PSHRA Logo

Privacy Policy

Effective Date: June 23, 2026  |  Last Updated: June 23, 2026

The Public Sector HR Association ("PSHRA", "we", "us", "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website pshra.org and when you communicate with us electronically.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.

1. Controller Information

Public Sector HR Association
1617 Duke Street, Alexandria, VA 22314, United States
Phone: (703) 549-7100
Email: [email protected]

2. Information We Collect

We may collect the following categories of personal information:

  • Identification data: Name, email address, job title, organization name.
  • Contact data: Mailing address, phone number.
  • Account data: Username, password (hashed), membership ID.
  • Transaction data: Membership fees, event registrations, purchase history.
  • Usage data: IP address, browser type, pages visited, time and date of visit (collected via cookies and analytics tools).
  • Communication data: Email open rates, click-through data, and unsubscribe requests.
  • Marketing preferences: Your consent records for marketing communications.

3. How We Collect Your Information

  • Directly from you — when you register, purchase a membership, register for events, or subscribe to our newsletter.
  • Automatically — when you browse our website via cookies, log files, and analytics tools (see Section 9).
  • From third parties — from our membership management system (iMIS), event platforms, and payment processors.

4. How We Use Your Information

We use your personal data for the following purposes and on the following legal bases:

Purpose Legal Basis (GDPR Art. 6)
Manage your membership account Performance of a contract (Art. 6(1)(b))
Process payments and event registrations Performance of a contract (Art. 6(1)(b))
Send transactional/membership emails Performance of a contract (Art. 6(1)(b))
Send marketing newsletters and updates Consent (Art. 6(1)(a)) / Legitimate interests (Art. 6(1)(f))
Improve and personalize website experience Legitimate interests (Art. 6(1)(f))
Comply with legal obligations Legal obligation (Art. 6(1)(c))
Prevent fraud and ensure security Legitimate interests (Art. 6(1)(f))

5. Email Communications

5.1 CAN-SPAM Act (United States)

All marketing emails we send comply with the CAN-SPAM Act. Each email includes:

  • Our full legal name and physical address.
  • A clear and honest subject line.
  • A clearly labeled Unsubscribe link that functions for at least 30 days after sending.
  • Opt-out requests are honored within 10 business days.

5.2 EU / EEA ePrivacy & GDPR Compliance

For individuals in the European Economic Area:

  • We only send marketing emails on the basis of explicit prior consent or a demonstrable legitimate interest where applicable under the ePrivacy Directive.
  • Consent is recorded with date, time, IP address, and the specific form/source used.
  • You may withdraw consent at any time via the unsubscribe link in each email or by emailing [email protected].
  • We maintain a suppression list to ensure individuals who opt out are not contacted again for marketing purposes.
  • We do not use your email address to create lookalike audiences without separate, granular consent.

5.3 Email Service Providers

We use reputable email service providers (ESPs) to deliver our communications. These ESPs process your email address on our behalf as data processors under a Data Processing Agreement (DPA) and are contractually bound to protect your data.

6. Sharing of Your Information

We do not sell your personal data. We may share it with:

  • Service providers acting as data processors (e.g., payment processors, email platforms, event management systems) under DPAs.
  • PSHRA Chapter affiliates when you join a specific chapter, limited to what is necessary for chapter administration.
  • Legal and regulatory authorities when required by applicable law or court order.
  • Business transfers — if PSHRA is involved in a merger, acquisition, or asset sale, your data may be transferred with prior notice to you.

7. International Data Transfers

PSHRA is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data will be transferred to and processed in the United States. We ensure such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission where required.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

  • Active membership records: retained for the duration of membership plus 7 years.
  • Marketing consent records: retained for 3 years from the date of last interaction or until withdrawn.
  • Suppression (opt-out) records: retained indefinitely to prevent accidental re-contact.
  • Financial transaction records: retained for 7 years to meet legal accounting obligations.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our website. Categories include:

  • Strictly necessary cookies — required for the website to function (no consent required).
  • Analytics cookies — used to understand how visitors interact with the site (requires consent in EU/EEA).
  • Marketing cookies — used to deliver relevant advertising (requires consent in EU/EEA).

You can manage cookie preferences through our cookie consent banner or your browser settings. For EU/EEA visitors, we obtain consent before placing non-essential cookies.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure ("Right to be forgotten") — request deletion of your data in certain circumstances.
  • Right to restriction of processing — request that we limit how we use your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent — withdraw marketing consent at any time without affecting prior processing.
  • Right not to be subject to automated decision-making — we do not make solely automated decisions that significantly affect you.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or 72 hours for data breach notifications). You also have the right to lodge a complaint with your local supervisory authority (for EU residents, this is your national Data Protection Authority).

11. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include TLS encryption for data in transit, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

12. Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date and, where appropriate, by email. We encourage you to review this policy periodically.

14. Contact & Complaints

For privacy-related inquiries or to exercise your rights:

Public Sector HR Association — Privacy Team
1617 Duke Street, Alexandria, VA 22314
Email: [email protected]
Phone: (703) 549-7100

EU residents may also contact their national Data Protection Authority if they believe their rights have not been respected.