Privacy Policy

BAFT Privacy Policy

Effective Date: February 3, 2022

1. Introduction

BAFT is committed to protecting your personal data.

This Privacy Policy applies to the websites, online services, and mobile applications controlled by BAFT (“BAFT,” “we,” “us,” or “our”), where this Privacy Policy is posted (the “Services”). This Privacy Policy applies to all users, including both those who use the Services without being registered with or subscribing to a BAFT service, and those who have registered with or subscribed to a BAFT service. Please read this Privacy Policy carefully. By using the Services, or purchasing products or services from us, you agree to be bound by this Privacy Policy.

This list includes this site:

2. What Information Do We Collect About You?

BAFT collects (i) personal data voluntarily supplied by you when you register on the Services, and (ii) tracking information collected as you navigate the Services. In particular, BAFT collects the following information from and about you:

Registration information — Registration information is information you submit to register for an BAFT service; for example, to create an account, make a purchase, register for an event, enroll in a course, post comments, or receive a newsletter. Registration information may include, but is not limited to, first name, last name, and email address.

Sensitive data — We may collect limited sensitive data related to attendance at BAFT events only as provided by you and with your consent, including passport information for visa and security processing, dietary restrictions, and disability accommodations information.

Research — If you have previously shared your information with us or participated in benchmarking research, we may request that you complete surveys, evaluations forms, and/or market research. If you do so, then we will collect and evaluate your responses for that research.

Activity data — When you access and interact with the Services, we may collect certain information about those visits. For example, in order to permit your connection to the Services, our servers receive and record information about your computer, device and browser, browser type, and other software or hardware information. This information is anonymized.

Cookies, web beacons and similar technologies — BAFT uses cookies for your convenience and security. Cookies are text files stored on the browser of your computer. Cookies are used to make your experience on our web sites more personal and less cumbersome. You may choose to decline cookies, but doing so may affect your ability to access or use certain features of our sites. For more information, see Section 9 below.

3. How is it Used?

We use the personal information we collect from, and about you, to:

Provide our services, features, products, educational programs, and events to you;

Measure and improve those services and features;

Provide you with customer support and to respond to inquiries;

Protect the rights of BAFT and others. There may be instances when we may disclose your personal information, including situations where we have a good faith belief that such processing is necessary in order to: (i) protect, enforce or defend the legal rights, privacy, safety or property of BAFT, our affiliates or their employees, agents and contractors (including enforcement of our agreements and terms of use); (ii) protect the safety, privacy and security of users of the Services or members of the public; or (iii) protect against fraud or for risk management purposes;

Send marketing communications customized to your interests and needs in accordance with applicable law;

Send surveys, evaluations, or research questionnaires related to our products, services, events, educational and related programs;

Comply with applicable laws or legal process and/or respond to requests from public and government authorities.

4. On What Legal Basis Do We Process Your Personal Information?

We process personal information per applicable law and with transparency and fairness. Our processing activities are conducted:

With your consent;

In order to fulfill our contractual obligations to you;

For the legitimate purpose of operating our business, including to improve and develop the Services for fraud prevention purposes, and to improve use experience; and

As otherwise in compliance with law.

5. How Do We Share Your Personal Information?

BAFT may share your personal information for the purposes of Section 3 above to the following categories of recipients (for residents of the EU, subject to Sections 6 and 7), and such may have their own policies and procedures:

Service providers, helping to administer the Services, products, services, research educational programs and events;

Subsidiaries and affiliates to better serve BAFT membership and its evolving needs;

Sponsors and Exhibitors of events you attend;

Third parties who provide products and services of interest to BAFT members;

Other association members for the purpose of performing trade association business;

Companies which may be the result of any mergers, acquisitions, asset sales, joint ventures, etc.; or

Competent authorities, including law enforcement, in order to comply with applicable laws or court orders.

To pre-selected sponsors of BAFT event(s), upon execution of a mailing list agreement will receive pre and post lists of attendees who have consented such limited release.

