This Policy was last updated on 11 July, 2018.
1. Data Controller
A “controller” is the legal entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. A+P is the data controller for all data described by this policy.
2. Information Collection, Use, Access, and Retention
We collect information in several ways through our Site. When you use our Site, we collect personal information about you that you affirmatively choose to provide to us. For instance, when you donate, you must provide your first name, last name, email address, mailing address, and payment information. You may also provide your phone number and/or the name of the person that your donation is in honor of or in memory of. We also collect personal information in other ways, such as when you sign up for our email list (online or in person), contact us by email or traditional mail, and/or contact us by telephone.
When you interact with our Site, we also collect limited non-personally identifying information that the browser you used makes available automatically. This information includes the internet address of the computer or network you used to access our site, the date, time, and page(s) you visited on our site, the browser and operating system you used, and the referring page (the webpage that contained the link to our site that you clicked on to get there).
When you make a donation, we will collect your payment information. We use stripe.com to collect and process your payment information. Your credit card information is not held by us and we use stripe.com because the safety of your credit card information is important to us, and stripe.com specializes in the secure online capture and processing of credit and debit card transactions. As with all our third party vendors, we have agreements in place with stripe.com that ensures that the vendor complies with the terms of this policy.
We have a legitimate business interest in ensuring that our Site operates correctly and efficiently. To that end, we use the aggregated nonpersonal data and information from all users of our Site to measure server performance, analyze user traffic patterns, and improve the content of our Site. We sometimes track the keywords that are entered into our search engines to measure interest in specific topics and to improve the consumer experience on the site.
We have a legitimate business interest in communicating with you about your donations and subscriptions, and will use your personal information to send you important non-commercial emails, such as administrative notices related to your donations.
With your consent, we may share your information with key partners and affiliates, whose services we believe are of interest to you. We have contractual relationships with all such partners and affiliates that require them to safeguard your information and allow you to opt out of receiving further information from them. Once you have provided your consent for us to share your information, and those third parties reach to you directly, their use of your data is governed by their own privacy policies, and is not controlled by A+P. You can revoke your consent to receive any or all of this information by following the unsubscribe instructions in an email you receive from one of our partners (this will only unsubscribe you from receiving further marketing messages from that partner), or by following any other instructions these partners may provide you. If you would like to revoke your consent to A+P sharing your information with its partners, you can do so by sending an e-mail to firstname.lastname@example.org that contains the email address you wish to revoke consent for third-party sharing.
We also have a legitimate business interest in complying with our legal obligations. To that end, we may release personal information if we believe in good faith that: the law or legal process requires it; we have received a valid administrative request from a law enforcement agency; or such release is necessary to protect our rights, property, or safety, or that of our respective affiliates, business partners, customers, or others. Because the law provides we must retain and maintain records relating to donors, we are also obligated under the law to keep certain of your information and disclose it upon request or subpoena to government entities, such as the Internal Revenue Service.
Pursuant to your reasonable request, we will provide you or a third-party you specify with a list of all of your personal information that A+P has collected. Similarly, upon your request, we will make corrections to our records of your personal data.
As described above, some of the online services available through our Site allow you to provide personal information. All personal information we collect is stored and processed in the United States.
We will retain your personal information while you have an active relationship with A+P, including if you have subscribed to a newsletter, or opted in to receive fundraising content from us, have made a donation, or have affirmatively made requests of us that we, or our data processors, are fulfilling. We will maintain your information and for 30 days after that relationship ends (unless you request that we delete your information prior to the expiration of that period). If A+P determines that it no longer requires your information for the purposes set forth above, it will delete your information consistent with its retention policies.
If you would like us to delete all of your personal information and/or remove your name and address from promotional lists (including any personal information gathered by our service providers) and place your name on our “do not contact” list, contact our Data Privacy Team at email@example.com and request that you be placed on our “do not contact” list. Please note that because names may be similar, you must include in your request all associated email addresses and phone numbers (if any) that you wish to be removed in the body of the email. We reserve the right to contact you for administrative purposes to request more information in order to assist us in deleting your content. We will make commercially reasonable efforts to delete your information within thirty (30) days from our active files, provided, however, that we may retain—for legal compliance purposes only—your request and associated email in a hashed format so that we do not inadvertently restore your information to our database. Please note that requests to update your personal information may take up to five (5) days. You may also request that we stop processing your information without deleting it, and we will comply within ten (10) days of receipt of such a request.
Notwithstanding the above, A+P will retain your information indefinitely if it believes in good faith that it has a legal obligation to do so, including for tax purposes, but will only use that information for the specific necessary purpose for which it was retained.
The Do-Not-Track Signal (“DNT”) is used by some web browsers to automatically request that a web application disable site tracking. Because the DNT often does not reflect the actual preferences of an individual consumer, our website does not respond to the DNT. Instead, and in order to allow you to personalize your experience with our Site, you may elect not to receive marketing messages and/or have certain cookies placed on their browser, as discussed earlier in this Policy.
The Site is a general audience website, intended for adult use. We do not market to, and do not knowingly collect any personally identifiable information from, children under sixteen (16) years of age. Children should always get permission from their parents before sending any personal information about themselves (such as their names, email addresses, and phone numbers) over the Internet, to us or to anyone else. We encourage you to become involved in your children’s online experience, and to share your knowledge and experience with your young ones. If you’re under 16, please do not register for any of our services or provide us with any personally identifying information (such as your name, email address or phone number). Please contact our customer service department if you are aware of any personal information supplied to the Site by a child under the age of sixteen (16).
4. Site Security
We take reasonable and appropriate security measures to protect unauthorized access, alteration or destruction of data located on and collected by our Site. We exercise reasonable care to protect your non-public personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your non-public personal information, we cannot guarantee the security of any information you transmit to us or receive from us while it is in transit. Once we receive your personal information, we maintain physical, electronic and procedural safeguards to protect it. If a data breach occurs, we will notify you and the proper EEA authority (if required) within seventy-two (72) hours (if reasonably feasible).
5. Policy Changes
6. Contact Us