[PhiladelphiaDANCE.org Listserv] Listserv & PHILADELPHIADANCE.ORG’s privacy policy - GDPR Compliant

PhiladelphiaDANCE.org philadelphiadance at gmail.com
Fri May 25 10:24:03 EDT 2018


*PHILADELPHIADANCE.ORG <http://PHILADELPHIADANCE.ORG>’s privacy policy.*


*PHILADELPHIADANCE.ORG <http://PHILADELPHIADANCE.ORG> respects your privacy
and is committed to protecting your personal data.*

   1. *Introduction*

This privacy policy tells you how the PHILADELPHIADANCE.ORG group of
websites use your personal data when you visit our website, interact with
us, and buy our goods and services.

It also tells you about your privacy rights and how the law protects you.

It is important that you read this privacy policy, together with any other
privacy policies we may provide, so that you are fully aware of how and why
we are using your data.

This privacy policy was last updated on 25th of May. 25, 2018.

If you have any questions or would like to exercise your privacy rights,
please follow the instructions in this privacy policy. See How to contact
PHILADELPHIADANCE.ORG about privacy below.

   1. *Our website and the PHILADELPHIADANCE.ORG
   <http://PHILADELPHIADANCE.ORG> group of websites.*

Our website at PhiladelphiaDANCE.org.com was established in 2005 as a
resource and hub for dance-related information, advocacy, and service in
the greater Philadelphia region. At the core of its mission is the
expansion and development of new audiences for dance through education,
marketing, outreach, networking and use of current technologies.
PhiladelphiaDANCE.org seeks to promote to the public the wealth of dance
experiences available in the region. In addition, PhiladelphiaDANCE.org
strives to bring together resources and information required by dancers,
dance companies, choreographers, dance writers, dance organizations, dance
practitioners, audiences, media, philanthropists, and policymakers. By
facilitating collaboration between these entities, it is our hope to create
an even stronger dance community and presence for dance and the arts in
Philadelphia.

This website, while safe for minors, is not intended for children and we do
not knowingly collect data relating to children.

PHILADELPHIADANCE.ORG is a 501 C 3 non-profit corporation located at 204
Owen Avenue, Lansdowne, PA  19050

When we mention “PHILADELPHIADANCE.ORG”, “we”, “us” or “our” in this
privacy policy, we are referring to the relevant company in the
PHILADELPHIADANCE.ORG group of websites responsible for processing your
data.

   1. *Personal data which we collect about you*

Personal data, or personal information, means any information about an
individual from which that person can be identified. It does not include
data where the identity has been removed (anonymous data).

We collect a variety of information about our users, customers, members,
and visitors to the PHILADELPHIADANCE.ORG websites. This personal data
falls into these categories:

*Identity Data* includes title, first name, last name, username or similar
identifier and an encrypted version of your login/password. If you interact
with us through social media, this may include your social media username.

*Contact Data* includes a billing address, delivery address, email address
and telephone numbers.

*Financial Data* includes payment card details.

*Transaction Data* includes details about payments to and from you and
other details of products and services you have purchased from us.

*Profile Data* includes your username and password, purchases or orders
made by you, preferences, feedback and survey responses, as well as any
profile data which we have added (for example, using analytics and
profiling).

*Technical Data* includes internet protocol (IP) address, your login data,
browser type and version, time zone setting and location, browser plug-in
types and versions, operating system and platform and other technology on
the devices you use to access this website.

*Usage Data* includes information about how you use our website, products,
and services.

*Tracking Data* includes information we or others collect about you from
cookies and similar tracking technologies, such as web beacons, pixels, and
mobile identifiers.

*Marketing and Communications Data* includes your preferences in receiving
direct marketing from us and our third parties and your communication
preferences.

We also collect, use and share *Aggregated Data* such as statistical or
demographic data for any purpose. Aggregated Data may be derived from your
personal data but is not considered personal data in law as this data does
not directly or indirectly reveal your identity. For example, we may
aggregate your Usage Data to calculate the percentage of users accessing a
specific website feature. To provide better content and service,
PHILADELPHIADANCE.ORG’s website uses the Google web analytics service.

