StateRAMP dba GovRAMP is a 501(c)(6), standards and educational organization, with a membership component for Cloud Service Providers, 3PAOs, Consultants, and Government organizations, as well as individual government employees. We do not knowingly attempt to solicit or receive information from minors.
StateRAMP’s full legal name, address, and phone is:
StateRAMP Inc dba GovRAMP
9800 Crosspoint Blvd.
Indianapolis, IN 46256
+1 216-230-8531
This Privacy Notice describes StateRAMP dba GovRAMP’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights; henceforth, the name GovRAMP shall be used to describe the organization. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies; we encourage you to periodically review this Notice to be informed of how GovRAMP is protecting your information. If you have any questions about this Privacy Notice or GovRAMP’s data handling practices, please contact privacy@govramp.org.
GovRAMP collects personal information about its members and other customers. GovRAMP may collect the following information:
We use this information to provide members and customers with member benefits, as well as any goods and services they purchase from us. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of GovRAMP’s services.
Most GovRAMP members provide their personal information directly to us. In some cases, GovRAMP receives personal information about individuals from third parties. This may happen, for example, if your employer is a member of GovRAMP and signs you up for membership or continuous monitoring access. Your name may be given to GovRAMP if you accept an invitation to speak at one of our meetings or events. We may also collect your personal data from a third-party website (e.g. LinkedIn) if you fill out a form on that site requesting content from or registering for an event with GovRAMP. You may always access and update your data with GovRAMP if you have a GovRAMP account and you may always contact us at privacy@govramp.org.
Membership
When you become a GovRAMP member, we collect information about you including but not limited to your name, your employer’s name, your work address, and your email address.
We may also collect your personal email address, a personal mailing address, and a mobile phone number. We allow members to voluntarily provide additional information in their membership profile, such as information about their educational background and related personal data. Member information, including membership status, shall be part of the GovRAMP Member Director, which is available to other GovRAMP members in the Members Only section of the GovRAMP website. If you wish to have your data removed from the Member Director, you must affirmatively opt-out by emailing privacy@govramp.org.
We process your personal information for membership administration, to deliver member benefits to you, and to inform you of GovRAMP-related events, content, and other benefits or opportunities associated with your GovRAMP membership. We may also use this information to help us understand our members’ needs and interests to better tailor our products and services to meet your needs.
Live Events
GovRAMP hosts live, in-person events throughout the year. If you register for one of our events and you are a member, we will access the information in your member account to provide you with information and services associated with the event. You may be asked to provide more information when signing up for an event than is found in your GovRAMP profile (e.g. whether it’s your first GovRAMP event, your meal preferences, and some information about your title and industry).
If you are not a member and you sign up for one of our events, we will collect the following information: name, email, company, title, industry, address, phone number, whether it’s your first GovRAMP event, and your meal preferences.
GovRAMP uses the information provided by event attendees to provide them with event services, including badge printing, tracking your Continuing Professional Education (CPE) credits, tailoring sessions to meet the audience profile and to determine the sessions likely to require the biggest rooms, and related purposes connected with the event. We also use the information for billing purposes, as some attendees do not pay at the time of registration. After the event, GovRAMP de-identifies the information collected from attendees and uses de-identified information to review outcomes of past events and plan for future events.
If you are a presenter at one of our events, we will collect information about you including your name, employer and contact information, and photograph, and we may also collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances.
We keep a record of your participation in GovRAMP events as an attendee or presenter. This information may be used to provide you with membership and certification services (such as, for example, keeping track of your Continuing Professional Education (CPE) credits, or to tell you about other events and publications). It may also be used to help GovRAMP understand our members’ needs and interests to better tailor our products and services to meet your needs.
When you register for a live event, you will be listed on the event attendee list. This list is shared with event sponsors/exhibitors as well as other attendees. If you wish to opt-out of being included in this list, please contact privacy@govramp.org to make this request.
Additionally, exhibitors at GovRAMP events may wish to scan your badge so they can contact you with more information. By allowing an exhibitor to scan your badge you are consenting to have the badge reader provide the exhibitor with your contact information, and thereafter you may be contacted by the exhibitor post-event. If you do not wish the exhibitor to contact you, please communicate this directly with the exhibitor at the event or thereafter.
Web Conferences/Events
GovRAMP offers several web conferences/trainings throughout the year. Many of them are free to GovRAMP members, while non-members may be charged a fee. GovRAMP may also offer web conferences that are co-sponsored by GovRAMP and its partners. These events may be free, or have a cost associated, depending on the event. This means that when you register for a co-sponsored web conference, you will be providing your registration information to both GovRAMP and the applicable co-sponsor. All GovRAMP web conference co-sponsors must agree to follow applicable privacy and data protection laws. Recorded web conferences may be accessed without providing information to the co-sponsor.
Publications & Newsletters
In addition to producing original content, GovRAMP also subscribes to news feeds and blogs produced by others, which we often link to from our website and within our newsletters. This means you may find yourself on the GovRAMP website or reading an email from the GovRAMP team and we will offer you a link to another organization’s website where you will find content on cybersecurity or data protection that we find relevant and useful to you. At these times, you will be leaving the GovRAMP website. GovRAMP is not responsible or liable for content provided by these third-party websites or personal information they may happen to gather from you.
To receive GovRAMP newsletters by email, you will need to create a “profile” with us which involves providing GovRAMP with at least your first name and last name and an email address. The purpose of processing this data is to have the necessary information to deliver GovRAMP’s newsletters by email. You may at your own option choose to subscribe to GovRAMP’s e-News, which may be considered direct marketing. You may unsubscribe at any time from newsletter subscriptions as well as marketing messages.
