Privacy Policy

1. Introduction

The International Association of Equine Dentistry (“IAED,” “we,” “us,” or “our”) is a US-based professional membership organization incorporated under the laws of the United States. We are committed to protecting the privacy of our members, prospective members, and visitors who interact with our membership portal and website (collectively, the “Services”).

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights available to you regardless of where you are located. Because our membership is global, this policy is designed to address the requirements of multiple privacy frameworks, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the Texas Data Privacy and Security Act (TDPSA), and applicable laws in Canada, Australia, and other jurisdictions.

By creating an account or using the Services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller / Responsible Organization

IAED is the data controller for personal data processed through the Services.

For privacy inquiries, data requests, or complaints, please contact:

International Association of Equine Dentistry
info@iaedonline.com
11450 US Hwy 380 Ste 130 #472, Crossroads, Texas, 76227
iaedonline.com

3. Personal Data We Collect

We collect the following categories of personal data when you register as a member, maintain your profile, or use the Services:

3.1 Account and Identity Data

First name and last name
Email address
Username and account password (stored in encrypted form)
Membership level and membership status (Active, Lapsed, etc.)
Member since date and membership renewal date

3.2 Professional Data

Organization
Type of practitioner (DVM, EDP, EqDT, RVT, Other)
IAED certification status and level of certification
Professional website URL

3.3 Contact and Location Data

Phone number
Street address, city, state/province, postal code, and country

Note: Address data is used to display your location in the member directory map. Geocoordinates (latitude/longitude) are derived from your address using the Google Maps Geocoding API and are cached temporarily in memory. They are not stored permanently in our database.

3.4 Profile Photo

A profile photograph that you choose to upload. Photos are stored in our WordPress media library and synchronized to our membership management platform (Wild Apricot). You are not required to upload a photo.

3.5 Technical and Usage Data

IP address and browser/device type at login
Session tokens used to maintain your authenticated session (stored temporarily in server memory, not in persistent cookies)
Pages visited and actions taken within the member portal

3.6 Data We Do Not Collect

We do not knowingly collect sensitive categories of personal data such as health information, racial or ethnic origin, religious beliefs, genetic data, biometric identifiers, or financial account numbers. We do not collect payment card data directly; any payment processing is handled by our membership platform, Wild Apricot, under its own privacy policy.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Membership Administration

Creating and maintaining your member account
Verifying membership status and level for access control
Processing membership renewals and communications
Displaying your profile in the members-only directory

4.2 Directory and Map Features

Displaying your name, organization, practitioner type, certification status, and profile photo to other logged-in members in the member directory
Geocoding your address to place a location pin on the member map. Only your general location (city/state level) is visible to other members; your full address is not displayed publicly

4.3 Communications

Sending transactional emails related to your membership (renewal notices, password resets)
Sending organizational announcements, event notifications, and newsletters, where you have opted in or where permitted by applicable law

4.4 Legal and Security

Complying with legal obligations
Detecting, preventing, and addressing fraud, security incidents, or technical issues
Enforcing our membership terms and policies

5. Legal Basis for Processing (GDPR / UK GDPR)

For members located in the European Economic Area (EEA), United Kingdom, or other jurisdictions requiring a lawful basis for data processing, we rely on the following bases:

Contract performance: Processing necessary to deliver membership services you have requested (profile management, directory access, certification records).
Legitimate interests: Processing for fraud prevention, security, and improving our Services, where our interests are not overridden by your data protection rights.
Legal obligation: Processing required to comply with applicable laws and regulations.
Consent: Where we rely on consent (e.g., optional marketing communications), you may withdraw it at any time by contacting us at the address in Section 2.

