TWENTY SUMMERS PRIVACY POLICY

This Privacy Policy (“Privacy Policy”) describes the types of information Twenty Summers (the “Company”) gathers from users of the Company Website at www.20Summers.org (the “Website”) and the information provided by users that visit our site. It also describes how we use that information. We refer to all of our Platforms and applications as our “Platform,” and all of the services and functionalities that we provide - including our Platform and any mobile applications - as our “Services.”

Our Privacy Policy is incorporated as part of the Company Terms of Use. Please read this Privacy Policy and our Terms of Use carefully before using our Platform or receiving our Services, and read them again when we notify you of changes to the Privacy Policy that may be made from time to time. By using the Company’s Website and receiving Services, you agree to the provisions of this Privacy Policy.

If you do not want to be bound by our Privacy Policy, please do not use our Platform or Services.

Our goal in this Privacy Policy is to be completely transparent about the data we collect, why we collect it, and how we use it.  the Company is the owner and operator of the Platform that is intended to supply various services as more fully described on the Platform (the "Services") to you, a user of the Services (“you” or “User”).

To operate the Platform and to provide our Services, we use the information we collect to:

•Help you find the most relevant information for your situation by customizing our Platform/Services to optimize your experience;

•Keep you connected with the Company across the Internet and update you with related Company news and information, if you allow us to do so;

•Collect payment and fulfill orders for services rendered or to be rendered;

•Acknowledge Company donors;

•Put you in touch with the right people and address your questions; and

•Optimize the information we share with other parties to help us provide the Services to you.

What is Covered in This Privacy Policy?

This Privacy Policy addresses:

1.     What personally identifiable information does the Company collect?
2.   How does the Company use personally identifiable information?
3.   With whom may the Company share personally identifiable information?
4.   What choices are available to Users regarding collection, use and distribution of personally identifiable information?
5.   What types of security procedures are in place to protect the loss, misuse or alteration of personally identifiable information under the Company’s control?
6.   How can Users correct any inaccuracies in their personally identifiable information maintained by the Company?

Summary

The Company may share personally identifiable information about our customers with those within our team that have custodial responsibilities for customer data and with third parties with whom we contract to help us provide Services.  Those within our team that have custodial responsibilities for customer data are limited to only the access that is required for the proper maintenance and care of customer data.  Those third parties that we share information may, at their discretion, provide you with the ability to opt-out from communications with them.

Any intentional misuse of customer data by a team member will result in sanctions, up to and including termination of employment.  Misuse includes sharing data with anyone outside our company, unnecessary or inappropriate access to or replication of data, and inappropriate deletion or manipulation of data.

To Whom Does This Policy Apply?

This Privacy Policy applies to everyone who uses our Platform or Services, but sometimes we direct parts of it toward particular groups of Users. “Users” are everyone who uses our Platform or Services.


What Information Do We Collect, Where Do We Get It, How Is It Used?

We Collect Some Information from All Visitors to Our Website:

Like many online services, we use technologies like session and persistent cookies, web beacons (tiny image files on web pages that communicate information about the page viewer to the beacon owner), log data, and third-party analytics services to collect and analyze information about all Users of our Platform or Services.  This may include things like Users’ search preferences, interaction with ads on our Platform, and location.

Our servers automatically record information (“Log Data”) created by your use of the Website or Services. Log Data may include information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device, search terms, and cookie information. We receive Log Data when you interact with our Services, for example, when you visit our Platforms, sign into our Services, or interact with our email notifications. We use Log Data to provide our Services and to measure, customize, and improve them.

Cookies are small data files that we transfer to your computer. We use “session” cookies to keep you logged in while you use our Services, to better understand how you interact with our Services, and to monitor aggregate usage and web traffic information on our Services. We use “persistent” cookies to recognize you each time you return to our Services. We use this persistent cookie to remember your preferences and, if you create an account, to make your User experience consistent after you register.