However, if we combine or connect Aggregated Data with your personal data
so that it can directly or indirectly identify you, we treat the combined
data as personal data which will be used in accordance with this privacy
policy.

We do not collect any Special Categories of Personal Data about you (this
includes details about your race or ethnicity, religious or philosophical
beliefs, sex life, sexual orientation, political opinions, trade union
membership, information about your health and genetic and biometric data).
Nor do we collect any information about criminal convictions and offenses.
If you use any of these types of personal data on products you design or
create on PhiladelphiaDANCE.org.com, we will not be able to tell. We will
treat all the personal data included in designs or products as ordinary
personal data.

Remember, if you choose not to share personal data with us, or refuse
certain contact permissions, we might not be able to provide the products
and services you’ve asked for.

   1. *How your personal data is collected*

We use different methods to collect data from and about you including
through:

*Direct interactions.* You may give us your Identity, Contact and Financial
Data by filling in forms or by corresponding with us by post, phone, email
or through chat or social media.

This includes personal data you provide when you:

   - sign up to receive any of the PHILADELPHIADANCE.ORG’s newsletters;
   - make inquiries or request information be sent to you;
   - create an account on our website;
   - order our products or services;
   - ask for marketing to be sent to you;
   - engage with us on social media;
   - enter a competition, promotion or survey;
   - contact customer services; or
   - leave comments or reviews on our products or services.

*Automated technologies or interactions.* As you interact with us,
including via the PhiladelphiaDANCE.org.com website, we may automatically
collect Technical Data about your equipment, browsing actions and patterns.
We may also collect Tracking Data when you use our website, or when you
click on one of our adverts (including those shown on third party websites).

Third parties or publicly available sources. We may receive personal data
about you from various types of third parties, including:

   - Technical Data and/or Tracking Data from analytics providers,
   advertising networks and search information providers;
   - Contact, Financial and Transaction Data from providers of payment and
   fraud prevention services;
   - Identity and Contact Data from data partners; and
   - Data from any third parties who are permitted by law or have your
   permission to share your personal data with us, such as via social media or
   review sites We will only use your personal data when the law allows us to.
   Most commonly, we will use your personal data in the following
   circumstances:


   1. *How we use your personal data*


   - Where we need to perform the contract we are about to enter into or
   have entered into with you. For example, when you purchase our products,
   that’s a contract.
   - Where it is necessary for our legitimate interests (or those of a
   third party) and your interests and fundamental rights do not override
   those interests. For example, when we carry out fraud screening as part of
   the check-out process.
   - Where we need to comply with a legal or regulatory obligation. For
   example, keeping records of our sales for tax compliance.

Generally, we do not rely on consent as a legal basis for processing your
personal data other than where the law requires it, for example in relation
to sending certain direct marketing communications. Where our legal basis
is consent, you have the right to withdraw consent any time.

See Explaining the legal bases we rely on to process personal data to find
out more about the types of lawful basis that we will rely on to process
your personal data.

   1. *Explaining the legal bases we rely on to process personal data*

Note that we may process your personal data for more than one lawful ground
depending on the specific purpose for which we are using your data.

We do not carry out any automated decision making.

If you ever have any questions about this, all you have to do is ask. See
How to contact PHILADELPHIADANCE.ORG about privacy below.

   1. *Advertising, marketing, and your communications preferences*

We may use your Identity, Contact, Technical, Tracking, Usage and Profile
Data to form a picture of what we think you may want or need, or what may
be of interest to you. This is how we decide which products, services, and
offers may be relevant for you and tell you about them. This is what we
call direct marketing.

We may carry out direct marketing by email, phone, text or post. For
example, you might have the PHILADELPHIADANCE.ORG’s newsletter hit your
inbox or a cool promotion land on your doormat.

On our website, we always try hard to make it really clear what we are
doing and what communications you will be sent, whether it’s you deciding
to sign up to the PHILADELPHIADANCE.ORG’s newsletter or as part of creating
an account or conducting a purchase – and you have a right at any time to
change your mind and say no thank you and opt out The easiest way to opt
out is to use the unsubscribe link at the bottom of the communication.

Of course, there are lots of different ways you’ll see adverts for
PHILADELPHIADANCE.ORG out and about, and not all of these are based on
using personal data – sometimes we just buy good old-fashioned advertising
space in the real world and websites and social media. If you see
PHILADELPHIADANCE.ORG’s adverts on websites and in social media, these may
not be directed specifically at you, we might just have bid for space. But
here are some things we may do that may be specifically directed at you:

   - emails, for example, the PHILADELPHIADANCE.ORG’s listserv and
   newsletters;
   - text messages, for example with discount codes;
   - promotions by post, such as discounts, or from our trusted partners;
   and/or
   - phone calls, to tell you something that might be relevant to you and
   your organization.

We also work with partners to try and promote the reach of our adverts and
use analytics and retargeting for this reason. We use Tracking Data to
deliver relevant online advertising, including via websites and social
media.

Tracking Data, and in particular, cookies, help us to deliver website and
social advertising that we believe is most relevant to you and to potential
new customers of PHILADELPHIADANCE.ORG. The cookies used for this purpose
are often placed on our website by specialist organizations – and this is
also why when you’ve been on the PhiladelphiaDANCE.org.com website, you
might a variety of third-party advertising. This includes retargeting.

Cookies can also tell us if you have seen a specific advert, and how long
it has been since you have seen it. This is helpful because it means we can
control the effectiveness of our adverts and control the number of times
people might be shown our adverts (you know before we risk become
annoying). Cookies also help us understand if you’ve opened a marketing
email because we don’t want to send you things you don’t read.

If you want more information about Tracking Data, in particular, cookies,
see Cookies below.

Almost all the cookies related to advertising are part of third-party
online advertising networks. If you’d like to read about how you can
control which adverts you see online, see opt-out programs established by
the Digital Advertising Alliance <http://www.aboutads.info/> (United
States), the Digital Advertising Alliance of Canada
<https://youradchoices.ca/> and the European Interactive Digital
Advertising Alliance <http://www.youronlinechoices.eu/>. We do not control
cookies which are set by advertising networks.



   1. *Cookies*

You can see from Advertising, marketing and your communications preferences
above, that cookies are a tool which we (and everyone one else who operates
online) uses for advertising. That is just part of why cookies are used.
Generally, they are pretty clever.

Cookies help PhiladelphiaDANCE.org.com work better and provide lots of help
in the background to make the process of being a PhiladelphiaDANCE.org.com
customer a lot easier. You’d miss a lot of these things if they were gone –
like it is easy to log in and move from page to page, and things staying in
your cart while you go off and look at other pages.

Other cookies collect information about how visitors use
PhiladelphiaDANCE.org.com, for instance, which pages visitors go to most
often, and if they get error messages from web pages. These cookies don’t
collect information that identifies a visitor. All information these
cookies collect is aggregated and used to improve how
PhiladelphiaDANCE.org.com works.

There are also cookies that allow PhiladelphiaDANCE.org.com to remember
choices you make (such as your user name, language or the region you are
in) and provide enhanced, more personal features. These cookies can also be
used to remember changes you have made to text size, fonts and other parts
of web pages that you can customize. They may also be used to provide
services you have asked for such as watching a video or commenting on a
blog.

There are cookies that collect information about your browsing habits in
order to make advertising delivered to you more relevant to you and your
interests (see Advertising, marketing and your communications preferences
above). They are usually placed by advertising networks with our
permission. They remember that you have visited a website and this
information is shared with other organizations such as advertisers. Quite
often targeting or advertising cookies will be linked to site functionality
provided by the other organization.

When you use PhiladelphiaDANCE.org.com, your device or browser may be sent
cookies from third parties, for example when using embedded content and
social network links. It’s important for you to know that we have no access
to or control over cookies used by these companies or third-party websites.
We suggest you check the third-party websites for more information about
their cookies and how to manage them.

You can set your browser to refuse all or some browser cookies or to alert
you when websites set or access cookies. If you disable or refuse cookies,
please note that some parts of this website may become inaccessible or not
function properly.

   1. *Disclosures of your personal data*

We may share your personal data with the parties set out below for the
purposes set out in this privacy policy. We may also share your personal
data if the law otherwise allows it.