6. Third-Party Services and Data Sharing

We do not sell your personal data to third parties. We share data only in the following circumstances:

6.1 Wild Apricot (Membership Management Platform)

Your profile data is stored in and synchronized with Wild Apricot, a third-party membership management platform operated by Personify Corp. Wild Apricot acts as a data processor on our behalf and is bound by a Data Processing Agreement. You can review Wild Apricot’s privacy policy at: https://www.wildapricot.com/privacy-policy

6.2 Google Maps, Geocoding, and Places APIs

Our member directory uses several Google APIs: the Maps JavaScript API to display the member location map; the Geocoding API to convert member addresses to map coordinates; and the Places Autocomplete API to assist you in entering a valid address when editing your profile. Your address data is transmitted to Google for geocoding purposes. Google’s processing is governed by the Google Privacy Policy at: https://policies.google.com/privacy

6.3 WordPress Hosting Provider

Our portal is built on WordPress and hosted on a third-party server. The hosting provider may process technical data (IP addresses, server logs) as a data processor. We select hosting providers that maintain appropriate data security standards.

6.4 Other Members

Certain profile fields — your name, organization, practitioner type, IAED certification status, profile photo, email address, and phone number — are visible to other authenticated IAED members in the member directory. Your full street address is not displayed to other members; only your general location is used for map display.

6.5 Legal Disclosure

We may disclose personal data if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of IAED, our members, or the public.

7. International Data Transfers

IAED is based in the United States. If you are located outside the US, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home country.

For transfers from the EEA or UK to the US, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms approved by the relevant supervisory authority. For inquiries about the transfer mechanisms we use, please contact us at the address in Section 2.

8. Data Retention

We retain your personal data for as long as your membership is active and for a reasonable period afterward to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce agreements.

When a member’s account is terminated or their membership lapses, we will retain profile data for [INSERT RETENTION PERIOD, e.g., 3 years] unless you request deletion sooner (see Section 9). Technical logs and session data are retained for a shorter period consistent with security and operational needs.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any right, please contact us using the details in Section 2.

9.1 Rights Available to All Members

Access: Request a copy of the personal data we hold about you.
Correction: Request that inaccurate or incomplete data be corrected. You can also update most fields directly in your profile via the member portal.
Deletion: Request that we delete your personal data, subject to legal retention requirements.
Objection to processing: Object to certain uses of your data.

9.2 Additional Rights for EEA / UK Members (GDPR / UK GDPR)

Restriction of processing: Request that we restrict how we use your data in certain circumstances.
Data portability: Request your data in a structured, machine-readable format.
Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Lodge a complaint: You have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK or your national supervisory authority in the EEA).

9.3 Rights for California Residents (CCPA / CPRA)

California residents have additional rights under the CCPA/CPRA, including the right to know about personal information collected, the right to delete personal information, the right to correct inaccurate personal information, and the right to non-discrimination for exercising privacy rights. We do not sell or share personal information for cross-context behavioral advertising.

9.4 Rights for Texas Residents (TDPSA)

Texas residents have rights under the Texas Data Privacy and Security Act, including rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising or profiling. We do not engage in targeted advertising or sell personal data.

9.5 Rights for Canadian Members (PIPEDA / Provincial Laws)

Canadian members have rights under PIPEDA or applicable provincial privacy legislation to access and correct personal information we hold about them and to withdraw consent for non-essential processing.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, or disclosure. These measures include:

Encrypted storage of account credentials
Authentication-gated access to the member directory and profile pages
Secure HTTPS connections for all data transmission
Session tokens stored in server memory (not in persistent browser cookies)
Periodic data synchronization via authenticated API connections

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you become aware of any security incident involving your data, please notify us promptly at the contact address in Section 2.

11. Cookies and Session Data

The IAED member portal uses PHP server-side sessions to maintain your logged-in state. A session identifier is stored in your browser as a temporary session cookie and is deleted when you close your browser or log out. We do not use persistent tracking cookies or third-party advertising cookies.

Third-party services embedded in our portal (Google Maps, Google Places) may set their own cookies or use browser storage. Please refer to Google’s Cookie Policy for details.

12. Children’s Privacy

The IAED membership portal is intended for professional practitioners and is not directed at individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, please contact us and we will promptly delete it.

13. Links to Third-Party Sites

Our portal may contain links to third-party websites, including Wild Apricot member management pages. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify active members by email and update the “Last Updated” date at the top of this document. Your continued use of the Services after such notice constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: