Privacy Policy

EXTERNAL PRIVACY POLICY

 

External Privacy Policy

This privacy policy is intended to advise you about YMCA of Central Florida’s policies and practices concerning the collection, use, and disclosure of your personal information, including the reasonable efforts we make to protect your personal information, and about what choices you have concerning your information. Please read this policy carefully.

Effective Date: 05/04/2019
Category: PRIVACY
Version: 0.3

Contact(s):
Compliance Office
YMCA of Central Florida
[email protected]

1.0        PRIVACY

You have entrusted the National Council of Young Men’s Christian Associations of the United States of America and its independent and autonomous member associations (collectively “The Y”) with your personal information, and we’re committed to using it wisely.

Scope of Privacy Policy

This privacy policy applies to the Personal Information that you provide voluntarily to YMCA of Central Florida and that we collect through our websites, including: ymcacentralflorida.com; ymcacf.org; cfymca.org; ymcacf-email.org; and healthierliferx.org (“Sites”), and the iOS and Android versions of the YMCA of Central Florida mobile app (“Mobile Apps”). This privacy policy does not apply to unaffiliated sites to which our websites link or to the websites of other YMCA associations.

Personal Information

For purposes of this privacy policy, Personal Information is information about you that is linked to you as an individual, such as your name, postal address, email address, phone number, date of birth, demographic information, sex-offender status, membership status, emergency contact information, credit card number and expiration date, as well as other non-public information that is associated with that information.  Personal Information does not include technical information such as unique device identifiers, randomly assigned unique identifiers in cookies, mobile device name, timestamp, or IP addresses (“Non-Personally Identifiable Information”).

Protected Health Information

Specific information regarding the duties and privacy practices of the YMCA of Central Florida to protect the privacy of Protected Health Information (“PHI”) held by departments of YMCA of Central Florida that are subject to certain federal privacy laws (“HIPAA”) is provided to all individuals who receive services from those departments.  We are committed to maintaining the privacy and security of PHI in compliance with applicable law.  For information regarding how we handle PHI, please refer to our HIPAA Notice of Privacy Practices (“NPP”), available here. In the event of a conflict between this policy and the NPP, the NPP controls.

Our Privacy Principles

We are committed to responsible privacy practices by adherence to the following principles:

  • We will not sell your Personal Information. YMCA of Central Florida will not sell your Personal Information to anyone, for any reason, at any time. We will not share or transfer your personal information outside of The Y without your consent unless permitted by law. For example, we may transfer your Personal Information if we consolidate our organization with another entity. We may also charge reasonable fees if we are transferring Personal Information for purposes permitted or required by this policy or applicable law.
  • We restrict who has access to your Personal Information. YMCA of Central Florida and The Y, takes reasonable precautions to restrict access to your personal information only by employees who are authorized to have such access for legitimate business purposes.

Collection of Personal Information

YMCA of Central Florida collects Personal Information as follows:

  • when you voluntarily provide it to us;
  • when you submit a membership application or otherwise register as a YMCA of Central Florida member;
  • when you sign up to be a volunteer or request information regarding volunteer opportunities;
  • when you register for, or participate in, events, classes, camps, programs, and other activities;
  • when you make a pledge of donation;
  • participation in YMCA Nationwide Membership;
  • when you register for, submit, or otherwise participate in surveys, sweepstakes, quizzes, forums, content submissions (including Share a Story), chats, bulletin boards, discussion groups, requests for suggestions, or other services or activities offered on our Sites or Mobile Apps;
  • when you sign up to receive emails or other communications;
  • when you make purchases;
  • when you communicate with us;
  • when you apply for a job with us;
  • when you contact us offline or submit information to us offline;
  • when you provide it through our Sites or Mobile Apps;
  • when you complete customer satisfaction surveys online (ie SMG);
  • from publicly available sources;
  • from third parties

Collection of Photographs

The Y may also collect your photograph, by capturing your image at a YMCA or scanning your personal identification card, for the purpose of identifying you as a member, volunteer or program participant.  All CFYMCA members are asked to review and sign a CFYMCA Photo/Audio-visual/Narrative Release at the time of registration or check-in. It is the responsibility of members, guests and visitors to self-select out of events during photographing/recording if they do not want their images captured.