We may share personal data with the following categories of third parties:

   - Suppliers and service providers (such as technology service providers,
   payment processing and fraud prevention providers, manufacturers and post
   and courier services);
   - PHILADELPHIADANCE.ORG affiliates;
   - auditors and professional advisers like bankers, lawyers, accountants
   and insurers; and
   - government, regulators and law enforcement.

We share personal data with the following specific third parties:

   - Google Analytics
   - Stripe payment processing
   - PayPal payment processing
   - Delaware Valley On Line  (ISP)
   - Wells Fargo Bill Pay

We also share data with third parties connected to advertising, retargeting
and analytics. Please see Cookies above, including the cookie list, for
more information about who those third parties are.

We may also share data with third parties to whom we may choose to sell,
transfer, or merge parts of our business or our assets. Alternatively, we
may seek to acquire other businesses or merge with them. If a change
happens to our business, then the new owners may use your personal data in
the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data
and to treat it in accordance with the law. We do not allow our third-party
service providers to use your personal data for their own purposes and only
permit them to process your personal data for specified purposes and in
accordance with our instructions.

   1. *Payment information*

PHILADELPHIADANCE.ORG uses third party payment processors Stripe and PayPal
to process payments made for products and services via the Website. All
online payments will be conducted in accordance with Payment Card Industry
(PCI) data security standards (which are high!) and your billing
information (which is only used by these payment processors for the purpose
of performing fraud protection) is encrypted before being communicated to
them. Subject to the below exceptions, your credit card details are
communicated directly from your browser to these payment processors –
PHILADELPHIADANCE.ORG never (ever!) sees your full Permanent Account Number
(PAN). This means that the payment form is either off-site or displayed in
a frame on the payment page.

For Stripe Payments, if on the payment page you have requested that your
card details be remembered and the payment was successful,
PHILADELPHIADANCE.ORG stores the card type, a Masked PAN (only the first 6
and last 4 digits) and the card’s expiry date as well as an associated
token. We store this information so that you and we can identify your
stored card and use it for further payments at PHILADELPHIADANCE.ORG. This
stored information can be deleted via the payment form on the Website
should you wish to do so. We also store separately the last 4 digits and
card type so that we can identify transactions made by a particular card.

For PayPal, we only store the tokens required to identify the transaction
with PayPal, issue refunds and identify transactions made using PayPal.

   1. *International transfers*

We generally do not engage in an international transfer, however, whenever
we transfer your personal data out of the EEA, we will comply with
applicable data protection law. Some of the mechanisms we may choose to use
when undertaking an international transfer are:

   - The transfer of your personal data is to a country that has officially
   been deemed to provide an adequate level of protection for personal data by
   the European Commission.
   - We may use specific contracts approved by the European Commission
   which give personal data the same protection it has in Europe (called the
   “EU Model Clauses”).
   - Where we use providers based in the US, we may transfer data to them
   if they are part of the Privacy Shield which requires them to provide
   similar protection to personal data shared between Europe and the US. If
   the provider is not EU-US Privacy Shield certified, we may use the EU Model
   Clauses.

We share your personal data within the PHILADELPHIADANCE.ORG Websites,
which will involve transferring your data outside the European Economic
Area. We do this using the EU Model Clauses.

Many of our external third-party providers are based outside the EEA, so
their processing of your personal data will involve a transfer of data
outside the EEA.

   1. *Data security*

We have put in place appropriate security measures to prevent your personal
data from being accidentally lost, used or accessed in an unauthorized way,
altered or disclosed. In addition, we limit access to your personal data to
those employees, agents, contractors and other third parties who have a
business need to know. They will only process your personal data on our
instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data
breach and will notify you and any applicable regulator of a breach where
we are legally required to do so.

   1. *Third-party links*

This website may include links to third-party websites, plug-ins, and
applications (for example, the ability to sign in with Facebook). Clicking
on those links or enabling those connections may allow third parties to
collect or share data about you. We do not control these third-party
websites and are not responsible for their privacy statements. When you
leave our website, we encourage you to read the privacy policy of every
website you visit.

   1. *Data retention*

We will only keep your personal data for as long as necessary to fulfill
the purposes we collected it for, including for the purposes of satisfying
any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we
consider the amount, nature, and sensitivity of the personal data, the
potential risk of harm from unauthorised use or disclosure of your personal
data, the purposes for which we process your personal data and whether we
can achieve those purposes through other means, and the applicable legal
requirements.

