GDPR Privacy Notice for EEA Residents

This Privacy Notice for European Economic Area (EEA) Residents supplements the information contained in the Louisiana Psychological Association’s (“LPA,” “we,” “our,” or “us”) Privacy Policy and applies to individuals in the EEA whose data is subject to the General Data Protection Regulation (GDPR).

1. Data Controller

For the purposes of the GDPR, the Louisiana Psychological Association is the data controller of your personal data. Our contact information is:

Louisiana Psychological Association
P.O. Box 6494
Metairie, Louisiana 70009

2. Legal Basis for Processing Personal Data

We process your personal data on the following legal bases:

2.1 Consent

• When you voluntarily provide your personal information for a specific purpose
• When you subscribe to our newsletter or other communications
• When you agree to our use of cookies and similar technologies

2.2 Contractual Necessity

• When processing is necessary to perform a contract to which you are a party
• When processing is necessary to take steps at your request before entering into a contract

2.3 Legitimate Interests

• When processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms
• Our legitimate interests include:
  • Improving and personalizing our services
  • Marketing our services
  • Protecting our organization and users
  • Ensuring the security of our website and services

2.4 Legal Obligation

• When processing is necessary for compliance with a legal obligation to which we are subject

3. Data Subject Rights

Under the GDPR, individuals located in the EEA have the following rights with respect to their personal data:

3.1 Right of Access

You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, access to that personal data and certain information about how and why it is being processed.

3.2 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

3.3 Right to Erasure (Right to be Forgotten)

You have the right to have your personal data erased in certain circumstances, such as when the data is no longer needed, when you withdraw consent, or when the data has been unlawfully processed.

3.4 Right to Restriction of Processing

You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance.

3.6 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including when the processing is based on legitimate interests or when the data is processed for direct marketing purposes.

3.7 Rights Related to Automated Decision-making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

3.8 Right to Withdraw Consent

You have the right to withdraw your consent at any time where we rely on consent as the legal basis for processing.

4. How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the contact information provided in Section 1. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request.

You will not have to pay a fee to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

5. International Transfers

When we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the U.S., we may transfer data to them if they are part of an approved mechanism that ensures adequate protection.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Cookies and Similar Technologies

Please refer to our Cookie Policy for detailed information about the cookies and similar technologies we use and how you can control them.

9. Your Right to Lodge a Complaint

If you are not satisfied with our response to your concern or believe our processing of your personal data is not in accordance with the law, you have the right to lodge a complaint with the supervisory authority for data protection issues in your country of residence within the EEA. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

10. Changes to This Privacy Notice

We reserve the right to update this privacy notice at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.

11. Contact Us

If you have any questions about this Privacy Notice or our privacy practices, please contact us.