Effective Date: December 1, 2020
Sites controlled by PolicyLink:
This Policy applies to PolicyLink’s Sites and Services that link to or reference this Policy. This Policy describes how PolicyLink collects, uses, shares, and otherwise processes Personal Data, as defined in the section below, and the choices available to you regarding: (1) how we collect, use, and access your Personal Data; and (2) how to confirm your Personal Data is updated, corrected, and/or deleted. Additional terms and information about PolicyLink’s Personal Data handling practices may be provided in services descriptions, supplement statements, or contract terms, or notices provided prior to or at the time of information collection.
C. Definition of Personal Data
“Personal Data” is any information that can be used to identify an individual, and may include, but is not limited to, for example, name, address, email address, phone number, login information (account number, password), marketing preferences, social media account information, IP addresses, location data (if combined with other identifiers), personal identification numbers (passport numbers, social security numbers, etc.), photos, video footage with your likeness, audio recordings, payment card number, criminal record, educational and professional records, and any form of biometric, health, genetic, racial, ethnic, religion, political affiliation, gender-based, sexual preference, age-related, or other identifying personal data. If we link other data with your personal information, we will treat that linked data as Personal Data. We may also, from time to time, collect Personal Data from trusted third-party sources and engage third parties to collect Personal Data to assist us.
Our Sites may contain links to other websites, applications and services maintained by third parties. The information practices of such other services, or of social media networks that host our branded social media pages, are governed by third parties’ privacy statements, which we encourage you to review to better understand those third parties’ privacy practices. We have no control over such third parties’ privacy statements or practices.
D. Collection and Use of Your Personal Data
We may collect a variety of information, including Personal Data, about you as you use our Sites and Services and interact with us. A summary of what we collect and how we use the Personal Data associated with our Sites and Services is set forth below.
1. Personal Data Collected on Sites
We use common information-gathering tools, such as log files, embedded web links, web beacons, and cookies, to automatically collect certain standard information that your browser sends back to our Site(s). Examples include:
- Browser type and version
- Address of the website from which you arrived at our Site
- Your Internet Protocol (IP) Address
- Clickstream behavior, meaning the pages you view and the links you click.
These tools help make your visit to our Sites easier, more efficient, and more valuable by providing you with a customized experience and recognizing you when you return.
2. Mobile Application(s)
If you use one or more of our mobile application(s) (a “Mobile App”), we may collect information about the device on which the Mobile App is installed such as a device identifier (IMEI or UDID), subscriber identifier, mobile phone number, device name, type, and manufacturer, operating system type and version, wireless carrier, network type, country of origin, and IP address. We may also collect location data from the GPS on your device.
3. Personal Data Provided at Programs and Events
These types of events include in-person and web-based programs and events and other in-person as well as virtual gatherings (collectively, “events”). If you register for one of our events, we will collect your name, telephone number, address, email address and select other information, which we will store in our database(s) and use to provide you with information and services associated with the current and future events, and our Sites and Services.
4. Personal Data Provided in Correspondence with PolicyLink
If you correspond with us by email, the postal service, or other form of communication, we may retain the correspondence and the information contained in it and use it to respond to your inquiry and to keep a record of the complaint, accommodation, or other request.
If you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on our “master do not send” list in order to comply with your no-contact request.
5. Personal Data Provided in Accordance with Contest Applications
When you submit an application in accordance with a contest sponsored in part, or in whole, by us or in partnership with unaffiliated third parties, we will collect Personal Data about you including: name; email addresses; telephone numbers; education; employment history; the city, state, and country in which you live; gender, race, and LGBTQ affiliation (an applicant may select “prefer not to answer”). We may also collect information about your venture, such as the name, industry, and focus of the venture.
6. Personal Data Provided to Process Payment
You may purchase Services or make a donation to PolicyLink using a payment card. Payment card information may be provided via a Site or an authorized third-party payment site, into the PCI/DSS-compliant payment processing service(s) to which we subscribe. We do not process or store the card information.
7. Use of Google Analytics and Other Backend Analytics Tools
We use Google Analytics, a service that transmits our Site traffic to Google servers in the United States of America. Google Analytics does not identify individual users or associate your IP address with other data held by Google. We use reports and data provided by Google Analytics and other website traffic tracking services to help us understand our Site traffic trends and usage. For more information regarding how Google collects and processes data, please visit www.google.com/policies/privacy/partners.
