Privacy Policy
Last Updated: November 18, 2025
(Supersedes Policy effective August 8, 2024)
The ATM Industry Association (ATMIA) (“we,” “our,” or “us”) is the leading non-profit trade association representing the global ATM industry. We are committed to protecting the privacy and security of our members, event participants, partners, and visitors (“you”).
This Privacy Policy explains how we collect, use, store, and safeguard your personal data in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other applicable data protection laws.
1. Data Controller and Contact Information
ATM Industry Association (ATMIA)
PO Box 88433
Sioux Falls, SD
57109-8433
USA
Email for Privacy Requests: [email protected]
Phone: 800-475-0585 ext. 1704
If you have any questions about this policy or your rights, please contact us using the email address above.
2. Personal Data We Collect
Our overall policy is simple: If we collect information from you, we use it only for the purposes for which it was collected, and the limited purposes outlined below. We collect the following categories of data, which may be considered "Personal Information" under US laws:
| Category of Data | Examples of Data Collected | Source in Current ATMIA Policy |
|---|---|---|
| Identifiers | Name, Home Address, Email address, Phone number, IP address | Membership, Events, Forms & Online Surveys |
| Professional/Employment | Job title, Organization/Company name, Membership status and history | Membership, Events |
| Demographic Information | Location, Age | Membership, Forms & Online Surveys |
| Financial/Transactional | Payment details (processed securely), invoice and billing data | Membership, Events, Payments |
| Internet/Network Activity | Browser type, operating system, referal domain, website usage analytics, data from cookies | Automatic Collection |
| Communication | Emails, inquiries, survey responses, newsletter subscription preferences | Forms/Contacting |
| Event Participation | Registration details, attendance records, mobile app usage, speaker details | Events |
We do not collect sensitive personal data unless explicitly required and consented to (e.g., accessibility requirements for an event).
3. How We Use Your Personal Data and Legal Basis
| Purpose of Use | Legal Basis (GDPR) | Use in Current ATMIA Policy |
|---|---|---|
| Membership, Events & Service Fulfillment | Performance of a contract | Processing applications, renewals, member services, event registration, mobile app functionality |
| Organizational Communications | Legitimate Interest | Sending organizational updates, newsletters, and contacting the user |
| Website Operation & Diagnostics | Legitimate Interest; Consent (for non-essential cookies) | Improving site performance, diagnosing server problems, and site administration |
| Billing & Accounting | Compliance with legal obligations | Processing payments and maintaining financial records |
| Aggregated Sharing | Legitimate Interest | Sharing non-personally identifiable data (like demographics) with affiliates or business partners on an aggregated basis |
4. Sharing Your Personal Data
We have a firm commitment to privacy and the following applies:
- No Sale or Cross-Context Sharing: We will not sell or share your personally identifiable information with any third party for monetary or other valuable consideration, including for cross-context behavioral advertising (as defined by CCPA).
- Disclosure to Affiliates/Third Parties: We will not sell or disclose your personally identifiable data to any third party that is not an affiliate of ATMIA unless:
- We first obtain permission from you;
- We need to share it with agents or contractors who perform services for us (e.g., payment processors, email services, IT support); or
- We are required by law to disclose it (e.g., court order).
5. International Data Transfers (GDPR/EEA)
If you are visiting our Site from outside the United States, be aware that your information will be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using our services, you consent to any transfer of this information.
When transferring personal data out of the European Economic Area (EEA), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) or transfers to countries with adequacy decisions. You may request details on these safeguards by contacting us.
| Vendor | Service | Data Processed / Security |
|---|---|---|
| Cloudflare | Website Services (Firewall, DDos Protection, Bot Management, Rate Limiting, Analytics) | Data Processed: IP Address, browser information, request headers. The processing of data is based on Standard Contract Clauses, which you can find here: https://www.cloudflare.com/cloudflare-customer-scc/. For more information on Cloudflare, please visit the privacy policy at: https://www.cloudflare.com/cloudflare-customer-dpa/. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5666. |
| Authorize.net | Credit Card Processing | Data Processed: Credit Card Number, CID, Expiration Date, Company Name, Shipping/Billing Address, IP Address. We do not store credit card data on our servers. All data required for transactions is transmited securely and stored by Authorize.net. You may find their privacy notice link(s) here: https://www.authorize.net/content/dam/anet-redesign/documents/authorizenet-dpa.pdf and https://www.authorize.net/en-us/about-us/terms.html. |
| Constant Contact | Emails | Data Processed: Name, Email Address, Subscription Preferences, Engagement Data. The processing of data is based on Standard Contractual Clauses which can be found here: https://www.constantcontact.com/legal/data-processing-addendum The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/4423. |
6. Data Retention
We retain your information for as long as your account is active or as needed to provide you with access to our services. We will retain and use your information as necessary to:
- Comply with our legal obligations (e.g., financial records kept for 7 years).