Most Internet browsers automatically accept cookies, but you can change your settings or use third-party tools to refuse cookies or prompt you before accepting cookies from the websites you visit. You can also use your browser settings or other tools to delete cookies you already have. Please be aware that some parts of our Services may not work for you if you disable cookies.

Information We Collect from Users with Company Accounts or Who Subscribe to the Company Newsletter:  

When using our Services, you may have the option to create an account, register using Facebook or other third-party identification tools, or subscribe to our email newsletter.  If you choose to create an account or subscribe, we ask you to provide us with some limited personal information like your name and email address; if you join via a third-party tool, we will ask you to provide us with some limited personal information like your name and email address. We may use this information to contact you or share with third parties who may contact you about the services on our Platform in which you have expressed interest, or to suggest the Company or other tools and services. If your browser permits the use of cookies, we will collect and store additional information using persistent cookies, as described above, and associate it with your account even if you are logged out. If you subscribe to the newsletter, we will use this information to send you Company email newsletters. We use a third-party service, MailChimp, to facilitate our mailing list. If you subscribe, we will share your email address with MailChimp. You can read MailChimp’s privacy policy here.

User Profile

We store personally identifiable information that we collect, and log files to create a profile of our Users.  User profiles help us tailor visits to our Platform.

Log Files

We generate log files to detect problems with the Website (e.g. broken links) and vulnerability scans. We do not share any individually identifiable information collected with third parties unless required by law. We may share, or publish, aggregate information (e.g. number of unique visitors in a given month) to funders, policy makers, and the public. 

User Payment Information

When Users purchase services or make a donation on the Platform, they may provide payment information (such as payment card number and expiration date).  This information is used for one-time and recurring billing purposes according to the type or product ordered and the terms pertaining thereto, and to fulfill Users' orders.  If we have trouble processing an order, personal information is used to contact the User.  Payment card information is sent in encrypted format, as more fully detailed below (see “Security” below) and is used only to send to our third-party payment card processor, Stripe, for the purposes of collecting payment for Services rendered or to be rendered.  We never make this information visible to anyone other than our payment card processor and never communicate it over a non-encrypted connection.  The full payment card number is never seen by anyone inside our Company once entered and submitted. Our third-party payment card processor uses the payment card number for the purposes of authorizing, clearing and reversing charges to your payment card.

How We Share Your Information

Personally Identifiable Information: We will only share your personally identifiable information according to this Policy’s terms.

Non-Personally Identifiable Information: To provide and improve our Services we use and disclose to our analytics partners non-personally identifiable information that we collect, including cookie data, some log data, and mobile data.

User-Generated Content:  If you use our User-generated content services, like posting a question, answer or blog on this Platform, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other Users and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums or anywhere on the Platform. 

We may post User content, including testimonials and reviews, on our Website. Some of it may contain personally identifiable information.

Protecting Ourselves and Our Users: We may release personal information when we believe that doing so is appropriate to comply with a legitimate law, regulation, or legal request; to enforce or apply our policies; to initiate, render, bill, and collect for amounts owed to us; to protect our rights or property; to protect the safety of our Users; to address fraud, security, or technical issues; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay.

If you provide to us (directly or indirectly, and by any means) any comments, feedback, suggestions, ideas, or other submissions related to our products or the Services (collectively "Feedback"), the Feedback will be the sole property of the Company.  We will be entitled to use, reproduce, disclose, publish, distribute, and otherwise exploit in any manner, all Feedback, without restriction and without compensating you in any way. We are and shall be under no obligation to maintain any Feedback in confidence, or to respond to any Feedback.

Operational Procedures

Our operational procedures to provide data security and privacy including the following:

·      Limiting the number of people within our firm and business partner relationships that have access to detailed information about our customers and members.  Those who are granted access to perform their work responsibilities are trained on and agree to this policy.

