Data Policy

The Organic Trade Association’s (OTA) Data Policy refers to our commitment to treat information of members, stakeholders and other interested parties with the utmost care and confidentiality.

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.

If you have any comments or questions about this notice, feel free to contact us with the subject “Data Policy Inquiry” at info@ota.com

Scope

This policy refers to all parties (members, product purchasers, etc.) who provide any amount of information to us.

Who is covered under the Data Protection Policy?

Employees of our company and its subsidiaries must follow this policy. OTA Member Community leaders, contractors, consultants, partners and any other external entity [hereby referred to within this policy as “data users”] are also covered in accordance with their own policies. Generally, OTA's policy refers to anyone we collaborate with or acts on our behalf and requires access to data to further the mission and values of the OTA.

Policy elements

To fulfill part of our mission and vision as the Organic Trade Association we need to obtain and utilize information from our members. This information includes any offline or online data that makes an organization and its employees identifiable such as names, titles, addresses, facility data [e.g. congressional district, annual revenue, number of employees, etc.], etc.

Our company collects this information in a transparent way, directly asking for it

at the start of an organization’s Membership
at Event Registration
on website forms, or
via third party vendors

Once this information is available to us, the following rules apply.

Our data will be:

Accurate and kept as up-to-date as possible through member outreach/member direct input
Collected fairly and for lawful purposes only
Processed by the OTA within its legal and moral boundaries
Access and sharing of data to data users will be limited to the minimum to accomplish the approved purpose per this policy
Stored within a CRM, behind a Multi-Factor Authentication system to protect against any unauthorized or illegal access by internal or external parties

Our data will not be:

Sold to third parties
Communicated informally (i.e. outside standard organizational channels)
Transferred to organizations, states or countries that do not have adequate data protection policies
Distributed to any party other than for the express purposes of furthering the mission of the Organic Trade Association (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling the data the OTA has direct obligations towards people to whom the data belongs. Specifically OTA must:

Let people know which of their data is collected
Inform people about how we'll process their data
Inform people about who has access to their information
Have provisions in cases of compromised data. OTA contracts with a third party vendor, Paragus Strategic IT, for its security. The language from our 3^rd party vendor agreement regarding protection of personal information is as follows:
- Network environments that include Personal Information in any stored format must be secured with firewall protection, reasonably secure user authentication policies including strong passwords and account lockouts, and antivirus protection.
- Transmission of digital or electronic forms of Personal Information will be avoided whenever it is reasonably possible.
- If transmission of digital or electronic forms of Personal Information is deemed necessary, it must be encrypted by the sender.
- All Personal Information, digital or physical, must be stored in a reasonably secure location and with access protocols in place to ensure its integrity and security.
- Any breach of the security of Personal Information that relates to the business of the client must be reported to client immediately. Full details of the scope of the breach must be provided, including the number of individuals whose information was compromised.
Allow people within the OTA Member Portal (releasing in 2025) to modify, erase, reduce or correct data contained in our databases. OTA provides access to data changes through its Member portal on OTA.com

How We Use Collected Data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in this table arranged by OTA. OTA’s data users have access to member data only as needed to provide and operate services in the normal course of business.

Dept/Data Users	Purpose	Data available for use(key elements)	Example(s) Note: The examples stated below are not to be considered an exhaustive list as there may/will be other departmental uses for the available data]
Communications	Member/Non-Member Outreach Promotion Call to Action Info Dissemination Industry Presentations¹	Contact(s) Name, Contact(s) Email, Contact(s) Phone, Industry Scope, Facility Footprint, Membership Status, Sponsorship Status, Payment Information, Event/Organization Photographs, Survey responses	Industry specific email notification on an issue with a product/item General information emails such as bi-weekly News Flash Photographs taken of speakers and participants at Organic Week
Events (In person, virtual)	Registration and Event outreach		Invitations to OTA events (general or industry specific) B2B connections via event apps and/or breakout sessions Attendance information for other attendees or sponsors Photographs taken of speakers and participants at Organic Week Speakers presentations
Finance & Administration	Invoicing Payments Grant reporting Auditing		Payment captures via our merchant vendor apps Receipts
Legislative	Outreach Congressional Information Sheets		Aggregate publishing for OTA membership footprint by district. Contact information for congressional staff for in district members[MD7]
International	Outreach Grant Reporting Industry Presentations		Federal Market Access Program (MAP) grants require detailed trip reports of attendees
Media/Press	Press Releases Press Hearings		Contact information for media screened outreach
Membership	Outreach for Membership Information and Engagement Opportunities		Meeting outreach for sponsorship opportunities, engagement opportunities, meetings at events Communicating digital advertising opportunities
Member Communities	Council Participant direct communication		Communications sent through OTA’s member communities’ listserv Peer-to-peer outreach related to council/task force business
Regulatory	Outreach Industry presentations Surveys		Aggregate publishing of survey data collected for regulatory commenting Contact information for regulatory authorities on screened topics.
The Organic Center	Outreach (Fundraising and Research) Grant Partnerships Research Partnerships Surveys		Invitations to meetings and conferences as speaker or attendee Solicitation of letters of support for grant proposals Invitations to participate in research activities including advisory committees, surveys, focus groups, etc.

Actions

To exercise data protection we're committed to:

Restrict and monitor access to sensitive data
Develop transparent data collection procedures
Train employees in security measures
Maintain secure networks to protect online data from cyberattacks
Establish clear procedures for reporting privacy breaches or data misuse
Include contract clauses or communicate statements on how we handle data
Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)

Our data protection provisions will appear on our website.

Disciplinary Consequences

All principles described in this policy must be strictly followed by OTA data users. A breach of data protection guidelines will invoke disciplinary action.

[1] Data will be shared as part of group (e.g. industry member make-up where organization/contacts are anonymous)