2. Our Principles
The Digital Principles has designed this policy to be consistent with the following principles:
- Privacy policies should be human readable and easy to find.
- Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand.
- Data practices should always meet the reasonable expectations of users.
3. Personal Information the Digital Principles Collects and How it is Used
As used in this policy, “personal information” means information that would allow someone to identify you, including your name, email address, IP address, or other information from which someone could deduce your identity.
The Digital Principles collects and uses personal information in the following ways:
Website and Fundraising Analytics: When you visit our Websites and use our Services, the Digital Principles collects some information about your activities through tools such as Google Analytics. The type of information that we collect focuses on general information such as country or city where you are located, pages visited, time spent on pages, heat-map of visitors’ activity on the site, information about the browser you are using, etc. The Digital Principles collects and uses this information pursuant to our legitimate interest in enhancing the security and utility of our Services. The information we gather and process is used in the aggregate to spot trends without deliberately identifying individuals, except in cases where you engage in a transaction with the Digital Principles by donating money, purchasing merchandise, or buying a ticket for an event or program. In those cases, the Digital Principles retains certain information about your visit to the Services pursuant to its legitimate interest in understanding its community of supporters for fundraising purposes, and this information is stored in connection with other personal information you provide to the Digital Principles.
Note that you can learn about Google’s practices in connection with its analytics services and how to opt out of it by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Information from Cookies: We and our service providers (for example, Google Analytics as described above) may collect information using cookies or similar technologies for the purposes described above and below. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other Internet access device. Cookies may enable us to personalize your experience on the Services, maintain a persistent session, passively collect demographic information about your computer, and monitor advertisements and other activities. The Websites may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage).
Log-In Services: When you register to obtain a user account on any of the Services (any such person, a “Registered User”), including but not limited to the Digital Principles Forum available at http://forum.digitalprinciples.org/, you will be asked to provide personal information to create your account and establish a password and profile. The Digital Principles collects and uses this personal information pursuant to its legitimate interest in establishing and maintaining your account providing you with the features we provide Registered Users. We may use your email address to contact you regarding changes to this policy or other applicable policies. The name or nickname you provide in connection with your account may be used to attribute you in connection with any content you submit to any Service. In addition, whenever you use a Digital PrinciplesLogin Service to log into a Website or use the Services, our servers keep a plain text log of the Websites you visit and when you visit them.
Events: When you sign up for an event hosted or supported by the Digital Principles, you will be asked to provide some personal information, including your name, email address, and other information as needed. The Digital Principles collects and uses this personal information pursuant to its legitimate interest in organizing and running the relevant event. We may share your personal information with vendors, third party contractors, partner organizations, and volunteers for the purpose of organizing and running the event and related activities.
Other Voluntarily Provided Information: When you provide feedback to the Digital Principles or otherwise submit personal information to the Digital Principles, the Digital Principles collects and uses this personal information pursuant to its legitimate interest in better understanding our community of supporters and volunteers and in furtherance of the particular program or activity to which you provided feedback or other input.
4. Retention of Personal Information
The majority of the personal information collected and used is aggregated and stored in a central database provided by a third party service provider. The Digital Principles aggregates this data pursuant to its legitimate interest in having information stored in a single location to minimize complexity, increase consistency in internal practices, better understand its community of supporters and volunteers, and enhance the security of the data.
5. Access to Your Personal Information
You are generally entitled to access personal information that the Digital Principles holds and to have inaccurate data corrected or removed to the extent CC still maintains it. In certain circumstances, you also may have the right to object for legitimate reasons to the processing or transfer of personal information. If you wish to exercise any of these rights, please write to PrinciplesAdmin@digitalimpactalliance.org explaining your request.
6. Disclosure of Your Personal Information
The Digital Principles does not disclose personal information to third parties except as specified elsewhere in this policy and in the following instances:
- The Digital Principles may share personal information with our contractors and service providers in order to undertake the activities described in Section 3.
7. Security of Your Personal Information
The Digital Principles has implemented reasonable physical, technical, and organizational security measures for personal information that the Digital Principles processes against accidental or unlawful destruction, or accidental loss, alteration, unauthorized disclosure or access, in compliance with applicable law. However, no website can fully eliminate security risks. Third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications. If any data breach occurs, we will post a reasonably prominent notice to the Websites and comply with all other applicable data privacy requirements including, when required, personal notice to you if you have provided and we have maintained an email address for you.
The Digital Principles Login Services account systems have security risks in addition to those described above. Among other things, they are vulnerable to DNS attacks, and using any Digital Principles Login Service may increase the risk of phishing.
The Services are not directed at children under the age of 13. Consistent with the U.S. federal Children’s Online Privacy Protection Act of 1998 (COPPA), we will never knowingly request personal information from anyone under the age of 13 without requiring parental consent. Our Master Terms specifically prohibit anyone using our Services from submitting any personally identifiable information about persons under 13 years of age. Any person who provides their personal information to the Digital Principles through the Services represents that they are 13 years of age or older.
9. Third Party Service Providers
The Digital Principles uses many third party service providers in connection with the Services, including website hosting services, database management, credit card processing, and many more. Some of these service providers may place session cookies on your computer, and they may collect and store your personal information on our behalf in accordance with the data practices and purposes explained above in Section 3.
10. Third Party Sites
11. Transferring Data to Other Countries
If you are accessing or using the Services in regions with laws governing data collection, processing, transfer and use, please note that when we use and share your data as specified in this policy, we may transfer your information to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information.
Data transferred from the European Union to the United States or outside the European Union will be made on the grounds of a certification to the E.U./U.S. Privacy Shield regime and/or a data transfer agreement based on the Standard Contractual Clauses approved of by the European Commission respectively, consistent with applicable data privacy requirements.
Effective Date: 30 May 2018.