- Resolve disputes and enforce our agreements.
We maintain one or more databases to store your personal data and may keep such information for historical reference or legal compliance based on the timeframes below, or until you exercise your right to request deletion.
- Membership Information: Retained for the duration of membership + 7 years for historical reference and legitimate interest
- Event Registrations: Retained for 7 years for historical reference and legitimate interest
- Form Submissions: Kept for 3 years for historical reference and legitimate interest
- Financial Records: Kept for 7 years to comply with US and international tax and accounting laws
- Marketing Data: Retained until you withdraw consent (e.g., unsubscribe from a newsletter)
7. Your Rights Under GDPR (EEA Residents)
If you are a resident of the EEA, you have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): Request deletion of your data
- Right to restrict processing: Limit how your data is used
- Right to data portability: Obtain your data in a transferable format
- Right to object: Object to processing based on legitimate interests or direct marketing
- Right to withdraw consent: Withdraw consent at any time for data processing based on consent
8. Your Rights Under US Privacy Laws (CCPA/CPRA - California Residents)
If you are a resident of California, you have the following rights concerning your Personal Information:
- Right to Know: Request disclosure of the categories and specific pieces of information collected
- Right to Delete: Request the deletion of your personal information, subject to certain exceptions
- Right to Correct: Request the correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share your data, so no opt-out is necessary
- Right to Non-Discrimination: The right not to receive discriminatory treatment
To exercise your rights under GDPR or CCPA, please submit a request to our Privacy Contact at: [email protected].
9. Opting Out of Communications and Targeted Advertising
A. Opting Out of Communications
- Mailings: Users may opt-out of future mailings using the unsubscribe link or contacting us.
- Account Removal/Correction: Contact us at [email protected] or visit your member profile to correct or remove information.
B. Opting Out of Targeted Advertising
You may opt out of receiving targeted ads through the following industry tools:
- Digital Advertising Alliance (DAA) Website
- Digital Advertising Alliance of Canada (DAAC) Website
- European Interactive Advertising Digital Alliance (EDAA) Your Online Choices Website
10. Cookies
We use cookies to make our website easier to use and to deliver a personalized experience. You may modify browser settings to accept, notify, or reject cookies, but rejecting cookies may prevent you from utilizing certain services. By default only functional cookies are accepted on this website. Preferences can be changed at any time by clicking the cookie icon in the lower left of the browser window.
11. Mobile Application Disclosure
The ATMIA Conference mobile app uses personal information after login to provide functionality like My Agenda, My Exhibitors, Game Center Leaderboard, and sharing Attendee Details (email, phone, photo) based on user settings. Google Analytics tracks app usage anonymously.
12. SMS Messaging
ATMIA allows US residents to sign up to receive SMS messages. Message content and frequency vary. View the Terms of Use for complete details.
13. Children’s Privacy
We do not knowingly collect any information from children under the age of 13. If a parent or guardian believes a child has provided us with information, they may notify us at [email protected] and the information will be deleted.
14. Security Measures
While there is no such thing as perfect security on the Internet, we take all reasonable steps to ensure the safety of your personally identifiable information:
- Encrypted communications (SSL/TLS)
- Access controls and authentication
- Secure data storage and backup procedures
However, we do not assume any liability for third-party usage of your personal information, whether obtained legally or illegally from our system.
15. Changes to This Policy
This statement may change over time—please review it periodically. We will update the “Last Updated” date at the top of the policy accordingly.
16. Contact Us
If you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site, you can email ATMIA at: [email protected].
Email
Social Media
Bookmark ATMIA.com
RSS