6. Is your personal information transferred from abroad?

For individuals located in the European Union (EU) or participating in activities outside of the US that you have consented to, your personal information may be transferred to countries outside the EU, in particular to the United States. Some non-EU countries are recognized by the European Commission as providing an adequate level of data protection according to EU standards. The full list of these countries is available at For transfers from the EU to countries not considered adequate by the European Commission, we have put in place appropriate and suitable safeguards to protect your personal data and that the transfer of your personal data is in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the EU General Data Protection Regulation 2016/679.

7. What are your rights with regard to your personal information?

We give you choices regarding our use and disclosure of your personal information for marketing purposes. You may withdraw your consent to:

Receiving electronic communications from us — If you no longer want to receive marketing-related emails from us, you may opt-out of receiving these by following the unsubscribe link in our communications or sending a request to the email or postal address in Section 14 of this Privacy Policy. If you hold an online account with BAFT, then you may also manage your electronic communications by signing in to your account, and then visiting the My Account page. From that page:

Under My Account > Update Topics of Interest, you can manage marketing communications and newsletters.

Our sharing of your personal information with BAFT affiliates or business partners for their marketing purposes — If you would prefer that we do not share your personal information with BAFT affiliates or business partners for their direct marketing purposes, you may opt-out during registration for BAFT events or by sending a request to the email or postal address in Section 14 of this Privacy Policy.

Additionally, EU subjects may:

Obtain confirmation as to whether or not your personal information exists and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;

Request the deletion, anonymization, or restriction of the processing of your personal information processed in breach of the applicable law;

Object to the processing, in all cases, of your personal information for legitimate reasons;

Receive an electronic copy of your personal information, if you would like to port your personal information to yourself or a different provider; or

Lodge a complaint with the relevant data protection supervisory authority.

The above rights are subject to applicable limitations and restrictions. In certain cases, your request may be denied based on a legitimate exception such as where we are prevented from disclosing such information based on legal requirements, fraud prevention, or security concerns, or when we need to maintain the information. For more information or to make a request, please contact [email protected].

Remember that even after you cancel your account, or if you ask us to delete your personal information, copies of some information from your account may remain viewable in some circumstances where, for example, you have shared information with other services. We may also retain backup information related to your account on our servers for some time after cancellation or your request for deletion, to comply with applicable law.

We accept and respect “Do Not Track” browser settings. If your browser sends a “Do Not Track” request, then we will block all Targeting and Social Media cookies as described below, in section 9 (Cookies).

8. Your California Privacy Rights

California law permits residents of California to opt-out of BAFT’s disclosure of personal information to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your personal information with third parties for marketing purposes at any time by contacting us at [email protected]. Please note that this opt-out does not prohibit disclosures made for non-marketing purposes. California law also permits residents of California to request and obtain from us once per year, free of charge, a list of the third parties (if any) to whom we have disclosed personal information for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to [email protected]. The email subject line must include the phrase “Your California Privacy Rights,” and include your name, email address or mailing address.

Pursuant to the California Consumer Privacy Act, California residents have the following specified rights:

The right to request disclosure of BAFT’s business’ data collection and sales practices, including the categories of personal information BAFT collected, the source of the information, BAFT’s use of the information and, if the information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;

The right to request a copy of the specific personal information collected during the 12 months before their request (together with right #1, a “personal information request”);

The right to have such information deleted (with exceptions);

The right to request that personal information not be sold to third parties, if applicable; and

The right not to be discriminated against because of exercising the new rights.

To exercise the above rights, a California consumer may only make a personal information request twice in a 12-month period. Next, BAFT seeks to verify the requester’s identity. BAFT will respond within 45 days of receiving a personal information request.

BAFT has collected personal information in the following categories of personal information over the past 12 months: identifiers (such as contact information provided at registration), user name and password, Internet/electronic activity, geolocation, and professional or employment related information (such as bank name and address, your primary function at the bank, your title, and your phone number when you register).

BAFT has collected personal information from sources including: the individual or designee submitting the information, a third party authorized to provide the information, or the business observing activities and recording the information, such as through the use of cookies. The business purposes for which BAFT collects this information includes:

Auditing consumer web activity;

Maintaining security safeguards;

Performing BAFT services for members and customers;

Repairing errors;

Short-term contextual ad customization that does not involve or contribute to profiling;

Internal research and development; and

Quality control.

