(Almost) No One Reads This…so here’s the overview
- Anonymous data is collected for site analytics.
- Personal data is collected when you fill out the Contact Us page and is used only to contact you. No renting, selling, or sharing of your info.
- Additional data is collected when and if we engage in business through other apps which is covered under customer confidentiality and other legal agreements.
This Privacy Policy explains what information we collect through our website and how it is used, as well as protections for personal information.
We do not rent or sell website visitor information under any circumstances, and we do not share visitor information except as compelled by law.
We are located within the United States, and therefore will transfer, process, and store your information in the United States, which may not provide as much protection as your home country.
Logging: For visitors to our website, we generally log requests to our website through a program called cryptolog and do internal analytical logging for up to seven days from when the data was collected.
Circumstances in which we may need to log and retain technical information for longer than seven days include when we believe it is reasonably necessary for our mission and functionality, including situations such as:
- site testing,
- diagnosis of technical problems,
- defending against attacks to the site,
- handling a spike in traffic or other abnormal, short-term circumstances,
In those and similar situations we will delete the information as soon as it is apparent that the information is no longer needed for the purpose for which it was retained.
How Cryptolog Works: Cryptolog takes the IP address portion of the request getting logged and encrypts it, as well as a chunk of random data (the salt), using a cryptographic hash function. The salt changes every night, which should result in making it very difficult for us, or anyone else, to recover IP addresses from our logs.
Cookies: We do not use persistent ID cookies on this site except where you click “remember me” or are logged in, as you may be able to do in a future version of the website. We use session cookies on certain portions of the website. Session cookies expire when you close your browser. You can use Tor if you wish to keep your connection information anonymous, but please note that you can still be identified to if you log in.
Voluntarily Submitted Information: In addition, we collect and retain information you voluntarily submit to us. It is up to you whether to submit information to us, and how much information to provide. If you choose to become a donor or customer member, we may ask for identifying information such as your name, email address, mailing address and phone number and will retain that information. For online donors and shoppers, we also ask for your credit card number or other payment information.
We may ask for additional personal information when you provide feedback or comments, or otherwise communicate with us. We are pleased to receive anonymous donations in the mail or in-person, but please note that your personal information may be required if you choose to donate using our online form, or if you choose to use a mobile payment processor for in-person donations (and the mobile payment processor will also receive your payment information, subject to their privacy policy.)
When necessary and appropriate, we use the following categories of third party services:
- content delivery networks and cloud hosting providers (for example, hosting and handling traffic to our site).
- Financial services and payment processors (for example, your credit card and online payments)
cloud email providers (for example, sending you email)
Where possible, we take steps to limit the ability of third parties to retain data about our users. These service providers may place session cookies on your computer. Service providers may also log standard technical information, such as the numerical Internet Protocol (IP) address of the computer you are using; the browser software you use and your operating system; the date and time you access our site; and the Internet address of the website from which you linked directly to our site. Our service providers may also store and organize the personal information collected through this site on our behalf. Our third party providers primarily process information in the United States, but may process data in other jurisdictions. Where applicable, we have entered into General Data Protection Regulation (GDPR) compliant Data Protection Addendums with third-parties who process data on our behalf.
In addition, for all of our service providers, hosting providers and credit card processors and any other providers we may use in the future, the information collected from our users remains protected by the terms of our agreements with those providers and we will ensure that the information to be kept confidential and disclosed only to employees who require such access in the course of their assigned duties. We also require all of our third-party service providers to notify us if they receive legal process seeking information about visitors to our website.
We may change the specific third-party providers from time to time, and will transfer stored information to any new provider subject to similar restrictions and agreements. From time to time, we may work with third-party consultants or other service providers who may have access to personally identifiable information. In such cases, we will restrict their use of personally identifiable information in accordance with their assigned tasks.
Our site will also provide links to or interact with a wide variety of third-party websites, including interactive links to sites like social media, telephone calling services, mapping services, or video hosting websites, often via application programming interfaces (APIs). We are not responsible for, and does not have any control over, the privacy practices or the content of such third parties.
While we endeavor to provide the highest level of protection for your information, we may disclose personally identifiable information about you to third parties in limited circumstances, including: (1) with your consent; or (2) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other judicial or administrative order.
If we are required by law to disclose the information that you have submitted, we will attempt to provide you with prior notice (unless we are prohibited or it would be futile) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address, or by postal mail if you have entered a postal address. If you do not challenge the disclosure request, we may be legally required to turn over your information.
In addition, we will independently object to requests for access to information about users of our site that we believe to be improper and we have done so.
You may choose to correct, update, access, or delete information you have submitted to us by sending an email requesting changes to tbirchcpa@outlook.com.
Our server logs are stored and retained as explained above in the section on logging.
If you communicate with us, we keep records of those communications indefinitely, pursuant to our document retention policy (described below).
Financial records of donations and other transactions are retained indefinitely, pursuant to our document retention policy. Paper records of donations, such as event donation forms and signup sheets, are typically destroyed soon after entry. Check copies and payment distribution details are normally kept up to seven years. Accompanying donor information is kept indefinitely unless the individual requests that it be removed.
If we inadvertently collect more personal information than intended, we endeavor to delete the extraneous information. When we no longer need to retain information or when deleting information on request, we endeavor to remove all copies. However, please understand that deleted information may continue to persist on backup media.
If our processing of your personal data is covered by EU law, you may also lodge a complaint with the relevant data protection supervisory authority for your country of residence.
We employ industry standard security measures to protect the loss, misuse, and alteration of the information under our control, including appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such as the pseudonymization and encryption of personal data, data backup systems, and engaging security professionals to evaluate our systems effectiveness. We have turned on HTTPS by default.
Although we make good faith efforts to store information collected by us in a secure operating environment, we cannot guarantee complete security.