Privacy Policy
The Asphalt Institute is committed to protecting your personal data and your right to privacy. Our Privacy Policy describes the collection and processing of personal data by us as well as an overview of the rights which you have in relation to your personal data. It applies to information which you may provide directly to us or through third parties.
Our policy is to be as transparent as possible about how and why we process your personal data.
However, should you have any questions please contact us at either privacy@asphaltinstitute.org or by writing to us at:
Asphalt Institite Inc., Attn: IT Manager, 2696 Research Park Dr., Lexington, KY 40511 .
Our Privacy Policy is set out in the following sections:
- Part 1 – Who We Are
- Part 2 – Information We May Collect and How We Use It
- Part 3 – How We Keep Your Personal Data Secure
- Part 4 – Deleting Your Personal Data
- Part 5 – Your Rights
- Part 6 – Updating This Policy
PART 1 – WHO WE ARE
1. Asphalt Institute
“Asphalt Institute” (and “we”, “us”, or “our”) refers to Asphalt Institute, Inc., a Kentucky non-profit corporation sometimes doing business as R18LABQMS at:2696 RESEARCH PARK DRIVE LEXINGTON, KENTUCKY 40511 USA, and Asphalt Institute Foundation, Inc., a Kentucky non-profit corporation at: 2696 RESEARCH PARK DRIVE LEXINGTON, KENTUCKY 40511 USA.
Each is a separate legal entity and a separate controller for personal data.
Our Privacy Policy applies to each of the Asphalt Institute entities and applies to our websites:
- “http://www.asphaltinstitute.org,”
- “http://www.asphaltfoundation.org,”
- “www.r18labqms.com,”
- and “asphaltmagazine.com,”
- our “R18labQMS®” software,
- and any other current or future website, software or application owned or managed by us (individually, collectively and in any combination referred to as the “Services”).
2. Contact us
Should you have any questions please contact us at either privacy@asphaltinstitute.org or by writing to us at:ASPHALT INSTITUTE INC. ATTN: IT MANAGER 2696 RESEARCH PARK DRIVE LEXINGTON, KENTUCKY 40511 USA.
PART 2 – INFORMATION WE MAY COLLECT AND HOW WE USE IT
1. Collecting Your Personal Data
We use different methods for collecting your personal data including:
- Direct interactions. We collect information from you when you register on our Services, place an order, subscribe to our newsletter or magazine, respond to a survey or marketing communication, fill out a form or enter information on our Services;
- Automated technologies. As you interact with our Services, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies. This activity is carried out in accordance with our Cookies Policy set out in Part 2 Section 10 of this Privacy Policy; and
- Third party or publicly available sources. We may receive personal data about you from various third parties and public sources (such as LinkedIn).
2. How We Use Your Personal Data
Personal data, or personally identifiable information, means any information where an individual can be identified (or is identifiable). We will only use your personal data when applicable law allows us to do so.
Most commonly, we will use your personal data for either:
- (i) the performance of a contract we are about to enter or have entered into with you;
- (ii) for our legitimate interests (or those of a third party) provided always that your interests do not override our interests (please notify us if you believe we have not assessed this correctly in relation to your own personal data);
- (iii) where we need to comply with a legal or regulatory obligation; or
- (iv) where you have consented to our collection and use.
We may use the information we collect from you in the following ways:
- To personalize the experience of users of our Services and to allow us to deliver the type of content and product offerings in which you are most interested;
- To improve our Services in order to better serve you;
- To allow us to better service you in responding to your customer service requests;
- To administer a contest, promotion, survey or other site feature;
- To quickly process your transactions;
- To ask for ratings and reviews of services or products; and
- To follow up with you after correspondence from you (live chat, email or phone inquiries).
Set out below are the principal categories of occasions where we may collect and process personal data. Please note that these categories are for ease of reference and you may fall into one or more such categories.