GovRAMP from time to time sends research surveys to subscribers of the GovRAMP e-News. By subscribing to the GovRAMP e-News, you agree to receive these survey requests occasionally. You are under no obligation to take the surveys.
When you interact with our emails or subscribe to our mailing lists, our third-party tool may collect and process the following information:
We use the data collected through these tools to:
These third-party services do not use or sell this information. Additionally, we ensure that all email communications comply with privacy regulations, including GDPR and CAN-SPAM Act, and include options to manage your preferences or opt out.
As noted above, you may manage your GovRAMP subscriptions by subscribing or unsubscribing at any time. Please note that if you have set your browser to block cookies, this may have an impact on your ability to unsubscribe. If you have any difficulties managing your email or other communication preferences with GovRAMP, please contact us at privacy@govramp.org.
Web and Digital Analytics
The GovRAMP website uses “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize GovRAMP pages, or register as a member on the GovRAMP site, a cookie helps GovRAMP to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same GovRAMP website, the information you previously provided can be retrieved, so you can easily use the GovRAMP features that you customized.
You can accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the GovRAMP website you visit.
GovRAMP also uses Google Analytics to collect anonymized data points about how visitors use our website, including the number of visitors to the Website, from where visitors navigated to get to our website, and the webpages. This information is collected and maintained in an anonymous form and used to compile reports and help us improve our website. If you choose to opt-out of Google Analytics, you can install a browser add-on in your browser across all websites (please note that GovRAMP is not responsible for the content of external websites, nor any browser add-ons).
Your Correspondence with StateRAMP
If you correspond with us by email, the postal service, or other form of communication, we may retain such correspondence, and the information contained in it, and use it to respond to your inquiry or to keep a record of your complaint, accommodation request, or similar concern. As always, if you wish to have GovRAMP “erase” your personal information or otherwise refrain from communicating with you, please contact us at privacy@govramp.org.
Note: If you ask GovRAMP not to contact you by email at a certain email address, GovRAMP will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request.
Payment and Purchase Information
You may choose to purchase goods or services from GovRAMP using a payment card. Typically, payment card information is provided directly by users, via the GovRAMP website, into the PCI/DSS-compliant payment processing service to which GovRAMP subscribes, and GovRAMP does not, itself, process or store the card information.
Occasionally, members or customers ask GovRAMP to, on their behalf, enter payment card information into the PCI/DSS-compliant payment processing service to which GovRAMP subscribes. We strongly encourage you not to submit this information by email. When GovRAMP receives payment card information from customers or members by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.
GovRAMP’s ecommerce system collects shipping and billing information to fulfill customer orders. GovRAMP relies on the legitimate interest basis for processing this personal data.
What Happens If You Don’t Give Us Your Data
You can enjoy many of GovRAMP’s services without giving us your personal data because a great deal of information on our website is available even to those who are not GovRAMP members. You can also enjoy subscriptions to our newsletters without becoming a GovRAMP member, but you will need to create a profile with us which involves providing your name, email, country and postal code. Some personal information is necessary so that GovRAMP can supply you with the services you have purchased or requested, and to authenticate you so that we know it is you and not someone else.
Information about your GovRAMP purchases and product certification status is maintained in association with your membership or profile account. The personal information GovRAMP collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.
We do not otherwise reveal your personal data to non-GovRAMP persons or businesses for their independent use unless: (1) you request or authorize it; (2) it’s in connection with GovRAMP-hosted and GovRAMP co-sponsored conferences as described above; (3) it is to assist your employer with confirming receipt or consumption of a purchase they made on your behalf; (4) the information is provided to comply with the law (for example, to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (5) the information is provided to our agents, vendors or service providers who perform functions on our behalf, such as our GovRAMP Program Management Office (PMO); (6) to address emergencies or acts of God; or (7) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf; and (8) through the GovRAMP Member Directory as described below. We may also gather aggregated data about our members and Site visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.
The GovRAMP website uses interfaces with social media sites including but not limited to LinkedIn, X (formerly Twitter), YouTube. If you choose to “like” or share information from the GovRAMP website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.
To help protect the privacy of data and personally identifiable information you transmit through use of our services, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Additionally, GovRAMP secures your personal information from unauthorized access, use or disclosure in the following ways: the information you provide is maintained on computer servers in a controlled, secure environment, with limited access to such servers and password protection for all computers. When personal information (such as a credit card number) is transmitted to other Websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
While we make every effort to secure and protect the information in our possession, and account for the protection of information provided to our third-party service providers through us, no security system is perfect, and we cannot promise that information about you will remain secure in all circumstances. Please do your part to help us keep your information secure. You are responsible for maintaining the confidentiality of your password(s) and your account(s), and for all activities that occur under your account(s).GovRAMP specifically reserves the right to terminate your access to your Account(s) and any contact you have with GovRAMP related to the use of the Website in the event it learns or suspects you have disclosed your Account or password information to an unauthorized third party.
Your personal data is stored by GovRAMP on its servers, and on the servers of third-party cloud-based database management services GovRAMP engages, located in the United States. GovRAMP retains data for the duration of the customer’s or member’s business relationship with GovRAMP and for a period of time thereafter to allow members to recover accounts if they decide to renew, to analyze the data for GovRAMP‘s own operations, to comply with Generally Accepted Accounting Principles (GAAP), and for historical and archiving purposes associated with GovRAMP’s history as a membership organization. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact GovRAMP at privacy@govramp.org.
If you have questions, concerns, complaints, or would like to exercise your rights, please contact GovRAMP at privacy@govramp.org.