Effective May 15, 2020
Who We Are
Note regarding the General Data Protection Regulation (GDPR): We do not contemplate offering goods or services to individuals in the European Union. To the extent we collect or process personal information of individuals in the European Union, we will do so in accordance with this policy. Should you have questions or concerns regarding your personal information, or to submit a data subject request regarding your personal information please send an email to firstname.lastname@example.org. For further information consistent with the requirements of GDPR, please see the Region-Specific Disclosures section below.
Note regarding definitions: The following terms, as used in this policy, have the following meanings:
“Personal information” means information that identifies (whether directly or indirectly) a particular individual, such as the individual’s name, postal address, email address, telephone number, and birth date. When anonymous information is directly or indirectly associated with personal information, the resulting information also is treated as personal information.
“Anonymous data” means information that does not directly or indirectly identify, and cannot reasonably be used to identify, an individual person.
“Aggregate data” means information about groups or categories of people, which does not identify and cannot reasonably be used to identify an individual person.
What We Collect
We collect two basic types of information – personal information and anonymous data – and we may use personal information and anonymous data to create a third type of information, aggregate data. For example, we collect:
Membership information you provide when you join SMAC, either as a student or adult volunteer, including your first name and last name, physical address, email address, phone number, birth date, and gender
Registration information you provide when sign up to participate in one of our events or activities, including your first name and last name, physical address, email address, username and password, and, in some cases, health and medical information
Transaction information you provide when you request information, purchase a product from us, or make a monetary donation to us, whether on our sites or through our applications, including your postal address, telephone number and payment information
Information about awards, advancements, recognition, and training you have received in connection with your participation in our programs
Information you provide to us when you use our sites and applications, our applications on third-party sites or platforms such as social networking sites, or link your profile on a third-party site or platform with your registration account
Location information when you visit our sites or use our applications, including location information either provided by a mobile device interacting with one of our sites or applications (including through beacon technologies), or associated with your IP address, where we are permitted by law to process this information
Usage, viewing and technical data, including your device identifier or IP address, when you visit our sites or use our applications, how much time you spend on our sites or using our applications, and when you open emails we send
How We Collect Information
We collect your personal information when you provide it to us in the course of registering with us (e.g., for a program, an event, or an activity), purchasing a product, subscribing to our services, responding to surveys, or otherwise interacting with us through our websites and applications. We collect anonymous data through technology, such as cookies, and Web beacons, that we use to operate our websites and applications. For further information about those technologies, please see the Your Controls and Choices section of this policy.
Note: The information you provide to SMAC chapters through their websites and applications is collected separately by them and is subject to their privacy practices and those of their service providers. Privacy choices you have made on a chapter’s website or application will not apply to our use of information we have collected directly through our websites and applications.
How We Use Information
Consistent with applicable law and choices and controls that may be available to you, we may use information collected from you, or from devices associated with you, to:
Provide you with the products, services, and/or information you have requested, purchased, or won (e.g., in a contest or promotion)
Communicate with you about your membership (or your expressed interest in membership), your account, or transactions with us and to send you information about features on our sites and applications or changes to our policies
Manage, accommodate and administer your needs (e.g., medical treatment, physical limitations) and choices (e.g., programming) as a participant in our events
Deliver relevant offers and promotions for our programs, events, products and services or those of a third party, based on your activity on our websites or applications
Personalize content and experiences for you that reflect your choices and preferences
Provide useful features to simplify your experience when you return to our sites and applications
Operate, understand, optimize, develop or improve our products, services, events, programs, communications, and operations
Detect, investigate and prevent activities that may violate our policies or be illegal
Sharing Your Information with Others
We may share your personal information with our chapters for their administrative purposes, including the proper and efficient administration of our programs and replying to members’ and volunteers’ requests for information. However, we do not share any lists of current or former registered members or leaders of SMAC or lists of SMAC donors with any third party for its direct marketing purposes.
In addition, we may share your personal information:
With third parties providing services for us or on our behalf, such as order and prize fulfillment, package delivery, customer service, event registration management, payment processing, financing and advertising, marketing, or data analytics services; however, such service providers are prohibited from using your personal information for their marketing purposes or any other purpose not specified by us or required by law.