Collection of Payment Transaction Information

When you make a payment or donation, we collect information to process the financial transaction and may use that information to contact you in the future about The Y and its programs. Your payment information is transmitted to us, using a secure Internet method that helps maintain the privacy of this information. During the time your payment information resides on our computers, it is in an encrypted format and can only be accessed by authorized personnel with a decryption key.

Collection of Sensitive Information

Where necessary, The Y may collect certain sensitive information from you, including

  • payment card or bank account information to process fees or donations;
  • health information in connection with various fitness programs, programs in which we are responsible for supervising children, health screenings, or other health service events that we may provide from time to time; and
  • financial assistance paperwork

Access to sensitive information is restricted to those individuals who have a legitimate need for access. We will not use or disclose your information to third-parties unless such disclosure is necessary to accomplish the purpose for which the information is collected.

Use and Disclosure of Personal Information

Except as provided for herein or as otherwise permitted or required under applicable law, YMCA of Central Florida will not disclose your Personal Information to any third party for purposes unrelated to “the Y” without having received your permission.

  • Provide Services. We use your Personal Information to respond to requests that you make, to provide services and help us serve you better, and to provide you with a personalized website experience.
  • Philanthropy. To the extent any donor information is securely shared with a third-party service provider, our donors’ information will only be used for internal purposes which can include donation processing, research, and analysis.  Vehicles for giving to the YMCA of Central Florida, such as our online donation form, response forms, and gift envelopes, offer donors the opportunity to indicate if they do not want their names to appear in public recognition pieces that the YMCA of Central Florida publishes.
  • Marketing. Based on your activity when you visit our website (e.g., what items you browse, what items you purchase), we, or our marketing partners and vendors, may send you personalized advertisements that identify products, programs, or services we think you may be of interest to you.  If you have signed up to receive email from us, we may use your Personal Information to provide you with promotional emails for activities that may be of interest to you, and for other marketing and advertising purposes.  In certain circumstances, we may also share information with select similar nonprofit organizations that may offer activities of interest to you.  We require our marketing partners and vendors to refrain from using your Personal Information, except to provide the services requested by us.  For information regarding how to opt-out of marketing communications, please refer to the “Choice/Opt-Out” section of this privacy policy.
  • Support Services and Maintaining Systems. We may share Personal Information with trusted service providers that need access to your information to provide operational or other support services.  In addition, when you make purchases, we may share select Personal Information in order to fulfill your order.  We may also hire vendors that work on our systems that may have access to your Personal Information in the course of performing their duties.  We require those vendors to keep your Personal Information confidential and not to use it for their own purposes.  You expressly consent to the sharing of your Personal Information with our third-party service providers and vendors.
  • Affiliates. We reserve the right to share some or all of your Personal Information with our subsidiaries, joint ventures, and other companies in the United States under our common control (collectively, “Affiliates”), as well as our successors, for the purposes described in this privacy policy. We will require our Affiliates to honor this privacy policy.
  • Compliance with Laws and Protection of Rights. Regardless of any choices you make regarding your Personal Information, we may also provide Personal Information to regulatory or legal authorities and law enforcement officials in accordance with applicable law or when we otherwise believe in good faith that the provision of such information is required or permitted by law, such as in connection with the investigation or assertion of legal defenses or for compliance matters.  We may also disclose Personal Information if we believe in good faith that disclosure is necessary to protect and defend our rights or the rights and safety of third parties, or to enforce our Terms and Conditions.
  • Nationwide Membership and Registered Sex Offender Screening. We provide limited Personal Information to the Y Nationwide Membership System in order to allow eligible YMCA of Central Florida members access to and use of participating YMCAs across the United States and Puerto Rico. This database is scanned daily against the national sex offender registry using the Background Investigation Bureau software.
  • Acquisition, Sale, or Reorganization. We may also use and disclose Personal Information in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction. If the transaction occurs, the transferee will be entitled to use and disclose the Personal Information collected by us, and the transferee will assume the rights and obligations regarding your Personal Information as described in this privacy policy.
  • De-identified Information. We may create De-Identified Information from Personal Information by excluding data (such as your name or email address) that makes the information personally identifiable to you.  Our use or disclosure of de-identified information is not restricted by this privacy policy.

