StateRAMP is a 501(c)(6), standards and educational organization, with a membership component for Cloud Service Providers, 3PAOs, Consultants, and Government organizations, as well as individual government employees. We do not knowingly attempt to solicit or receive information from minors.
StateRAMP’s full legal name, address, and phone is:
StateRAMP Inc
9800 Crosspoint Blvd.
Indianapolis, IN 46256
+1 216-230-8531
This Privacy Notice describes StateRAMP’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies; we encourage you to periodically review this Notice to be informed of how StateRAMP is protecting your information. If you have any questions about this Privacy Notice or StateRAMP’s data handling practices, please contact privacy@stateramp.org.
StateRAMP collects personal information about its members and other customers. StateRAMP may collect the following information:
We use this information to provide members and customers with member benefits, as well as any goods and services they purchase from us. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of StateRAMP’s services.
Most StateRAMP members provide their personal information directly to us. In some cases, StateRAMP receives personal information about individuals from third parties. This may happen, for example, if your employer is a member of StateRAMP and signs you up for membership or continuous monitoring access. Your name may be given to StateRAMP if you accept an invitation to speak at one of our meetings or events. We may also collect your personal data from a third-party website (e.g. LinkedIn) if you fill out a form on that site requesting content from or registering for an event with StateRAMP. You may always access and update your data with StateRAMP if you have a StateRAMP account and you may always contact us at privacy@stateramp.org.
Membership
When you become a StateRAMP member, we collect information about you including but not limited to your name, your employer’s name, your work address, and your email address.
We may also collect your personal email address, a personal mailing address, and a mobile phone number. We allow members to voluntarily provide additional information in their membership profile, such as information about their educational background and related personal data. Member information, including membership status, shall be part of the StateRAMP Member Director, which is available to other StateRAMP members in the Members Only section of the StateRAMP website. If you wish to have your data removed from the Member Director, you must affirmatively opt-out by emailing privacy@stateramp.org.
We process your personal information for membership administration, to deliver member benefits to you, and to inform you of StateRAMP-related events, content, and other benefits or opportunities associated with your StateRAMP membership. We may also use this information to help us understand our members’ needs and interests to better tailor our products and services to meet your needs.
Live Events
StateRAMP hosts live, in-person events throughout the year. If you register for one of our events and you are a member, we will access the information in your member account to provide you with information and services associated with the event. You may be asked to provide more information when signing up for an event than is found in your StateRAMP profile (e.g. whether it’s your first StateRAMP event, your meal preferences, and some information about your title and industry).
If you are not a member and you sign up for one of our events, we will collect the following information: name, email, company, title, industry, address, phone number, whether it’s your first StateRAMP event, and your meal preferences.
StateRAMP uses the information provided by event attendees to provide them with event services, including badge printing, tracking your Continuing Professional Education (CPE) credits, tailoring sessions to meet the audience profile and to determine the sessions likely to require the biggest rooms, and related purposes connected with the event. We also use the information for billing purposes, as some attendees do not pay at the time of registration. After the event, StateRAMP de-identifies the information collected from attendees and uses de-identified information to review outcomes of past events and plan for future events.
If you are a presenter at one of our events, we will collect information about you including your name, employer and contact information, and photograph, and we may also collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances.
We keep a record of your participation in StateRAMP events as an attendee or presenter. This information may be used to provide you with membership and certification services (such as, for example, keeping track of your Continuing Professional Education (CPE) credits, or to tell you about other events and publications). It may also be used to help StateRAMP understand our members’ needs and interests to better tailor our products and services to meet your needs.
When you register for a live event, you will be listed on the event attendee list. This list is shared with event sponsors/exhibitors as well as other attendees. If you wish to opt-out of being included in this list, please contact privacy@stateramp.org to make this request.
Additionally, exhibitors at StateRAMP events may wish to scan your badge so they can contact you with more information. By allowing an exhibitor to scan your badge you are consenting to have the badge reader provide the exhibitor with your contact information, and thereafter you may be contacted by the exhibitor post-event. If you do not wish the exhibitor to contact you, please communicate this directly with the exhibitor at the event or thereafter.
Web Conferences/Events
StateRAMP offers several web conferences/trainings throughout the year. Many of them are free to StateRAMP members, while non-members may be charged a fee. StateRAMP may also offer web conferences that are co-sponsored by StateRAMP and its partners. These events may be free, or have a cost associated, depending on the event. This means that when you register for a co-sponsored web conference, you will be providing your registration information to both StateRAMP and the applicable co-sponsor. All StateRAMP web conference co-sponsors must agree to follow applicable privacy and data protection laws. Recorded web conferences may be accessed without providing information to the co-sponsor.
Publications & Newsletters
In addition to producing original content, StateRAMP also subscribes to news feeds and blogs produced by others, which we often link to from our website and within our newsletters. This means you may find yourself on the StateRAMP website or reading an email from the StateRAMP team and we will offer you a link to another organization’s website where you will find content on cybersecurity or data protection that we find relevant and useful to you. At these times, you will be leaving the StateRAMP website. StateRAMP is not responsible or liable for content provided by these third-party websites or personal information they may happen to gather from you.
To receive StateRAMP newsletters by email, you will need to create a “profile” with us which involves providing StateRAMP with at least your first name and last name and an email address. The purpose of processing this data is to have the necessary information to deliver StateRAMP’s newsletters by email. You may at your own option choose to subscribe to StateRAMP’s e-News, which may be considered direct marketing. You may unsubscribe at any time from newsletter subscriptions as well as marketing messages.
