UPDATED October 5, 2020
As used herein, the term “personal information” means information that specifically identifies an individual (such as a name, address, telephone number, mobile number, demographic information, e-mail address, payment information where needed to complete a requested service or transaction, or information you post in comments or other interactive features) and information about that individual or his or her activities that is directly linked to personally identifiable information. Personal information does not include “aggregate” information, which is data we collect about the use of the Sites or about a group or category of services or users, from which individual identities or other personal information has been removed. This Policy in no way restricts or limits our collection and use of aggregate information.
WHAT PERSONAL INFORMATION DO WE COLLECT?
Active Collection: Personal information may be collected in a number of ways when you visit our Sites. We collect certain information you voluntarily provide to us, such as when you make a donation, send us an email or sign up to receive email or text message updates, fill out a form, connect through a social feed, sign up to be a volunteer or host an event, or request information. Such information may include personal information, such as your name, mailing address, email address, phone number, geographic location, and credit card information. We may also collect demographic information you may voluntarily provide from time to time, such as in response to questionnaires and surveys, including gender, ethnicity, education, and interest information. If this information is tied to personally identifiable information, it will be treated as personal information. Personal and demographic information may also be collected if you provide such information in connection with creating a profile or group, leaving comments, posting blog comments or other content, sending an email or message to another user, or participating in any interactive forums or features on the Sites. We may also obtain information from other sources and combine that with information we collect on our Sites. We will never knowingly collect personal identifiable information from persons thirteen years of age or younger, in accordance with the federal Children’s Online Privacy Protection Act (COPPA), and we ask that children under thirteen not submit their information.
Passive Collection: When you use the Sites, some information is also automatically collected, such as your Internet Protocol (IP) address, your operating system, the browser type, the address of a referring web site, and your activity on our Sites. If you access the Sites from a mobile device, we may also collect information about the type of mobile device you use, your device’s unique ID, the type of mobile Internet browsers you use, and information about the location of your device (for information about how to opt-out of this data collection, please see “What Choices Do You Have Regarding the Use of Your Information?” below). We treat this information as personal information if we combine it with or link it to any of the identifying information mentioned above. Otherwise, it is used in the aggregate only.
We may also automatically collect certain information through the use of “cookies” or web beacons. Cookies are small data files stored on your hard drive at the request of a website. Among other things, cookies help us improve our Sites’ features & functionality in order to provide users with the best possible experience. Information obtained from cookies and linked to personally identifying information is treated as personal information. If you wish to block, erase, or be warned of cookies, please refer to your browser manufacturer to learn about these functions. However, if you choose to remove or reject browser cookies, this could affect certain features on our Sites. Web beacons are small, invisible graphic images that may be used on the Sites or in emails relating to the Sites to collect certain information about usage and effectiveness and monitor user activity on the Sites.
HOW DO WE USE THE PERSONAL INFORMATION WE COLLECT?
We use personal information collected through our Sites for the purposes described in this Policy or elsewhere on the Sites. For example, we may use personal information we collect:
- to provide the services, products, or information you request, and to process and complete such requests and any related transactions;
- to invite you to subscribe to email or text-message alerts related to lFriends for Mera K. Corlett;
- to send you confirmations, receipts, updates, alerts, and support and administrative messages and otherwise facilitate your use of, and our administration and operation of, the Sites;
- to notify you about important changes to the Sites;
- to send you newsletters and otherwise provide you with information or services you request or that we think will be of interest to you, such as sending you information to keep you informed about various issues, events, promotions, products, and resources;
- to connect you with other supporters, and to solicit volunteers, donations and support for Friends for Mera K. Corlett issues and organizations that we support;
- to connect you with other supporters of Friends for Mera K. Corlett;
- to solicit volunteers, donations, and other support for Friends for Mera K. Corlett;
- to notify and contact participants in promotions on the Sites;
- to request feedback and to otherwise contact you about your use of the Sites;
- to respond to your emails, submissions, questions, comments, and requests and to provide customer service;
- to monitor and analyze site usage and trends, and to personalize and improve the Sites and our users’ experiences on the Sites, such as providing content, or features that match your profiles or interests, and to increase the Sites’ functionality and user friendliness;
- to serve ads, on this Site or other websites or media, based on the information you provide and the actions you take; and
- for any other purpose for which the information was collected.
WHAT PERSONAL INFORMATION DO WE SHARE WITH THIRD PARTIES?