8. Do Not Track Option
Some web browsers may give you the ability to enable a “do not track” feature that sends signals to the Sites you visit, instructing that you do not want your online activities to be tracked; however, these features are not uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Be aware that this is different from blocking or deleting cookies, and that browsers with “do not track” features enabled may still accept cookies. PolicyLink takes privacy and meaningful choice seriously. We continue to monitor developments related to “do not track” browser technology and the implementation of a standard. While the Sites do not currently recognize and respond to “do not track” signals, if we do in the future, we will update this Policy.
9. PolicyLink Cookies Statement
To learn more about how to update your choices in relation to cookies and other web browsing technologies, please go to the PolicyLink Cookies Statement, below.
10. Personal Data Use Summary
Personal Data you provide to us is used either to respond to requests that you make or to aid us in serving you better. A summary of the ways we may use your Personal Data is set forth below:
- To deliver the Services you request;
- To manage your accounts and maintain our business operations;
- To identify you as a user and allow you access into our Sites;
- To optimize and improve our Sites and Services;
- To protect the security and effective functioning of our Sites and information technology systems;
- To send you administrative email notifications;
- To contact you, and to respond to and track progress of your inquiries;
- To detect, investigate, and prevent illegal or non-compliant activities;
- To address our compliance and legal obligations and exercise our legal rights;
- To administer contests (including by third parties), specifically, to sponsor, promote, and receive Personal Data, and to send marketing materials related to such contests;
- To make phone calls to you, from time to time, to solicit feedback or provide secondary fraud protection; and
- To send you marketing information, program and event recommendations, newsletters, and other non-transactional communications about us, our related entities, similar non-profit organizations, sponsors, and business partners (collectively, the “Affiliates”) for purposes of conducting direct marketing. Please see “Your Rights and Choices Regarding Your Personal Data” to learn how you can control the processing of your Personal Data by PolicyLink for marketing purposes.
E. Sharing Your Personal Data with Third Parties
We may share your Personal Data with Affiliates for the purposes of operating our organization, delivering, improving, and customizing our Sites and Services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law or otherwise with your consent. We may share Personal Data in the following ways:
- With unaffiliated third parties to administer, sponsor, and promote contests, including sharing contest application information and marketing materials that may be relevant to contest applicants;
- With unaffiliated third parties when we transfer personal data to them in connection with business operations we jointly performed;
- Within PolicyLink and with any of the Affiliates for purposes of data processing, research and development, storage, and/or marketing;
- With Affiliates, service vendors, and/or contractors to provide requested Site content or enhancements, Services, or a transaction. Examples include, but are not limited to: processing of orders, donations, and credit card transactions, hosting websites, constituent relationship management, assisting with donation-related efforts or post-donation support, delivering Services or services, and providing customer support;
- With service vendors focused on the provision, payment, and auditing of employee, vendor, and contractor benefits;
- With search engine, web analytics, and survey providers engaged to track trends and other statistics to enhance the user experience;
- In connection with, or during negotiations of, any merger, or combination of PolicyLink with another organization;
- In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation or legal process;
- With law enforcement officials, government authorities, or other third parties as necessary to comply with legal process or meet national security requirements; protect the rights, property, or safety of PolicyLink, our Affiliates, you, or others; or as otherwise required by applicable law.
- In aggregated, anonymized, and/or de-identified form which cannot reasonably be used to identify you; and/or
- If we otherwise notify you and you consent to the sharing.
F. International Transfers of Your Personal Data
PolicyLink is headquartered in the United States and Personal Data we collect from you will be processed in the United States.
G. Your Rights and Choices Regarding Your Personal Data
PolicyLink encourages you to keep your Personal Data accurate and current. In addition, you have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you, or by contacting us. Please note that some of our Sites and Services may require our legitimate collection, storage and use of your Personal Data, and such Sites and Services may not be available if you are unwilling to provide the necessary Personal Data.
Where you have consented to allow us to use your Personal Data, you can withdraw that consent at any time. If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. You may request that we erase that Personal Data or cease processing it, subject to certain exceptions. You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any Personal Data we hold about you.