StateRAMP from time to time sends research surveys to subscribers of the StateRAMP e-News. By subscribing to the StateRAMP e-News, you agree to receive these survey requests occasionally. You are under no obligation to take the surveys.
When you interact with our emails or subscribe to our mailing lists, our third-party tool may collect and process the following information:
We use the data collected through these tools to:
These third-party services do not use or sell this information. Additionally, we ensure that all email communications comply with privacy regulations, including GDPR and CAN-SPAM Act, and include options to manage your preferences or opt out.
As noted above, you may manage your StateRAMP subscriptions by subscribing or unsubscribing at any time. Please note that if you have set your browser to block cookies, this may have an impact on your ability to unsubscribe. If you have any difficulties managing your email or other communication preferences with StateRAMP, please contact us at privacy@stateramp.org.
Web and Digital Analytics
The StateRAMP website uses “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize StateRAMP pages, or register as a member on the StateRAMP site, a cookie helps StateRAMP to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same StateRAMP website, the information you previously provided can be retrieved, so you can easily use the StateRAMP features that you customized.
You can accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the StateRAMP website you visit.
StateRAMP also uses Google Analytics to collect anonymized data points about how visitors use our website, including the number of visitors to the Website, from where visitors navigated to get to our website, and the webpages. This information is collected and maintained in an anonymous form and used to compile reports and help us improve our website. If you choose to opt-out of Google Analytics, you can install a browser add-on in your browser across all websites (please note that StateRAMP is not responsible for the content of external websites, nor any browser add-ons).
Your Correspondence with StateRAMP
If you correspond with us by email, the postal service, or other form of communication, we may retain such correspondence, and the information contained in it, and use it to respond to your inquiry or to keep a record of your complaint, accommodation request, or similar concern. As always, if you wish to have StateRAMP “erase” your personal information or otherwise refrain from communicating with you, please contact us at privacy@stateramp.org.
Note: if you ask StateRAMP not to contact you by email at a certain email address, StateRAMP will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request.
Payment and Purchase Information
You may choose to purchase goods or services from StateRAMP using a payment card. Typically, payment card information is provided directly by users, via the StateRAMP website, into the PCI/DSS-compliant payment processing service to which StateRAMP subscribes, and StateRAMP does not, itself, process or store the card information.
Occasionally, members or customers ask StateRAMP to, on their behalf, enter payment card information into the PCI/DSS-compliant payment processing service to which StateRAMP subscribes. We strongly encourage you not to submit this information by email. When StateRAMP receives payment card information from customers or members by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.
StateRAMP’s ecommerce system collects shipping and billing information to fulfill customer orders. StateRAMP relies on the legitimate interest basis for processing this personal data.
What Happens If You Don’t Give Us Your Data
You can enjoy many of StateRAMP’s services without giving us your personal data because a great deal of information on our website is available even to those who are not StateRAMP members. You can also enjoy subscriptions to our newsletters without becoming a StateRAMP member, but you will need to create a profile with us which involves providing your name, email, country and postal code. Some personal information is necessary so that StateRAMP can supply you with the services you have purchased or requested, and to authenticate you so that we know it is you and not someone else.
Information about your StateRAMP purchases and product certification status is maintained in association with your membership or profile account. The personal information StateRAMP collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.
We do not otherwise reveal your personal data to non-StateRAMP persons or businesses for their independent use unless: (1) you request or authorize it; (2) it’s in connection with StateRAMP-hosted and StateRAMP co-sponsored conferences as described above; (3) it is to assist your employer with confirming receipt or consumption of a purchase they made on your behalf; (4) the information is provided to comply with the law (for example, to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (5) the information is provided to our agents, vendors or service providers who perform functions on our behalf, such as our StateRAMP Program Management Office (PMO); (6) to address emergencies or acts of God; or (7) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf; and (8) through the StateRAMP Member Directory as described below. We may also gather aggregated data about our members and Site visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.
The StateRAMP website uses interfaces with social media sites including but not limited to LinkedIn, X (formerly Twitter), YouTube. If you choose to “like” or share information from the StateRAMP website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.
To help protect the privacy of data and personally identifiable information you transmit through use of our services, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Additionally, StateRAMP secures your personal information from unauthorized access, use or disclosure in the following ways: the information you provide is maintained on computer servers in a controlled, secure environment, with limited access to such servers and password protection for all computers. When personal information (such as a credit card number) is transmitted to other Websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
While we make every effort to secure and protect the information in our possession, and account for the protection of information provided to our third-party service providers through us, no security system is perfect, and we cannot promise that information about you will remain secure in all circumstances. Please do your part to help us keep your information secure. You are responsible for maintaining the confidentiality of your password(s) and your account(s), and for all activities that occur under your account(s).StateRAMP specifically reserves the right to terminate your access to your Account(s) and any contact you have with StateRAMP related to the use of the Website in the event it learns or suspects you have disclosed your Account or password information to an unauthorized third party.
Your personal data is stored by StateRAMP on its servers, and on the servers of third-party cloud-based database management services StateRAMP engages, located in the United States. StateRAMP retains data for the duration of the customer’s or member’s business relationship with StateRAMP and for a period of time thereafter to allow members to recover accounts if they decide to renew, to analyze the data for StateRAMP’s own operations, to comply with Generally Accepted Accounting Principles (GAAP), and for historical and archiving purposes associated with StateRAMP’s history as a membership organization. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact StateRAMP at privacy@stateramp.org.
If you have questions, concerns, complaints, or would like to exercise your rights, please contact StateRAMP at privacy@stateramp.org.