By law, we have to keep basic information about our customers (including
Contact, Identity, Financial and Transaction Data) for seven years after
they stop being customers for tax purposes.

We also make a promise to you that you can come back at any time in the
future and re-print products you have ordered from us in the past. So,
unless you actively delete this information, we keep it, so we can keep our
promise to you.

In some circumstances you can ask us to delete your data; see Your legal
rights below for further information.

In some circumstances, we may anonymize your personal data (so that it can
no longer be associated with you) for research or statistical purposes in
which case we may use this information indefinitely without further notice
to you.

   1. *Your legal rights*

If the General Data Protection Regulation applies to you because you are in
the European Union, you have rights under data protection laws in relation
to your personal data:

   - The right to be informed – that’s an obligation on us to inform you
   how we use your personal data (and that’s what we’re doing that in this
   privacy policy);
   - The right of access – that’s a right to make what’s known as a ‘data
   subject access request’ for a copy of the personal data we hold about you;
   - The right to rectification – that’s a right to make us correct
   personal data about you that may be incomplete or inaccurate;
   - The right to erasure – that’s also known as the ‘right to be
   forgotten’ where in certain circumstances you can ask us to delete the
   personal data we have about you (unless there’s an overriding legal reason
   we need to keep it);
   - The right to restrict processing – that’s a right for you in certain
   circumstances to ask us to suspend processing personal data;
   - The right to data portability – that’s a right for you to ask us for a
   copy of your personal data in a common format (for example, a .csv file);
   - The right to object – that’s a right for you to object to us
   processing your personal data (for example, if you object to us processing
   your data for direct marketing); and
   - Rights in relation to automated decision making and profiling – that’s
   a right you have for us to be transparent about any profiling we do, or any
   automated decision making.

These rights are subject to certain rules around when you can exercise
them. You can see a lot more information on them, if you are interested, on
the UK Information Commissioner’s Office website
<https://ico.org.uk/for-the-public/personal-information/>.

If you wish to exercise any of the rights set out above, please contact us
(see How to contact PHILADELPHIADANCE.ORG about privacy).

You will not have to pay a fee to access your personal data (or to exercise
any of the other rights). However, we may charge a reasonable fee if your
request is clearly unfounded, repetitive or excessive. Alternatively, we
may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm
your identity and ensure your right to access your personal data (or to
exercise any of your other rights). This is a security measure to ensure
that personal data is not disclosed to any person who has no right to
receive it. We may also contact you to ask you for further information in
relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally
it may take us longer than a month if your request is particularly complex
or you have made a number of requests. In this case, we will notify you and
keep you updated.

We have appointed a data privacy manager who is responsible for overseeing
questions in relation to this privacy policy. If you have any questions
about this privacy policy, including any requests to exercise your legal
rights, please contact the data privacy manager using the details in How to
contact PHILADELPHIADANCE.ORG about privacy below.

You have the right to make a complaint at any time to the Information
Commissioner’s Office (“ICO”), the UK supervisory authority for data
protection issues (www.ico.org.uk). We would, however, appreciate the
chance to deal with your concerns before you approach the ICO so please
contact us in the first instance.

   1. *How to contact PHILADELPHIADANCE.ORG <http://PHILADELPHIADANCE.ORG>
   about privacy*

If you have any questions about this privacy policy or would like to
exercise any of your rights, please email us at philadelphiadance at gmail.com
or write to us with your letter addressed to Data Privacy Manager,
PhiladelphiaDANCE.org, 204 Owen Avenue, Lansdowne, PA  19050 USA. If you
need help with our products and services, or this website generally, please
contact us using the support link available on all of our websites.

   1. *Changes to this privacy policy*

The General Data Protection Regulation is new and the ICO is still issuing
new bits of guidance about how businesses should follow it. So, you may see
little updates to our privacy policy over the coming months. Be sure to
check in and have read every now and then. Thank you.


-- 


Tel. 484-469-0288
eFax. 610-672-1906
Web. www.philadelphiadance.org


More information about the Listserv mailing list