9. Cookies

We use, and allow certain third parties to use, cookies, web beacons, and other similar technologies to enhance the Services and to help collect data. We, or third parties, may use session cookies or persistent cookies. Session cookies only last for the specific duration of your visit and are deleted when you close your browser. Persistent cookies remain on your device’s hard drive until you delete them, or until they are set to expire. Some web browser will automatically expire persistent cookies at thirteen months, but others will respect the date set by the owner of the cookie, which may be shorter or longer than that. Different cookies are used to perform the following different functions:

Strictly Necessary — Some cookies are essential in order to enable you to move around our websites and use their features, such as accessing secure areas of the website via a personal log in. Strictly Necessary cookies are also used to manage technical processes like server load balancing, caching, and security; to anonymize user sessions; and to store your cookie preferences so that we can honor them. Without these cookies, we cannot enable appropriate content based on your permission level.

Functional — Functional cookies store data for essential website services such as online shopping, learning modules, and media players. They may also be used to customize the user interface, and to store settings other user-based preferences. These cookies may be set by us or by third-party providers whose services are used on our pages. If you do not allow these cookies then some or all of these services may not function properly.

Performance — We use our own cookies and/or third party cookies to see how visitors use our websites and services, in order to enhance performance and improve our site, according to best practices. This data is anonymized and/or aggregated. We use Google Analytics, for example, to track website usage and activity.

Targeting — We receive audience-based data (such as pixel traffic and conversion data) from social media platform providers — including Facebook, LinkedIn, Twitter — advertising partners, and others based on information such as IP addresses. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social Media — These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

You can also set your cookie preferences specifically for this website, using the button below. Note that the preferences you set here will only remain in place on the device and browser you are currently using, and you will need to make the same selections again if you change devices or browsers, or if you clear your cookies.

To manage your privacy preferences for other BAFT domains covered by this privacy policy, please visit the pages below:

BAFT.ORG Cookie Settings:

Other Ways to Manage Cookies

There are several ways to manage cookies. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provide information on how to accept cookies, disable cookies, or to notify you when receiving a new cookie. Please note, however, that many of the cookies we use are “strictly necessary” cookies. By blocking or deleting them, you will not be able to access certain features of the Services. For more information about cookies and how to block them, please visit

In the US, the Network Advertising Initiative also offers a means to opt out of a number of advertising cookies. Please visit to learn more. Note that opting out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

In addition, you may set preferences with specific services.

Google Analytics: You can opt-out of the Google Analytics Advertising Features we use by indicating your preference using the Google Analytics User Deletion Tool here. Google also provides a complete privacy policy and instructions on opting-out of Google Analytics here. Note that Google’s opt-out

mechanism is specific to Google activities and does not affect the activities of other ad networks or analytics providers that we may use.


Facebook: You should see a link to the opt-out when you select “Why am I seeing this?” when using Facebook. You can also select “Hide all from this advertiser” within Facebook to stop seeing our ads. More information can be found at


10. Security & Retention

BAFT takes the security and privacy of your personal information seriously. Please be aware, however, that no data transmission over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us. Any information that you transfer to us is done at your own risk. If we learn of a data security system breach, we may attempt to notify you electronically regarding security, privacy, and administrative issues relating to your use of the Services. We may post a notice on the Services if a security breach occurs. We may also send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach.

11. Assignment

In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger, you grant us the right to assign the personal information we have collected from you.

12. Links to other websites

The Services contain links to other websites. BAFT is not responsible for the privacy practices of unaffiliated companies, and once you leave the Services, you should read the applicable Privacy Policy of the other service.

13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time, so please visit this page periodically and review for changes. We will notify you of material changes to this Privacy Policy by posting a notice on our home page for a reasonable period of time and changing the “Effective Date” above. Your continued use the Services following the posting of changes will constitute your acceptance of the changed terms.

14. Contact Us

Your visit to the Services is subject to both this Privacy Policy and our Terms of Use, where applicable. You may visit the BAFT Data and Privacy Requests Web Portal to submit a request regarding your personal information that is processed by BAFT.

If you have any questions, comments or concerns regarding this Privacy Policy, please contact us by email [email protected] or by postal mail at:

BAFT Privacy
1120 Connecticut Avenue NW
Washington, DC 20036