·      We review our business partners, such as developers, data and application hosting providers, payment card processors, and application distributors and their data security and policies to ensure that they align with our positions on data security and privacy.

·      Internal procedures and practices are followed to protect our customer’s data, such as data encryption, password protection, and two-step verification requirements prior to data access.

·      Written agreements (physical or electronic signature) will be secured from customers and sponsor companies before information about that customer is shared within our system.  

·      We reserve the right to market directly to members of our User community.

User Communications

When you send email or other communications to the Company, we may retain those communications to process your inquiries, respond to your requests and improve our Services.  When you send and receive SMS messages to or from our Platform that provides SMS functionality, we may collect and maintain information associated with those messages, such as the phone number, the wireless carrier associated with the phone number, the content of the message, and the date and time of the transaction.  We may use your email address to communicate with you about services you offer or receive, or other business purposes.

Surveys

From time-to-time our Platform may request information from Users via surveys.  Participation in these surveys is completely voluntary and the User therefore has a choice whether or not to disclose this information.  The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code).  Survey information will be used for purposes of monitoring or improving the use and satisfaction of the Platform and/or the Services and may be shared with the same types of service providers described in the Summary above.

Supplementation of Information

For the Platform to properly function, it is necessary for us to supplement personally identifiable information we collect with information from certain third-party sources, including Google Analytics and our payment card processor.  You may wish to consider Google Analytics' currently available opt-outs for the web, which can be found here .  We may use third-party services to process our Users' payment card transactions. 

Additional Information Use

In addition to the above, we may use personally identifiable information we collect from you and your computer to:

·      Provide, maintain, protect, and improve our Services and develop new services; and

  • Protect the rights or property of the Company or our Users.


What Information Do We Disclose?

Aggregate Information (non-personally identifying)

We may share aggregated demographic and security vulnerability information with our Users, partners, funders, policy makers, and the public.  This is not linked to any personally identifiable information.

Information Sharing and Disclosure

We may share personally identifiable information with third parties, including but not limited to the following:

  • Such information is shared following receipt of a specific request and/or permission from Users;
  • Such information is shared with affiliated companies and/or potential investors (in any form of business transaction, including purchase or merger) pursuant to an agreement which contains reasonable confidentiality arrangements;
  • Such information is shared with contractors who work with us (to facilitate our business) pursuant to an agreement which contains reasonable confidentiality arrangements;
  • Such information is shared to comply with or in accordance with any applicable law and/or court orders and/or to prevent suspected illegal acts, frauds, situations involving potential threats to the safety of any person, or as otherwise required by law;
  • Such information is shared to help the Company defend against claims and/or establish or exercise any legal right that the Company may have;
  • Such information is shared to help the Company prevent violations of the Company’s Terms of Use and this Privacy Policy or to otherwise protect the rights, property, or safety of the Company, or others, including exchanging information with third parties for fraud protection and credit risk reduction.
     

General Matters

The Company’s Emails: You can control whether you receive the Company’s emails by following the instructions at the end of each email we send.

Third-Party Websites: This Privacy Policy applies to the Company Services only.  We do not exercise control over sites that include the Company applications, products or services, or links from within our various Services.  These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you. 

Our Platform may contain links to other websites or mobile applications. When you click on one of these links, you are navigating to another website. Please be aware that we are not responsible for the privacy practices of such other sites.  We encourage our Users to be aware when they leave our Platform and to read the privacy statements of each and every website that collects personally identifiable information. We do not accept liability for misuse of any information by any website controller to which we may link.

Business Transitions

Information about our Users and our Platform is a business asset of the Company.  Consequently, information about our Users, including personal information, might be among the assets transferred or disclosed as part of any merger or acquisition, creation of a separate business to provide the Platform (or an element thereof), our Services or fulfill products, sale or pledge of company assets as well as in the event of an insolvency, bankruptcy or receivership in which personal information would be transferred as one of the business assets of the company.  You will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Services Announcements

It is often necessary to send out a strictly Services-related announcement.  For instance, if our website is temporarily suspended for maintenance we might send Users an email.  Generally, Users may not opt-out of these communications, though they can deactivate their account.  However, these communications are not promotional in nature.

