Privacy Policy
Support Organization for Trisomy 18, 13 and Related Disorders (SOFT) Website and Data Privacy Policy
BACKGROUND
The European Union (EU), about 40 countries and many U.S. States have established privacy policy regulations to control how website owners use the information consumers enter into a website. These regulations intend to standardize data protection laws and processing across the EU, and US and other country regulations are similar in intent and effect.
It is not yet completely clear how these policies affect non-profit or USA organizations. SOFT has members residing in the EU and in many other countries and the regulations are said to apply to all these citizen records.
The EU and other policies require, at a minimum, that the organization must inform users about:
- Who the processor of the information is, which includes the business’ contact information
- The categories of personal data the organization will collect and process through its website or mobile app.
- Why the personal information is collected.
- Whether the collected information will be disclosed to third parties.
- How the users may exercise their rights regarding deletion of information and withdrawal of consent
The California legislation (“CCPA”) applies to commercial websites and it is not clear how it affects non-profit organizations. CCPA is said to apply to any person or company in the United States (and conceivably the world) whose website collects personally identifiable information from California consumers. That would include SOFT. The same would likely be true for the many other states which have enabled similar legislation.
CCPA requires the website to feature a conspicuous privacy policy stating exactly what information is collected and with whom it is shared; it also requires the operator of the website or online service to comply with the site’s privacy policy. Those who fail to do so are at risk of civil litigation under the state’s Unfair Competition Law.
California’s act was later amended to include “Do Not Track” requirements.
To be considered in compliance with EU, CCPA and presumably other state requirements, the website’s privacy policy must contain the following:
- A list of the categories of personally identifiable information the operator collects.
- A list of the categories of third parties with whom the operator may share such personally identifiable information.
- A description of the process by which the consumer can review and request changes to his or her personally identifiable information as collected by the operator.
- A description of the process by which the operator notifies consumers of material changes to the operator’s privacy policy.
- The effective date of the privacy policy.
- “Do Not Track” policy explanation.
SOFT’s privacy practices are provided below.
SOFT’s Privacy Policy and Notice
The Support Organization for Trisomy 18, 13 and Related Disorders is hereinafter referred to as “SOFT.” SOFT’s privacy notice discloses the privacy practices for SOFT’s website and the organization (www.trisomy.org). SOFT was incorporated in the State of Utah in 1980 as an I.R.S. 501(c)(3) non-profit volunteer-run organization providing family support to families having children with a trisomy condition.
SOFT’s current headquarters is located at 2982 South Union St., Rochester, NY 14624. Its telephone number is 1-585-748-4621 and contact with SOFT committees and the president can be made using the website’s “Contact” menu selection.
This privacy policy and notice is effective as of January 1st, 2020. For the purpose of this document, the EU, other country and USA State regulations are collectively referred to as “GDPR.”
How SOFT prepared for GDPR compliance:
- SOFT implemented an audit of information previously held and ensured that it was compliant with the GDPR regulations.
- This data protection policy and procedure document was revised and updated to comply with GDPR regulations.
- Data retention, access and deletion by SOFT members and by SOFT is addressed in this policy.
- SOFT complies with the “Right to Erasure” obligation.
- Data Breaches are addressed by the policy.
- International Data Transfers and Third-Party Disclosures are addressed by the policy.
- Privacy Notices and Consent documents have been revised.
This privacy notice applies solely to information collected by this website. This policy and notice will notify you of the following:
- How and What Type of Information SOFT Collects
Personally Identifiable Information refers to information that tells us specifically who you are, such as your name, email address, or phone number. It might include, at your sole discretion, your child’s trisomy condition, name, surgery history, birth date or other information.Persons registering with SOFT are hereinafter referred to as “registrant, registrants or members.” A casual website viewer need not enter any information to use this website (www.trisomy.org). Information is entered only when voluntarily becoming a registrant (member) of SOFT, or when requesting changes to previously-entered information. When registering, a registrant is required to give certain information; the minimum being name and email address. This information is used to contact you about the organization’s services in which you have expressed an interest by the fact of your registration. At your option, you may also provide demographic information such as your child’s name, gender, birth date, medical diagnosis etc., as well as your address and phone number. All information collected is exactly what you voluntarily input into the website and there is no requirement for you to enter it, except for the required name and email address. After you enter information using SOFT’s registration/update form, the registration system will automatically return a copy of your registration form to you by email. Thus, you have a record of the information supplied to SOFT and it is recommended that you retain this information. You may update, correct, modify or delete this information at any time by submitting a new registration/update form. You may also request deletion of any information by using the “contact” forms. The information you voluntarily provided will be retained in your SOFT membership record until such time as you might request that it be removed. Very old, inactive, membership records may be archived at SOFT’s discretion and those will no longer appear in the current membership list. SOFT is the sole owner of the information you voluntarily enter into the website. SOFT will not sell, rent or transfer this information to a third party. When necessary, we will use the information you supplied to respond to questions or comments submitted by you. SOFT occasionally uses aggregated demographic information to construct charts, graphs, etc, or to conduct research. No identifiable personal information will be included in these. The SOFT website contains internal reports containing personal information but these are available to only those authorized SOFT management personnel who have a need of the information. On the registration/update form, you indicate whether your data can be made available to SOFT management for use in reports. Examples of such reports include, but are not limited to, the Surgery System reports which display voluntarily-submitted data about children’s surgeries, Conference Registration reports, or various member reports. A public “Birthday Finder” list exists which provides only a registrant’s child’s first name, city and dates of birth or death. This allows SOFT members to find a friend’s child’s birthday so the member can send a card or email. A registrant may opt-out of this display of information. No last names, addresses, emails or phone numbers are displayed. Information provided might be transferred internationally. For instance, a SOFT member residing in the United Kingdom would have information stored on the Host’s servers, which might be located in the USA or in Europe. SOFT cannot mandate where the host stores the information. SOFT does not collect information from minors, but parents might submit information ABOUT their minor child since bringing together families having children with trisomy conditions is a primary SOFT mission.