Non-Personally Identifiable Information and Technologies Used

We collect Non-Personally Identifiable Information without limitation, through the use of the following types of methodology:

  • “Cookie” technology: A cookie is an element of data placed on your computer as you navigate websites with your browser, which may then store it on your system to help enhance your experience in using our sites and to provide us with technical information about your usage. Browser cookies allow websites and various third-parties to distinguish your device from others by having the cookie consist of a unique identifier or other data.  We use both session cookies (which expire after you close your web browser) and persistent cookies (which stay on your computer until you delete them). Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of our website may not work properly.
  • Local shared objects: Local shared objects (such as “Flash” cookies) are associated with non-Browser software like Flash Player.  Local shared objects can be used like cookies to distinguish your device from others, but will not be deleted or blocked using browser cookie controls.  You can visit adobe.com for guidance on how to delete and block Flash cookies.
  • IP address tracking: An IP address is a number that is assigned to your computer when you are on the Internet. When you request pages from our Sites, our servers log your IP address.
  • Web beacons: A web beacon, or “clear gif,” is a small graphic image on a webpage or web-based document that a website can use to determine information about a user. Web beacons are embedded in web pages you visit and cause your browser to share its IP address with the third-party source of the beacon, together with any cookies associated with that third-party.  Web beacons can be used with or without cookies.  Blocking cookies will not stop your IP address from being shared through the use of beacons.
  • HTML5 local storage: HTML5 local storage is another way that browsers can distinguish your device from others as well as remember data that may be important for the functioning of the website.  Typically, HTML5 local storage is only deleted if all Internet history, cache, and cookies are deleted.  You should check your browser software for how to delete HTML5 local storage in your particular case.
  • E-tags: E-tags are used to prevent duplicative downloading of content to your browser, which can enhance browser performance.  E-tags use unique identifiers for content that can also be used to distinguish your browser in certain instances from others.  Typically, e-tags are only deleted if all Internet history, cache, and cookies are deleted.  You should check your browser software for how to delete e-tags in your particular case.
  • Other technologies. Our Site and Mobile Apps may occasionally use other technologies both for purposes of advertising or analytics as well as for features and services.

Our Mobile Apps may use the following technologies for features, services, advertising, or analytics:

  • Collection of device identifiers, such as Android ID and MAC address
  • Collection of geolocation, including precise geolocation
  • Device name
  • Collection of platform specific identifiers such as Apple’s Identifier for Advertising and Identifier for Vendor, and Android ID or Android’s advertising identifier
  • Collection of carrier-related information including the name of your wireless carrier, and IDs related to the cell phone hardware in your phone as well as the network to which the device is connected
  • IP address
  • Mobile phone number
  • App-specific and instance-specific identifiers

Non-personally identifiable information we collect may include the browser you use, the type of computer you use, technical information about your means of connection to our websites (such as the operating systems and the Internet service providers utilized), and other similar information. Our systems may also automatically gather information about the areas you visit and search terms you utilize on our websites and about the links you may select from within the sites to other areas of the World Wide Web or elsewhere online.

We may use Non-Personally Identifiable Information to administer the Sites or Mobile Apps, and for features, services, advertising, or analytics. Our use of Non-Personally Identifiable Information is not restricted by this privacy policy.

Advertising

  • Interest-Based Advertising. We may use “interest-based” advertisements also known as “online behavioral advertising.” Online behavioral advertising is advertising that is directed to you based, at least in part, on your Internet browsing behavior across websites and over time. Although we do not share Personal Information with the third parties that conduct interest-based advertising operations on our behalf, these third parties and their affiliates do collect certain information as a result of their JavaScript “tags” and other technologies being used on our website. The information that they collect includes the names of web pages you view (URL’s), unique identifiers, your IP address, timestamp, and certain types of technical information.  A longer list of some of the technologies used for advertising and other purposes on our Sites and in our Mobile Apps are listed under the “Non-Personally Identifiable Information and Technologies Used” section of this privacy policy.

 

  • Third Parties May Collect Personal Information from Other Sources. Some third parties involved in advertising operations may maintain their own proprietary consumer databases that allow them to personally identify or track website visitors. Other third parties have proprietary technologies to determine what additional devices you may use, on which it can display relevant advertisements.

 

  • Do Not Track. Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Our website does not alter its behavior or change its services when it receives a “do-not-track” flag or signal from your browser.

