Legal & Privacy

Updated September 3, 2019


The National Association of Theatre Owners (“NATO”) is committed to maintaining the privacy of its members, partners, clients, customers, and all of its constituents and users and knows that you care about how your information is used or shared.  We value your trust and have created this privacy policy so that you are aware of our commitment to privacy.

This privacy policy applies to information we collect from all sources, including our websites, mobile sites, applications, conferences, events, surveys, research and email communication. By visiting or using these media channels, you consent to the information collection and use practices described in this privacy policy.  This privacy policy may be amended from time to time in the discretion of NATO.

How do you contact us?

We welcome all inquiries. Please contact us about this privacy policy and/or about your personal data via any of the following methods:

  • Telephone: (818) 506-1778
  • Address:

National Association of Theatre Owners

1705 N Street, NW

Washington, DC 20036

What information do we gather about you?

The information we collect from you helps us to personalize and continually improve your experience. We may collect this information when you apply to become a member, register for an event, purchase our products, or interact with us for any other purpose. The collected information falls into three categories:

  1. Personal data given to us, which will be considered to include:

By you: We may collect and process Personal Data that you provide or submit to us when, for example, you visit our website, register for an event, purchase a course or exam, take a course or exam, apply for a certification, take a survey, participate in a webinar or community forum, or contact customer service. This Personal Data may include your name, address, email address and/or username, phone number, fax number, payment information, employer, social media handles, birthday, and any other information you choose to provide.

By our members: We may also collect and process personal data provided or submitted by or for our members, including employers or franchisors that provide personal data on behalf of employees, franchisees or other agents. This may include employees’ business and personal contact details, job titles, years of admission, personal data submitted upon registering or renewing membership (including dues payment information).

  1. Personal data we collect from third parties

We may receive personal data about you or your affiliates from third parties, such as social media services, commercially available sources and business partners (third parties). This personal data may include your name, contact information, transactions/purchase history, demographic data and/or information about your activities on other websites.

If, for example, you access us through a social media service, then the information we collect may include content the social media service will share with us. The information we obtain depends on your privacy settings on the applicable social media service. When you access us through social media services you are authorizing us to collect, store and use such information and content in accordance with this privacy policy.  We may also collect and use personal data obtained from other commercial sources.  At this time, we are not able to track and identify the source of third party derived personal data.

  1. Personal and non-personal data collected via technology

With regard to each of your visits to our website, we collect information that is sent to us automatically by your web browser. We may use this information to:

  • Generate aggregated statistics about visitors to our website; and
  • For all other business purposes, such as providing customer service, fraud prevention, market research, identification of other commercial opportunities that may be of interest to you and solicitation of the same, or improving our website.

Please check your web browser if you want to learn what information your browser sends or how to change your settings.  You may also explore and adjust your privacy settings.

How do we use your personal data?

We may use the personal data collected from you or from third parties:

  • to fulfill any contract entered into between you and us,
  • to deliver member services,
  • to process applications or registrations,
  • to provide you with the information, products and services that you have requested, subscribed for, purchased, or expressed interest in, including membership benefits and subscriptions to our publications (NATO Newsletter, The President’s Report, GR Updates),
  • to provide you with solicitations or information for additional products and services that we believe may be of interest to you based upon your personal data or prior inquiry or purchases,
  • to alert theaters of security issues that affect their locations,
  • to comply with the law,
  • to carry out our obligations arising from your membership,
  • to provide to our affiliated third parties with whom we have affinity programs or similar commercial relationships in order to market and provide products, goods or services that believe may be of interest to the industry,
  • to communicate exam results, pending expiration dates or other information regarding your certificate, certification, or similar status,
  • to provide you with information or other materials relating to an event that you are currently or were previously registered for, including information regarding speakers, sponsors or other attendees,
  • to provide email newsletters or similar materials from us or our affiliates,
  • to respond to your inquiries,
  • to notify you about changes to our membership, products or services,
  • to customize your website or product experience tailored to your indicated interests, and/or
  • to transfer as part of a merger or sale of the business.

We may further use the information we automatically collect about you:

  • to administer our website for internal operations, including troubleshooting, data analytics, resting, research, statistical and survey purposes, and enhancing website security,
  • to improve our website to ensure content is presented most effectively for you,
  • as part of our efforts to keep our website safe and secure,
  • to measure and understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, and/or
  • to make suggestions and recommendations about our website or services that may interest you.

How do we share your personal data?

We may share your personal data with third parties, including our affiliates or allied organizations such as Certified NATO Regional Associations, affinity partners, service providers, social media sites, strategic business partners and/or as required to comply with applicable law. Such third parties may include the following:

  • Third parties that perform services on our behalf, including payment card processing companies, online gateways, and the accounting firm that collects the quarterly Admissions Survey data;
  • Other NATO members, including through the publication of the NATO Membership Directory;
  • Partner organizations that offer a benefit to NATO members (such as the Reynolds & Reynolds insurance program) for their direct marketing purposes;
  • Third parties that assist with services related to our events, including facilities hosting our events;
  • Pursuant to a subpoena, court order, governmental inquiry, or other legal process or as otherwise required by law, or to protect our rights or the rights of third parties;
  • With your consent or as otherwise disclosed at the time of data collection or sharing.

We will at all times use commercially reasonable efforts to ensure that the third parties with whom we share your personal data represent that they have sufficient technical/organizational privacy measures for secure data processing.  We cannot guarantee that third parties will at all times comply with such standards.