Customers
| Purpose for which we collect personal data | Type of personal data collected |
|---|---|
| To register you as a new customer: | Contact details (to the extent provided – name, title/position, email address, phone number, home address, and business address for each customer)Financial data (billing information (to the extent it relates to a personal account) and credit card (to the extent personal credit cards are used)) |
| To administer new users: | Contact details (to the extent provided – name, location, email address, home address, business address, birthdate, age, and names, ages, and birthdates of family members of each user) |
| General account management, including:provision of services to you;managing payments, fees and charges;collection and recovery of money owed to us;notifying you of changes to our services, terms or other important announcements; andservice updates. | Call detail records (name of users (if provided), time, date and duration of call, project name (if any))Call recordings (if so requested and approved)Contact details (to the extent provided – name, title/position, email address, phone number, home address, and business address for each customer)Contact details (to the extent provided – name, location, email address, home address, business address, birthdate, age, and names, ages, and birthdates of family members of each user)User profiles |
| Troubleshooting / customer support: | Contact details (to the extent provided – name, title/position, email address, phone number, home address, and business address for each customer)Contact details (to the extent provided – name, location, email address, home address, business address, birthdate, age, and names, ages, and birthdates of family members of each user)In limited instances we may be required to ‘ping’ an account to monitor and act against fraudulent useTechnical data such as IP address, browser type and version, time zone setting, browser plug-in types and versions, operating systems and platform and other technology on the devises which you use to access our services |
Users of R18labQMS®
| Purpose for which we collect personal data | Type of personal data collected |
|---|---|
| To grant access to R18labQMS: | Contact details (to the extent provided – name and phone number; user name; password)Call recordings (if so requested and approved) |
| Collation of feedback: | Contact details (to the extent provided) |
Prospective Customers and Website Users
| Purpose for which we collect personal data | Type of personal data collected |
|---|---|
| ‘Tell a Friend’ (or similar): | Contact details (name, title/position, email address, phone number and address) |
| ‘Request a Trial’ (or similar): | Contact details (name, title/position, email address, phone number and address) |
| Providing access to our Services: | Cookies (as per our Cookies Policy set out in Part 2 Section 10 of this Policy) |
| Prospecting and marketing (providing information about our services): | Contact details (name, title/position, email address, phone number and address) |
| Operation of prizes or competition: | As set out in the specific terms and condition, however, will require contact details (name, title/position, email address, phone number and address) |
Visitors to Our Offices or to Our Conferences and Events
| Purpose for which we collect personal data | Type of personal data collected |
|---|---|
| Monitoring attendance at our offices: | Contact details (name, email address and person visiting)CCTV (where applicable) |
| Monitoring attendance at conferences and events: | Contact details (name, title/position, email address, phone number and address) |
Suppliers
| Purpose for which we collect personal data | Type of personal data collected |
|---|---|
| Receipt of services: | Contact details (to the extent provided – name, title/position, email address, phone number, home address, and business address for each customer)Financial data (corporate billing information – to the extent it relates to a personal account) |
Others Who Get in Touch With Us
| Purpose for which we collect personal data | Type of personal data collected |
|---|---|
| Responding to communication: | Contact details (to the extent provided – such as name, email address, phone number and address)Such other information you wish to provide |
3. Unsubscribing
Where we are processing your personal data based on consent or pursuant to our legitimate interests (and where you feel your interests should override ours), you have the right to withdraw such consent or object to our use of legitimate interests as a ground for processing your personal data at any time or notify us. To do so, simply:
- (i) opt out or unsubscribe (using our preference center or the unsubscribe link to emails);
- (ii) notify your Asphalt Institute point of contact; or
- (iii) contact us at privacy@asphaltinstitute.org.
Please allow us a short time to process such requests.
In some instances, where we collect personal data by law or pursuant to the terms of a contract we have with you if you fail to provide such data when requested we may not be able to fully perform our contract with you. In such an instance we will endeavor to let you know the consequence.
4. Sensitive Personal Data
Please note that we will not actively collect any ‘sensitive personal data’ or special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data), except for medical information voluntarily provided by you for emergency situations.
Our Services are not intended for children and we do not require submitting data relating to children. However, in some instances we may collect the names, ages, or birthdates of your spouse and children that you voluntarily provide, but we will not contact them without your consent.
As a user of our services, you may choose to transmit sensitive personal data or data relating to children over our service. If you do so, you:
- (i) must have appropriate authority to do so;
- (ii) acknowledge that we do not monitor or review consent transmitted over our services; and
- (iii) acknowledge that such personal data will be treated in accordance with this privacy policy.
5. Keeping Your Personal Data Up-To-Date
It is important that the personal data that we hold on you is kept accurate and up to date. Therefore, please keep us informed if your personal data changes during your relationship with us.
