Who we are

The Virtual Office Association (“VOA,” “we,” “us,” “our”) is a non‑profit virtual office association providing community, advocacy, programs, and resources for independent professionals and remote teams. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, forums, events, and related services (the “Services”). This notice is designed to meet global transparency standards (for example, GDPR privacy notice requirements) and key regional laws.

What we do (and don’t)

VOA does not sell or operate virtual office addresses or mailboxes and is not a CMRA. We do not process member mail. Our Services focus on community, learning, and advocacy.

Information we collect

We collect the following categories of information:

Account & Membership Data: name, email, country/region, professional role, organization, and preferences you provide when you join or update your profile.

Community Content: posts, messages, event chat, and submissions you choose to share in member areas.

Event Data: registration details, attendance, and, where applicable, recordings or photos from events with appropriate notice/consent.

Technical Data: IP address, device identifiers, browser type, pages viewed, and approximate location derived from your IP; collected via cookies/SDKs for security and analytics.

Communications: your requests, survey responses, and correspondence with us (including email marketing preferences). Where marketing emails are sent, we follow anti‑spam rules and offer clear unsubscribe controls.

How we use information and legal bases

We use personal information to:

Provide and improve the Services (operate sites, authenticate accounts, moderate community, host events). Our legal bases include legitimate interests and contract (for requested Services).

Communicate with you (service messages, member updates, event notices). For marketing communications, we obtain consent or provide opt‑out mechanisms as required (e.g., CAN‑SPAM in the U.S., CASL in Canada).

Analytics and security (measure performance, detect abuse, secure accounts). Our legal bases include legitimate interests and, where required, consent.

Compliance (record‑keeping, responding to lawful requests, honoring user rights). GDPR requires transparent notice about processing and retention.

Cookies and similar technologies

We use cookies and similar technologies for core functionality, preferences, and analytics. You can manage cookies through your browser or device settings. Some regions require disclosures and consent for certain cookies or targeted advertising.

When we share information

We share personal information with:

Service providers that host our websites, run analytics, process registrations, or support communications, under contracts that limit their use of data to our instructions.

Event partners when necessary to run a program you attend (for example, to print badges), with notice.

Legal and safety recipients if required by law or to protect rights, safety, and integrity of our community.
We do not sell personal information.

International transfers

If we transfer personal information across borders, we use appropriate safeguards recognized by law, such as adequacy decisions or standard contractual clauses.

Data retention

We keep personal information only as long as necessary for the purposes in this Policy, including to meet legal, accounting, or reporting requirements. GDPR requires that retention periods or the criteria used to determine them be disclosed.

Your rights

Depending on your location, you may have rights such as access, correction, deletion, portability, objection, and restriction. California residents also have rights to know, delete, correct, and limit certain uses/disclosures under CCPA/CPRA. We will verify your request and respond within required timeframes.

Email and electronic communications

Marketing emails include an unsubscribe link and our valid physical postal address. U.S. CAN‑SPAM and Canada’s CASL set specific requirements for consent, identification, and opt‑out.

Children’s privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it.

Security

We use administrative, technical, and organizational measures designed to protect personal information. No security program is perfect; we monitor and improve our controls over time.

Third‑party links

Our Services may contain links to third‑party sites or tools. Their privacy practices are governed by their own policies; review them before providing personal information.

Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will post a notice and update the Effective Date above

Contact us

To ask questions or exercise your privacy rights, contact: [privacy@yourdomain] or [postal address]. If you are in a region with a data protection authority, you may also have the right to lodge a complaint with that authority.

Regional Addenda

California (U.S.): See Sections 9–10 regarding CPRA rights and opt‑out/opt‑in requirements for certain sharing.

Canada: Commercial electronic messages are subject to CASL consent and identification rules; unsubscribe requests must be honored promptly.

Australia: Entities bound by the Privacy Act 1988 must have a transparent privacy policy and comply with the Australian Privacy Principles.

EU/EEA & UK: Our GDPR‑style notice includes the controller’s identity, purposes, legal bases, rights, and transfer safeguards (Articles 13/14).

Implementation notes

Insert your legal entity name, controller contact, and EU/UK representative if applicable (GDPR Art. 13).

Include your physical postal address in marketing emails (CAN‑SPAM).

Add your cookie categories and consent banner details based on your stack and regions served.

Coordinate with the Terms and Conditions section already in this pack for consistency.