You may also request information about: (i) the purpose of the processing; (ii) the categories of Personal Data concerned; (iii) who else other than PolicyLink might have received the Personal Data; (iv) what the source of the information was (if you didn’t provide it directly to us); and (v) how long it will be stored.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to enable us to deal with your request or to speed up our response.
Reasonable access to a record of your Personal Data will be provided at no cost on request made via our Contact Us form or via email to firstname.lastname@example.org. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive; alternatively, we may refuse to comply with your request(s) in these circumstances. If access cannot be provided within a reasonable time frame, we will provide you with an estimated date when a record of the Personal Data will be provided. If for some reason we cannot supply you with a record of the Personal Data we have collected, used, and/or stored, we will provide an explanation as to why we cannot provide the record.
If you have a complaint about how we have handled your Personal Data, you may be able to ask us to restrict how we use it while your complaint is resolved. In some circumstances you can ask us to delete your Personal Data:
- By withdrawing your consent for us to use it;
- If it is no longer necessary for us to use your Personal Data;
- If you object to the use of your Personal Data and we do not have a good reason to continue to use it; or
- If we have not handled your Personal Data in accordance with our obligations.
H. Security of Your Personal Data
It is our goal to protect the Personal Data entrusted to us and treat it securely in accordance with this Policy. We implement various physical, administrative, and technical measures designed to protect your Personal Data from unauthorized access, use or disclosure. We contractually require our critical vendors to protect such information from unauthorized access, use and disclosure. We restrict access to your Personal Data to those who need to know that information to provide Services or other benefits to you. In addition, our employees are required to maintain the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
We require you to enter a password to access Personal Data associated with your PolicyLink account. Please do not disclose your account password to unauthorized people. Note, however, that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we use reasonable efforts to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you provide to us.
I. Retention of Personal Data
We will retain your Personal Data for the period required to fulfill the purposes for which it has been collected. These purposes may include the need to fulfill various commercial and legal requirements. Key requirements driving the need for collection, analysis and storage of Personal Data may include, for example:
- Business strategy;
- Current and prospective customer outreach;
- Resource planning;
- Legal compliance;
- Financial reporting;
- Dispute resolution; and/or
- Asset protection and agreement enforcement.
Your Personal Data is stored by PolicyLink on servers of the cloud-based database management services we engage, located in the United States. Unless you request otherwise, we will retain data for the duration of your relationship with us or for as long as is required by law. For more information on where and how long your Personal Data is stored, please contact us.
J. Children’s Privacy
Our Sites and Services are not directed to children under 18. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, they should contact us at email@example.com. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files. Any information provided by an individual older than 13 but younger than 18 must be provided with that individual’s parent’s or legal guardian’s consent.
K. Changes to this Policy
By using this Site and/or Services, you agree to the terms and conditions contained in this Policy and our Terms of Service and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use our Sites or Services.
We may revise this Policy from time to time. If we make any material changes to the way we intend to use your Personal Data, we will notify you by prominently posting the changes on our Sites and/or by email using the current email address we have for you. Changes will be effective no later than thirty (30) days following notification. You are responsible for making sure that we have your current email address on file. If the email address we have on file is invalid, our dispatch of the email to your last known email address along with posting the notice of material Policy changes on our Sites will constitute effective notice of the changes. If you do not wish to permit the changes in the use of your Personal Data, you must notify us prior to the effective date of the changes. Continued use of our Sites or Services following notice will indicate your acknowledgement of, and agreement to be bound by, the changes until such time as you notify us you would like to deactivate your account and/or have your Personal Data deleted as set forth in the “How to Contact Us” section of this Policy.
L. Additional Policies
Certain services and products provided by or through PolicyLink may be subject to additional privacy terms or Personal Data disclosures (collectively, “ Additional Policies”). In the event of any direct conflict between any Additional Policies and this Policy, the Additional Policies will control.
M. California Privacy Rights
The California Consumer Privacy Act (CCPA) requires businesses to disclose whether they sell Personal Data. As a non-profit entity we are not obligated to comply with CCPA, but we have voluntarily elected to comply with its provisions. We do not sell Personal Data. We may share Personal Data with third parties or allow them to collect Personal Data from our Sites if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use our Sites or Services to interact with third parties or direct us to disclose your Personal Data to third parties.