It is our policy not to share the personal information we collect from you through our Sites with third parties, except as described in this Policy or as otherwise disclosed on the Sites. For example, we may share personal information as follows:
- with vendors, consultants, and other service providers or volunteers who are engaged by or working with us and who need access to such information to carry out their work for us;
- with organizations, groups, or causes that we believe have similar viewpoints, principles, or objectives;
- when you give us your consent to do so, including if we notify you on the Sites, that the information you provide will be shared in a particular manner and you provide such information;
- when you contribute money to Friends for Mera K. Corlett, federal law requires us to use our best efforts to collect your name, address, occupation, employer, and amount contributed to facilitate the filing of public disclosure reports submitted to the Federal Election Commission;
- when we believe in good faith that we are lawfully authorized or required to do so or that doing so is reasonably necessary or appropriate to comply with the law or legal processes or respond to lawful subpoenas, warrants, or court orders;
- when we believe in good faith that doing so is reasonably necessary or appropriate to respond to claims or to protect the rights, property, or safety of Friends for Mera K. Corlett, our users, our employees, our volunteers, copyright owners, third parties or the public, including without limitation to protect such parties from fraudulent, abusive, inappropriate, or unlawful activity or use of our Site;
- to enforce or apply this Policy, our Terms of Service, or our other policies or agreements.
We are not responsible for the actions of any service providers or other third parties, nor are we responsible for any additional information you provide directly to any third parties, and we encourage you to become familiar with their privacy practices before disclosing information directly to any such parties. Nothing herein restricts the sharing of aggregated or anonymized information, which may be shared with third parties without your consent.
You understand that when you use the Sites, information you post in profiles, blogs, forums, petitions, and other interactive areas of the Sites, as well as any information you share with individuals through the Sites or share through social network sites, will be available to other users and, in some instances, may be publicly available. We recommend that you be cautious about giving out personal information to others.
We are not responsible for the actions of any third parties with whom you share personal information. We suggest you take time to familiarize yourself with any privacy settings available on the Sites or other social network sites.
LINKS TO OTHER WEBSITES
WHAT STEPS DO WE TAKE TO PROTECT YOUR INFORMATION ONLINE?
We take commercially reasonable technical, administrative, and physical measures to protect your personal information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We use encryption to protect highly sensitive data, including credit card information. Please be aware, however, that despite our efforts, no security measures are impenetrable and no method of data transmission that can be guaranteed against any interception or other type of misuse. To protect the confidentiality of personal information, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of our Sites by any person using your password. Please advise us immediately if you believe your password has been misused.
WHAT CHOICES DO YOU HAVE REGARDING THE USE OF YOUR INFORMATION?
You may “opt out” of receiving text messages, email updates and newsletters by following the instructions in those text messages and emails.
CREDIT CARD DATA COLLECTION AND PROCESSING
What user information does this website retain when a payment is processed?
By default, we retain:
- What products or event tickets a user ordered or the amount of a donation
- When the transaction occurred
- Name, e-mail address, and phone number provided by the user
- Billing (and optionally, shipping) address entered by the user
- Optionally, a note about the order or user’s payment method as entered by the user
- Occupation and Employer information provided by the user, as mandated by election law
Can I get a copy of my personal data?
Sure thing, just contact us and we’ll be happy to help.
How does the site collect users’ payment information?
We allow users to make donations or pay for orders via secure Stripe payment gateways. This automatic payment gateway is an application that securely requests information from users and relays it directly to Stripe for processing.
Does the site retain payment method (‘credit card’) data?
No way, absolutely not. By design, your credit card number and security code are never stored on our website’s servers. The payment gateway gives this sensitive information directly to the payment processor, so credit card data never enters or passes through our database.
But what if i choose to save my credit card to my account on your website for future transactions, or if i set up recurring payments? You must store credit card data for that, right?
Still, nope. You certainly have the option to “save” credit card information while logged into your account, but that is made possible by a secure method called tokenization. Tokenized payment methods can be used for recurring payments, pre-orders, or for convenience in future payments made by a logged-in user. Credit card tokens include the last four digits of a card, the card brand/type, and its expiration date, mostly so the user can identify the card in their account.
How secure is tokenization?
Extremely secure. With tokenization, users’ actual credit card information is only stored on the servers of the payment processor.
The only data saved on our site is in the form of a string of characters called a token. These tokens are designed to be useless outside the precise context they’re created for. Imagine if, when you exchanged your money for chips at a casino or ride tickets at a fair, those chips or tickets not only couldn’t be spent on anything outside the casino or fair but couldn’t be spent by anyone but you.
Tokens are super-specific — specific to the user, specific to this website, specific to the payment gateway’s payment processor, and specific to our merchant account with that processor. If any of those factors aren’t precise, the token won’t work as a placeholder for a user’s credit card information.
Also, the payment gateway only allows tokenization if our website meets certain higher security standards, so you can be confident in the security of using and saving your credit card information to process payments on our website.