We contract with third parties to provide services on our behalf, including credit-card and billing processes, ad serving, shipping, email distribution, list processing, analytics, promotion management and website security.  This may also include independent contractors that need to know the information in order to help us provide our products and services to you or to process information on our behalf, or to offer or provide commercial services.  We provide these third parties only with the information they need to perform their services.  We require these third parties to agree to restrict their use of personal data in any other way than to provide the service that you or we requested and they are not to share, resell or use the data for other commercial or direct marketing purposes.

If you log in with or connect a social media service account with your Association account, you are authorizing us to share information we collect from and about you with the social media service provider and you understand that the social media service’s use of the shared information will be governed by the social media service’s privacy policy. If you do not want your personal data shared this way, please do not log in with or connect your social media service account with your Association account.

We may release personal data when we believe such release may be appropriate to comply with the law. This includes exchanging information with third parties for fraud protection and credit risk reduction.

We may provide/sell/rent access to your information (including personal data) to our strategic business partners in order to offer products or services that may suit your interests or business, and for our partners to better target their products and services to you.

For EU Parties

For those European Union parties for whom we are obligated to apply General Data Privacy Regulation (GDPR) protections and safeguards (EU Parties), you agree that we may share and disclose your information when you have provided explicit consent.  We will never sell your personal data to third parties with whom you do not have an existing relationship.  We may share, sell, or rent access to your information (including personal data) to our strategic business partners with whom you have an existing relationship in order for our partners to better target their products and services to you.

The Association is headquartered in the United States. Your personal data may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants or service providers who are located worldwide. If you are visiting from outside the United States, be aware that your personal data may be transferred to, stored, and processed in the United States where our services are located and our central database is operated. By using our service, you consent to such transfer of your personal data.

EU Parties: How do we use your personal data?

This section applies only to EU Parties for whom we are obligated to provide GDPR protections and safeguards.  Upon receipt of adequate consent (or opt-in), we will use your Personal Data substantially similar to the use of personal data for non-EU parties, with the exception of the below provision describing our processing of personal data of EU parties.

We will only process the personal data of EU parties, including sharing it with third parties, where:

  • You have provided consent (which can be withdrawn at any time);
  • The processing is necessary for the performance of a contract to which you are a party;
  • We are required to by law;
  • Processing is required to protect your vital interests or those of another person; or
  • Processing is necessary for legitimate commercial interests, except where such interests are overridden by your rights and interests.

How do we store and retain your personal data?

The personal data that you provide to us is generally stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that once your personal data is submitted through our website, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place.

We will retain your personal data for as long as your account is active or as needed to provide you with our website. If you wish to cancel your account or request that we no longer use your personal data to provide you service, please contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and perform our agreements.

How do we protect your personal data?

We strive to protect your privacy. We use industry standard SSL encryption when you enter sensitive information in online forms (e.g., payment card, password, etc.).

Although we use security measures to help protect your personal data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of any information transmitted to us over the internet.  Nor can we guarantee the security of any information shared with third parties.

What are my rights?

We respect your preferences regarding how we use your personal data to best serve you. Generally, there are two easy ways to make changes: 1) Contact us using one of the media channels listed in this privacy policy or on our website, or 2) update your user profile on our website.

Your rights with respect to the personal data include the right to:

  • Have personal data updated, corrected or deleted;
  • Unsubscribe, or opt-out of certain types of processing (e.g., promotions and discounts, event updates, etc.);
    • There are certain notices you may not opt-out of, including renewal notices, payment confirmation notices, or notifications of changes to NATO’s products and services;
    • You may unsubscribe to certain types of solicitations by contacting the party who sent such materials to you;
    • You may opt-out of text messages by responding “STOP” at any time;
  • Request a copy or transfer of your personal data; and
  • If you are citizen of the European Union (“EU”), make a complaint to the EU Data Protection Authority.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions you began prior to requesting such change or deletion (e.g., when you make a purchase, you may not be able to change or delete the personal data provided until after the completion of a such purchase).

For residents of California only: California law requires select businesses to disclose policies relating to the sharing of certain categories of your personal data with third parties. If you reside in California and have provided your personal data to us, you may request information about our disclosure of certain categories of your personal data to third parties.

What is our cookie policy?

Cookies are a small text file that is sent to and stored on your computer or other internet device to identify your browser or store information. They are commonly used to retain settings or other features for your next visit to our website.

When someone visits our website we may collect standard internet log information and details of visitor behavior patterns. This allows us to enhance our products, services and website. Not all cookies are set by default, it depends on how you interact with the website. You do not have to accept our cookies and can block them by activating the setting on your browser that allows you to refuse all or some cookies. You may also delete them after they have been placed on your hard drive. If you do not accept or delete our cookies, some of the areas of the website that you access may take more time to work or may not function properly.

Do we collect information on or from children?

We do not knowingly nor intentionally collect any personal data from children under the age of 13.  If we learn that we have collected personal data about a child under the age of 13, the information will be immediately deleted.

Changes to this privacy policy

We evaluate this privacy policy periodically in light of changing business practices, technology and legal requirements. As a result, it is updated from time to time.  We will revise the “Last Update” date at the top of the privacy policy and place a notice online when we make material changes to our privacy policy. Your use of our website, products, or services following these changes means you acknowledge you have read and accept the revised privacy policy and terms thereof.