 

  • Your Privacy and Ad Choices. You can make decisions about your privacy and the ads you receive. You can control whether companies serve you on-line behavioral advertising by visiting the Digital Advertising Alliance website and using its opt-out: http://www.aboutads.info/choices/.  The DAA opt-out requires that cookies not be blocked in your browser.  As an alternative to the DAA opt–out, you can also elect to block browser cookies from first parties (such as those from our website) and browser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browser software.  If you block browser cookies, some parts of our website may not function correctly.  Also, blocking cookies will not stop third-parties from collecting IP address, data stored in “Flash” cookies, and certain other types of technical information that may uniquely identify your browser.

 

Social Network Widgets

Our website may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn what information they collect, use, and share.

Privacy of Children

We are mindful that children need special safeguards and privacy protection.  On our Sites and Mobile Apps, we do not intentionally gather Personal Information from visitors under the age of 13.

If we ask a parent or legal guardian for Personal Information pertaining to children under 13, we will take additional steps to protect the privacy of such information, including:

  • obtaining consent from the parent or legal guardian of the under 13 child before collecting or using the child’s Personal Information;
  • notifying parents about what Personal Information is being requested and how that Personal Information will be used and/or shared; and
  • limiting the collection of Personal Information pertaining to children under 13 to no more than is reasonably necessary to accomplish the purpose of the collection.

Upon request, we will provide parents/legal guardians access to the Personal Information we have collected from the parent/guardian pertaining to their under 13 children.  In addition, parents/legal guardians may contact us to request that such Personal Information be changed or deleted.

If you believe we have inadvertently collected information from your child, or to request access, modification, or deletion of Personal Information pertaining to your child, please contact us, and we will attempt to implement your request.  [[email protected]].

Choice/Opt-Out

If at any time you would like to stop receiving marketing communications or opt-out of a feature, you may change your preferences at the bottom of most emails or on our website via the “UNSUBSCRIBE” feature. If you need any additional assistance, please contact us via the information provided in the “Contact Us” section of this privacy policy.

Personal Data Updates, Access and Accuracy

We encourage you to check and promptly update your information, if it changes, at the YMCA of Central Florida Family Center closest to you.  You can also update your personal information via your account settings on our Site or by contacting us directly.

Except in limited circumstances governed by law, you may contact us to obtain access to or correct your Personal Information in our records. We will use reasonable efforts to grant reasonable requests to access data about the requester, as permitted by law. We will also make reasonable efforts to address requests to correct your Personal Information.  You may ask to have information on your account deleted or removed; however, please understand that it may not be possible to delete certain information.

A request for access, correction, or deletion must be submitted in writing by emailing us at [email protected] or via a written request mailed to: Compliance Office, YMCA of Central Florida, 433 North Mills Avenue, Orlando, FL 32803.  Please do not send Social Security numbers or other sensitive information to us via email.

Consent to Transfer

Our Sites and Mobile Apps are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to YMCA of Central Florida will be transferred to the United States, where laws regarding the use of Personal Information may be less strict than the laws in your country. By using our Sites and Mobile Apps and/or providing us with your information, you expressly consent to the transfer, use and storage of your Personal Information in the United States.

2.0  SECURITY

YMCA of Central Florida takes appropriate administrative, technical, and physical measures to safeguard against unauthorized processing of Personal Information, and against the accidental loss of, or damage to, personal data.  However, we cannot fully eliminate security risks associated with the storage and transmission of Personal Information.

3.0  Contact Us

If you have any questions or concerns about our privacy policy, please contact us at:

Compliance Office

YMCA of Central Florida

433 North Mills Avenue

Orlando, Florida, 32803

[email protected]

 

Please refer to this policy regularly. We may need to change this policy from time to time. We will post material changes on our websites or otherwise notify you and update the “Effective Date” so that you will always know our policies regarding what information we gather, how we might use that information, and how we may disclose that information.

External Privacy Notice Revision History
Version Last Date Updated: Authorized By: Affected Provisions:
Version 0.1 07/14/2017 Compliance Committee Original
Version 0.2 04/03/2018 Compliance Committee Inclusion of “the Y” as shared information;

Collection of Photographs;

Collection of Payment Transaction Information;

Collection of Sensitive Information;

Nationwide membership and RSO Screening

Version 0.3 05/04/2019 Compliance Committee Collection of Personal Information – donor specific

Use and Disclosure of Personal Information – Philanthropy