Privacy and Data Use Policy

Your member information is collected by the SAA in order to e-mail you copies of the bi-annual Bulletin; to maintain aggregate data on current and historical membership trends; and to communicate with you regarding your membership.  This information will not be shared with third parties.

The information you provide as part of your Membership Application or Renewal (name, e-mail address, websites, institutional affiliation, academic rank, and student status and advisor information for graduate students) may be shared with members of the Board of Trustees, staff and other parties internal to the organization for maintaining aggregate demographic information about the SAA membership; to compile its Annual Report; and to provide better services and tailored benefits to our members.

Information included on your Member Profile page (name, e-mail address, institutional affiliation, websites, past participation in SAA conferences, descriptions of projects emerging from conference participation) will be visible to fellow members only with current login information. This information may be used by the SAA, its Board of Trustees, staff, and other parties internal to the organization for maintaining aggregate demographic information about the SAA membership; to compile its Annual Report; and to provide better services and tailored benefits to our members.

Completion of all requested information is optional.

Membership data will be held for a maximum of six (6) years. Members may remove information about themselves from the website at any time by contacting the SAA staff.

In case of data breach:

The procedures below will be followed by the SAA in the unlikely case of a data breach.

During a data breach, the following procedure should be followed to communicate with the SAA Executive Director (“Controller”) and Board of Trustees:

  • Inform the Board of Trustees and Executive Director about the data breach within seventy-two (72) hours.
  • Provide the contact details of all responsible parties.
  • Document all the facts related to the data breach and make them available for inspection by the Controller.
  • Notifications should include the following information. If not all data is available initially, it can be shared as it becomes available: nature of the data breach; categories of the data breach; approximate number of individual affected; approximate number of data records affected; consequences of the data breach; proposed measures to mitigate the data breach.
  • Individuals affected by a data breach should be contacted without delay, in clear and plain language.

Data Processors:

All Data Processors (entities other than the SAA who have access to member information) have been invited to establish their compliance with GDPR. The SAA will not use any Data Processor that does not respond satisfactorily or that is discovered to be noncompliant with GDPR practices.

Adopted May 2018