ASCRL may process your personal data by performing certain operations with your data, including, for example, its inclusion in an ASCRL data base, and by ASCRL computer reporting and computer and non-computer analysis functions that occur on and off of the computer data base (such as the creation of financial reports, distribution histories, auditing, membership data reports, and other reports), and by other means that involve its collection, recording, organization, structuring, storage, adaptation or alteration, and or its retrieval, consultation, use, disclosure by transmission, dissemination, or by making it available, or by its alignment and or combination, or by its restriction, erasure or destruction.
ASCRL may also outsource the processing of ASCRL business office functions to third party processing firms that assist us with the processing of our business operations and financial transactions. ASCRL does not authorize these entities to use or disclose your personal data except where they may do so for the payment purposes that they are authorized to perform, and for the purposes of reporting directly to ASCRL. ASRL maintains a written confidentiality agreement with third party processing firms in which is included a condition that, at ASCRL’s request, they destroy certain data, including personal data if ASCRL requests the same.
Recipients of your data may include the International Federation of Reproduction Rights Organizations, other reprographic rights organizations, other collective management organizations, trade associations that conduct or may conduct business with ASCRL, tax authorities such as the Internal Revenue Service, foreign tax authorities, state escheat authorities, banks and depository institutions. Some or all of these entities may not be the subject of an adequacy decision concerning the suitability of safeguards for the protection of data when transfer occurs. When transfer is made to an international organization or third country, ASCRL employscontractual clauses between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organization that concern the handling of personal data. Where applicable, these clauses are posted on the ASCRL website under the heading “Data Transfer Agreement Restrictions.” ASCRL directors and employees may also have access to personal data for the purposes of performing the job functions.
Your personal data is not intended by ASCRL to be used for purposes that are not related to ASCRL’s business. Although various entities and people may have access to personal data in the course of ASCRL’s business, each entity’s and person’s access to personal data is typically restricted to the personal data each respectively needs in order to perform their designated functions for ASCRL, or to conduct their designated business with ASCRL, and accordingly each will not likely have, or be permitted access to, all of your personal data because it will not be needed for their particular function or for the conduct of their particular business.
C. Why Do We Collect Your Data?
We collect data for the following purposes and for the following legal reasons:
To perform ASCRL’s business.
To contract for funds with sister reprographic rights organizations and collective management organizations.
To comply with obligations that we have to sister reprographic rights organizations and collective management organizations.
To collect, to administer, and to distribute funds for reprographic rights for you and for other ASCRL memberts.
To perform obligations and to exercise rights under the ASCRL Membership Agreement and Mandate.
To report on and to administer the activities of ASCRL as an organization.
To prepare reports and data concerning the ASCRL’s members and constituents in order to properly represent the scope and consistency of the constituency, and to share the reports and data with other organizations that may find this information useful or necessary for the purposes of their business relationships with ASCRL.
To identify open claims periods, to notify ASCRL members or possible members of their eligibility for claims, and the status of the claims, and to manage claims.
To administer ASCRL member accounts and to enforce the ASCRL Membership Agreement and Mandate.
To perform bank business, including the collection, transmittal, and adjustments of deposits, and to audit accounts.
To detect and to prevent fraudulent or improper activity and to foster compliance with the ASCRL Membership Agreement and Mandate
To process payments through third party processing firms, and banks, and fund depositories.
To comply with our legal obligations and to comply with tax laws and other laws.
To conduct the business of ASCRL and to do things that are ordinary, necessary, desirable, or ancillary for or to the purposes of conducting that business.
To understand and to explain ASCRL operations, and their history, for statistical and archival purposes, and to enable ASCRL to determine how ASCRL can best perform its functions for the benefit of ASCRL members.
D. How Long Do We Keep Your Personal Data?
ASCRL retains your personal data while you are a member of ASCRL. ASCRL also retains your data during any open claims period for which you have submitted a claim. If you terminate your ASCRL membership, ASCRL retains your data for the purposes of making adjustments to your claims, and for any period for which ASCRL provides an indemnity or has a legal obligation to any sister collecting societies concerning your claims. ASCRL retains your data for the period of time during which ASCRL has a reporting obligation to any sister society, and for any period of time for which ASCRL might be required to retain data by the Internal Revenue Service or state tax authorities. After you terminate your membership, ASCRL will retain your data for the purposes of developing historical reports, and for statistical and analytical purposes, for use by ASCRL in performing its business. In light of the foregoing, ASCRL will not ordinarily destroy your personal data because it is retained for analytical, statistical, and historical reference in order for ASCRL to conduct business, but your personal data may be destroyed when according to these criterion, the personal data is no longer needed and it may be destroyed as soon as ASCRL determines that it is not longer needed.