Security

The Company takes reasonable measures to safeguard Users' personally identifiable information.

Payment information (such as payment card number) is protected by using Secure Sockets Layer (SSL) software, which encrypts the aforementioned information when viewed online.

While on a secured page, the lock icon on web browsers such as Firefox, Safari and Chrome becomes locked, as opposed to un-locked, or open, when Users are just surfing.

In addition, we limit access to personally identifiable information to employees who we believe reasonably need to receive such information to provide our Services or to do their jobs and take other precautions we deem reasonable to protect the security of Users' personally identifiable information.

However, Users should be aware that we cannot fully guarantee the security of their personally identifiable information.  As in many computer systems, internet applications and software programs, unauthorized use, failure of hardware or software, etc. may be injuriousness to the confidentiality of Users' personally identifiable information.

If Users have any questions about security, please contact us at info@20 Summers.org.

Correcting/Updating/Deleting/Deactivating Personal Information

If a User's personally identifiable information changes, or if a User no longer desires our Services, we provide a way to correct, update or delete/deactivate Users' personally identifiable information.  This can usually be done at the Registered User account settings page or by emailing our Customer Support through info@20Summers.org. 

When a request for User deletion is received, we will make all reasonable efforts to purge said data from our systems.  However, due to the nature of our service, some information may not be fully removed due to backups or archived copies.  Nor can information that has already been shared be retrieved/destroyed. 

Policy Changes

We may update this Privacy Policy to reflect changes to our information practices.  If we make any change in how we use your personal information we will notify you by email (sent to the email address specified in your account) or by means of a notice on this Platform prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

International Site Visitors

This Platform is operated in the United States.  If you are located outside of the United States, please be aware that information the Company collects, including personal information, will be transferred to, and processed, stored and used in the United States.  The data protection laws in the United States may differ from those of the country in which you are located.  Your personal information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States.  United States law may not provide the degree of protection for personal information that is available in other countries.  The Company takes commercially reasonable steps to ensure that your data is treated securely, including entering into appropriate data transfer agreements.  By using the Platform or providing the Company with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information, including personal information, in the United States as set forth in this Privacy Policy.  If you do not consent to such transfer, you may not use this Platform. 

Use of Anonymous Information

We may use Anonymous Information (as defined below), or disclose it to third-party service providers, to provide and improve the Platform and our Services.  We may also disclose Anonymous Information (with or without compensation) to third parties, including advertisers and partners, for purposes including, but not limited to, targeting advertisements. "Anonymous Information" means information that does not enable identification of an individual User, such as aggregated information about use of the Platform.

Children's Privacy

The Platform is neither directed to nor structured to attract children under the age of 13 years.  Accordingly, we do not intend to collect personal information from anyone we know to be under 13 years of age.  If we learn that personal information of persons less than 13 years of age has been collected without verifiable parental consent, then we will take the appropriate steps to delete this information. To make such a request, or if there are any questions or concerns about the Privacy Policy for the Platform or its implementation, please contact us at info@20summers.org.

California Online Privacy Protection Act Notice

On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to "Do Not Track Signals"; and whether third parties collect personally identifiable information about users when they visit us.

We may track users over time and across third party websites to provide targeted advertising.  In addition, some third party sites also track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, you may choose to set the Do Not Track Signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked. California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes.  To make such a request, please send an email to info@20summers.org.  Please note that we are only required to respond to one request per customer each year.

Contact Information

If you have any questions or suggestions regarding our privacy policy, information use, collection, or security please contact us at:
 

20 Summers, Inc.
P.O. Box 864
Provincetown, MA 02657
Attention:  Privacy Officer

 

Effective Date of Policy:  July 20, 2018