. - What does SOFT do with the information it collects.
SOFT uses the personal information you voluntarily provide to support the organization’s information, services and family contacts that families are assumed to want, since they registered with the organization. A registrant’s personal information is NOT shared with other organizations. It is available only to internal SOFT management staff or committees and to SOFT’s chapter chairpersons or state representatives. A registrant’s personal information will NOT be provided to a second registrant(s) without first obtaining permission from the first registrant. When registering with SOFT, the registrant has the option to select an opt-out choice that precludes SOFT from sharing the registrant’s personal information. The registrant may, at their sole discretion, create a public “user profile” in the Blogging section of the website. This is an abbreviated set of information about the registrant, including, potentially, a photo. There is no requirement for registrants to create this profile.A registrant’s email address may be used in a mass email announcing SOFT information or events, that is sent to all SOFT registrants except those who have opted out from such communications when they registered. Each member’s email address is visible to only the member to which the email is sent. Information sent by email might include, but is not limited to, conferences, fund-raising activities, website changes or other SOFT activities. Individual notifications might include contact about family demographic changes, the sending of remembrance cards or other family-specific actions. A registrant’s opt-out status will preclude use of the registrant’s email address in mass emails.
. - SOFT’s Use of Cookies
Cookies are small data files that are served by a website and stored on your device. SOFT does not use cookies so none will be placed on your device. The SOFT website does use the Google Analytics system to quantify page usage and that system may place cookies on the SOFT website to do this, but none should be put on your device.
. - Security
The information you enter into the website is encrypted and transmitted to SOFT in a secure way. All website data and the website itself are stored on the Host’s servers. The hosting company provides security for data stored on their servers and SOFT is not responsible for that security.A select few SOFT managers/volunteers are authorized to access registrant’s information in order to carry out SOFT’s mission elements. An example is the committee that emails annual “Remembrance” emails to SOFT member families whose children have passed away.In the event a Data Breach occurs, it will be reported to members as soon as management becomes aware of it. SOFT procedures ensure that safeguards are in place to identify, assess, investigate and report any personal data breach as early as possible.
. - Links
This website contains links to other sites. SOFT is not responsible for the content or privacy practices of such other sites or possible malware or viruses they might contain. Examples of these links include, but are not limited to, other volunteer or non-profit websites or organizations, private family websites, government websites, publishers and professional medical literature. We encourage our website users to be aware when they leave our site and to read the privacy statements of any other site that may collect personally identifiable information. See section 7 regarding SOFT’s “Do Not Track” policy.
. - Orders, Sales and Donations
SOFT will from time to time sell books or “Trisomy Awareness Month” products or similar merchandise. To purchase these, you must provide shipping information such as name, address, email and phone number. Should there be any problems with the order we will use this information to contact you.
When donating to SOFT, you provide your name, address, email and phone number. SOFT uses this information to send you a receipt and “thank you” for the donation. If you donate “in honor of” or “in memory of” a child, you may provide certain demographic information about that child and the child’s parent so we can inform the parents of the donation. This information is not required.
Payment for SOFT products is made using the PayPal system. After completing your order on the SOFT website, pressing the “submit” button takes you to PayPal where payment can be made. SOFT has no control over the use that PayPal makes of your personal information. It is understood that it is used solely to make payment using your credit card or personal PayPal account. In no case does SOFT pass your information to third parties (except PayPal) when you enter purchase or donation information into the SOFT website. Where the SOFT website provides a LINK to a vendor website, SOFT collects no information prior to the registrant transiting to the vendor website.
. - “Do Not Track” policy.
SOFT does not track its customers or members over time and across third party websites to provide targeted advertising or any other services. The SOFT website therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing habits when they serve you content, which enables them to tailor what they present to you. SOFT has no control over third party websites to which you might voluntarily transfer.
. - Deletion of, or Changes to Personally Identifiable Information
Personal information voluntarily provided to SOFT may be changed in two ways: 1) by submitting a registration/renewal form (available on the website); this results in the old information being overwritten with the new information, or 2) by using the “Contact SOFT” selection on the website menu. Either selection can also be used to terminate membership in SOFT.