E. Your Agreement Concerning the Use of Your Personal Data
By executing the ASCRL Membership Agreement, and Mandate, you agree to ASCRL’s control of and processing of your personal data when or because: 1) it is necessary for the performance of a contract to which you are a party, including, without limitation the ASCRL Membership agreement and Mandate, 2) in order to take steps at your request prior to entering into a contract and because it is necessary for our compliance with a contract and legal obligations ASCRL has to you or others, 3) because it is necessary for ASCRL and sister organizations to exercise authority that you have provided, and / or 4) because ASCRL and you agree that ASCRL will use your data, and that it will continue to be necessary for ASCRL to use your data, to conduct ASCRL’s business now, and in the future. You agree and explicitly consent to ASCRL’s use of your personal data in all manner that is consistent with the ASCRL Membership Agreement and the ASCRL Mandate and that ASCRL has a compelling and ongoing need to analyze and process your data and to share the data with the third parties with whom ASCRL share data in order to continue ASCRL’s future operations. You also agree that ASCRL may use your data in any manner permitted by applicable General Data Protection Regulations as may be in force and effect even if this ASCRL Membership Agreement may impose restrictions on the use of your data that are greater than those imposed by applicable General Data Protection Regulations in force and effect at any given time.
F. Your Rights Concerning your Data.
You have important rights concerning your personal data:
You may withdraw your consent as to processing of personal data after withdrawal is given without affecting the lawfulness of processing based on consent before the withdrawal of consent is provided. You agree that you will withdraw consent by notifying ASCRL in writing by email to : GDPRConsent@ASCRL.Org.
You have the right to be informed regarding ASCRL’s collection and use of your personal data. Please refer to ASCRL’s GDPR policies, as set forth in this ASCRL Membership Agreement for this information.
You have the right to obtain a copy of your personal data. Personal data is accessible to you on your ASCRL dashboard. You may request data that is not accessible on your dashboard, or when your dashboard is disabled, and the information will be provided to you without charge, or with a reasonable administrative charge if the request for information is unfounded, repetitive, or excessive. Please contact the ASCRL Data Protection Officer with your request. Their information appears on the ASCRL website www.ascrl.org.
You have the right to the rectification of any personal data ASCRL holds about you that is inaccurate or incomplete. You should notify the ASCRL Data Protection Officer concerning corrections to personal data.
You have the right to be forgotten and to ask ASCRL to delete any personal data that ASCRL holds about you when a) the personal data is not necessary relative to the purpose for which it was collected or processed, b) you withdraw the consent upon which the processing was based and ASCRL does not have any other legal ground for the processing of the data, c) you object to the processing of the data and there is no overriding interest for ASCRL to continue the processing of the data, d) your data was unlawfully processed, or e) your personal data must be erased in order to comply with a legal obligation. If there are specific legal reasons ASCRL cannot comply with your request, ASCRL will notify you of those reasons, and why your data cannot be erased.
You have the right to restrict the processing of your personal data when a) you contest its accuracy, b) you have objected to ASCRL’s processing of the personal data and ASCRL’s legitimate interests in process the data have not been resolved, c) the processing is unlawful but you do not want the data erased, and / or d) ASCRL no longer requires your personal data but you need it in connection with a legal claim.
You may object to the processing of your personal data where ASCRL does not have a compelling legitimate ground for the processing that overrides your interests, rights and freedoms, or the processing is not necessary for a legal claim.
You have the right to object o ASCRL’s use of data for particular purposes.
Please note that while you have right to withdraw consent to the use of your personal data at any time (without affecting the lawfulness of processing based on consent before withdrawal of consent was provided), and can request restriction to or object to the processing of your data, you do not have a right of erasure or restriction of personal data you have provided to ASCRL for ASCRL’s use for lawful purposes or for the performance of contracts with you or that you have authorized, and may not object to processing where ASCRL has a compelling legitimate ground for the processing that overrides your interests, rights, and freedoms or the processing is necessary for a legal claim.
Please note that your provision of your data to ASCRL is a requirement of your agreement with ASCRL and may be required for ASCRL’s transaction of business, and / or its compliance with third party agreements including, for example and not by way of limitation, agreements to obtain funds from sister societies, agreements to process payments to you through third party processors, agreements with banks or depositories to credit your account, to perform agreements with other ASCRL Members, and for other legal purposes.
G. How Do We Protect Your Data?
ASCRL’s website uses SSL certificates to protect your data. ASCRL’s third party processors also use technical safeguards to protect your data. By agreement between ASCRL and its payment processing firm, the firm is required to implement an information security program that is reasonably designed to provide for the security, confidentiality, integrity and availability of membership and claimant information, service usage, financial data, which at a minimum includes risk assessment and controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) asset classification and control (v) incident response, physical and environmental security (vi) disaster recovery, and business continuity, and (vii) employee training. Further, the contractor must take prompt corrective measures in the event of a security breach and immediately notify ASCRL of the naute of the breach and corrective and cure measures taken.
H. What Happens If There is a Data Breach?
ASCRL will post notice of data breach on the ASCRL website within 72 hours of learning of a data breach.
I. Changes To The ASCRL Privacy Policy and General Data Protection Rules.
The ASCRL Privacy Policy and General Data Protection Rules may be modified in accordance with law and as provided for in the ASCRL Membership Agreement. Changes will be posted on the ASCRL website.