6. Sharing Your Personal Data
We will only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data and to comply with our data protection, confidentiality and security standards.
We have members and customers globally. As a result, personal data may be transferred outside the countries where our members and customers are located. This includes to countries outside the European Economic Union (“EEA”) and to countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the requirements for the transfer of personal data outside the EEA, such as the European Commission approved Standard Contractual Clauses.
Specifically, personal data held by us may be transferred to:
- Other Asphalt Institute Entities. We may share personal data with other Asphalt Institute entities where necessary for administrative purposes and to provide our services (and customer support) to our customers.
- Third party organizations that provide applications/functionality, data processing or IT services to us. We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software-as-a-service providers, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them.
- Third party organizations that otherwise assist us in providing goods, services or information. For example credit agencies, our share registrars, recruiters or such other ancillary service provider or service providers to which we may resell certain services (such as operator assisted event calls).
- Auditors and other professional advisers. Such as our accountants, lawyers, brokers and such other professional service providers.
- Law enforcement or other government and regulatory agencies. Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfill requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
7. Third Party Links
Our Services may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements.
8. Do Not Track Signals and Third-Party Behavioral Tracking
We honor “do not track” signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. We do not allow third-party behavioral tracking.
9. California Privacy Notice
According to CalOPPA we agree to the following:
Users can visit our site anonymously.
Our Privacy Policy link includes the word ‘Privacy’ and can be easily found on the website footer.
Users will be notified of any privacy policy changes:
- On our Privacy Policy Page
Users are able to change their personal information:
- By emailing us;
- By calling us; or
- By logging in to their account.
10. Cookie Policy
We use cookies to:
- Help remember and process the items in the shopping cart;
- Understand and save user’s preferences for future visits;
- Keep track of advertisements; and
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
- We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you turn cookies off or outwise disable cookies in your browser, some features will be disabled. It will turn off some of the features that make your site experience more efficient and some of our services will not function properly. However, you can still place orders over the telephone.
PART 3 – HOW WE KEEP YOUR PERSONAL DATA SECURE
1. Data Security
We take the security of all the personal data we hold very seriously. We adhere to internationally recognized security standards and we have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the personal data we hold secure.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
PART 4 – DELETING YOUR PERSONAL DATA
1. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
Our default retention periods for customer records are:
- (i) call detail records will be retained for approximately 12 months from the date of the call;
- (ii) call recordings will be available for 60 days then deleted around 90 days thereafter (subject to purge rules and timings); and
- (iii) basic information about our customers for six years after ceasing being customers (for tax and regulatory reasons).
2. Deletion
All personal data will be deleted or erased in a secure and confidential manner.
PART 5 – KNOW YOUR RIGHTS
1. Your Rights
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
2. Access to Personal Data
You have a right to access your personal data (“data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
To make a request, you need to put the request in writing at the address provided above. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by contacting us.
3. Amendment of Personal Data
To update personal data submitted to us, you may email us at privacy@asphaltinstitute.org or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
4. Withdrawal of Consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at privacy@asphaltinstitute.org or, to stop receiving an email from our marketing list, please click on the unsubscribe link in the relevant email received from us.
5. Object to Processing
You may object to our processing of your personal data where we are relying upon a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
6. Transfer Requests
You may request the transfer of your personal data to you or a third party. We will provide you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
7. Request Erasure
You may request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continuing to process it.
8. Request Restriction on Processing
You may request the restriction of processing of your personal data by us. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- (i) if you want us to establish the personal data’s accuracy;
- (ii) where our use of the personal data is unlawful but you do not want us to erase it;
- (iii) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- (iv) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate interest grounds to use it.
9. Complaints
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to privacy@asphaltinstitute.org. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. We would, however, appreciate the chance to deal with your concerns before you approach the appropriate regulator. For further information on your rights and how to complain to your local data protection regulator, please contact us or refer to the local data protection regulator’s website.
Our Privacy Policy was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address above.
PART 6 – UPDATING THIS POLICY
1. Status
We recognize that transparency is an ongoing responsibility so we will keep our Privacy Policy under regular review. By visiting our Services and using our services your personal data will be processed in accordance with the then-current version of this Policy.
Our Privacy Policy was last updated on June 1, 2018.