California law requires that we detail the categories of Personal Data that we share or disclose for certain “business purposes,” such as disclosures to service providers that assist us with securing our services or marketing our Services. We disclose the following categories of Personal Data for our business purposes:
- Commercial information;
- Internet activity information;
- Financial information;
- Professional and employment-related information;
- Education information; and
- Inferences drawn from any of the above information categories.
California law grants state residents certain rights, including the rights to access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, and not to be denied goods or services for exercising these rights.
If you are a California resident under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our Sites. Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another user.
We may need to verify your identity and place of residence before completing your CCPA rights request.
N. Nevada Residents
Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A, as applicable, may submit a request to us using the contact info set forth below.
O. How to Contact Us
1. Questions about this Policy
Attn: Chief Information Officer
1438 Webster Street, Suite 303
Oakland, California 94612-3228
United States of America
Telephone: +1 (510) 663-2333
Facsimile: +1 (510) 663-9684
2. Contacting PolicyLink to Request Access to Personal Data or to Report a Suspected Breach of Personal Data
- If you wish to engage your rights to access, correct, modify, or delete your Personal Data, please contact our technology team by using our Contact Us form or emailing us at firstname.lastname@example.org.
- If you want to report a suspected breach of your Personal Data, please contact our technology team by using our Contact Us form or emailing us at email@example.com.
2. Cookies Statement
PolicyLink takes your privacy very seriously, including your activities in browsing PolicyLink owned or controlled Sites.
A. What Cookies Does PolicyLink Collect, and How Do You Use Them?
Cookies do lots of different jobs, like letting you navigate between web pages efficiently, remembering your preferences, and generally improving your experience on our Sites. They can also help to ensure that content you see online is more relevant to you and your interests.
The cookies used on the Sites have been categorized based on function. Here are the main types of cookies we use, and why we use them:
Essential Cookies: These cookies are necessary in order to enable you to move around our Sites and use their features, such as accessing secure areas of our Sites. Without these cookie services, you may not have access to services you have asked for.
Performance Cookies: These cookies collect information about how you use our Sites. For example, they tell us which pages you visit most often, and if you receive any error messages from our web pages. These cookies do not identify you. All information they collect is aggregated and is, therefore, anonymous. We use these cookies to measure and analyze how our customers use our Sites and to improve their functionality and the user experience.
Functionality Cookies: These cookies allow our Sites to remember choices you make (such as your username, language, or the region you’re in) and provide enhanced, personalized features). These cookies can also be used to remember changes you have made to customizable parts of our Sites. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
Targeting Cookies: These cookies are used to deliver marketing and communications more relevant to you and your interests.
B. Managing and Deleting Cookies
Where our Sites include links to other websites, the privacy practices may differ from our own. If you submit Personal Data to any of those other websites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
Our site may also include social media features, such as the Facebook, LinkedIn, and Twitter buttons and widgets, or interactive mini-programs that run on our Sites. These features may collect your IP address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Sites. Your interactions with these features are governed by the privacy statement of the company providing it.
Most web browsers allow some control of most types of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org orwww.allaboutcookies.org. Please note that these reference sites are not owned, managed, or controlled in any way by PolicyLink, and that visiting these sites will not constitute an opt-out of cookie collection and storage for the Sites.
To opt-out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout.
We also use the information collected to maintain and upgrade our systems. Our technical staff may require periodic access to services data to monitor system performance, test systems, and develop and implement upgrades to systems. This services data will generally not include your Personal Data. Any temporary copies of services data created as a necessary part of this process are only maintained for time periods relevant to those purposes.
C. Changes to our Cookies Statement
We may change this Cookies Statement from time to time. If we make changes, we will notify you by revising the date at the top of this Statement and in some cases by adding notices on our homepage or other Sites or sending you email updates.
D. Contact Us
Attn: Chief Information Officer
1438 Webster Street, Suite 303
Oakland, California 94612-3228
United States of America
Telephone: +1 (510) 663-2333
Facsimile: +1 (510) 663-9684