With third parties to enforce our policies and regulations, to ensure the safety and security of our members, volunteers, donors, employees and third parties, to protect our rights and property and the rights and property of our members, volunteers, donors, employees and third parties, to comply with legal process or in other cases if we believe in good faith that disclosure is required by law.
Your Controls and Choices
You always have the choice to not provide your personal information to us or change your communication choices, but consequently you may not be able to receive certain goods or services or participate in certain programs or activities. Depending on the Internet browser and device you use to interact with us, you may have the ability to control the use of certain tracking technologies through which we gather anonymous data.
Marketing. As a matter of SMAC policy, lists of current and former registered members and leaders of the SMAC and lists of SMAC donors may not be used for commercial purposes, such as selling or renting such lists to other businesses for their direct marketing purposes. We may send you offers and promotions for our products, programs, and events, or those that we think may be of interest to you, and you may opt-out or unsubscribe from such offers by either following the instructions provided in our communications to you or changing your preferences in your account.
Digital privacy is a component of SMAC’s commitment to youth protection and safety. As such, we do not collect the personal information of children under the age of 13 unless a child’s parent or legal guardian provides it to us. In any event, consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), a parent may review or have deleted their child’s personal information, and prohibit its further collection or use. If you have a request in relation to the personal information of your child below the age of 13, please send an email to email@example.com.
For contests and promotions, we typically require only the information necessary for a child to enter, such as first name (to distinguish among family members) and his or her online contact information. We will only use the child’s online contact information to enter him or her into the contest or promotion and contact him or her once when the contest ends. If a contest or sweepstakes asks the child to submit his or her own created content with the entry and that content contains the child’s personal information, then we will either pre-screen the submission to remove any personal information or seek parental consent by email for the collection. To facilitate delivery of the contest’s prize, we may ask a child at the time of entry to also provide her or her parent or legal guardian’s online contact information, which we will only use to notify the parent or legal guardian if the child wins the contest or promotion.
Data Security, Integrity and Retention
Comments and Questions
If you have a comment or question about this policy or our treatment of your information, you may email us at firstname.lastname@example.org. Our sites and applications may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our sites or applications and to read the privacy policies of other sites that may collect your personal information.
Notice to California Residents: If you are a California resident, you may have certain additional rights.
California Civil Code § 1798.120 may permit you to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the California Consumer Privacy Act). As described above in this policy, we do not sell or lease our lists of SMAC members or leaders, or of SMAC donors.
Furthermore, California Civil Code §§ 1798.100 and 1798.105 may permit you to make requests to access categories and specific pieces of personal information about you, as well as to request to delete personal information about you. California Business and Professions Code § 22581 permits registered users who are minors to request and obtain removal of content they have publicly posted. To submit such requests, please send an email to email@example.com with a detailed description of the specific content or information at issue. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
General Data Protection Regulation:
Article 13 of the General Data Protection Regulation (GDPR) requires those who collect personal information from individuals in the European Union to provide certain information to such individuals at the time their personal information is collected. In GDPR parlance, those who collect and direct the use of such personal information are referred to as “data controllers” or simply “controllers”, and such individuals are referred to as “data subjects”. The terms “processing”, “profiling”, and “recipient” are defined in Article 4 of the GDPR, as is the term “personal data”, which is analogous to the term “personal information” used in this policy. Much of the information required by Article 13 is set forth elsewhere in this policy. For ease of reference, below we have indexed the contents of this policy to the specific requirements of Article 13 and included additional commentary as appropriate:
GDPR Article 13 requirement
Relevant section of this policy and additional commentary
The identity and the contact details of the controller and, where applicable, of the controller’s representative
“Who We Are” identifies the controller and “Comments and Questions” provides the contact details of the controller’s representative
The contact details of the data protection officer, where applicable
The purposes of the processing for which the personal data are intended as well as the legal basis for the processing
“How We Use Information” describes why we collect, store and use personal information, and “Sharing Your Information with Others” describes why we disclose personal information to third parties. We process personal information because it is necessary to either (a) perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, (b) protect against threats to health and provide medical treatment, (c) serve our legitimate interests in the safe and proper administration of our programs, activities, events, and advancements, or (d) comply with legal requirements. With respect to the personal data of employees of the SMAC Transatlantic Council based in Brussels, Belgium, at U.S. Army Garrison Benelux, we process such personal information for internal administrative purposes.
The recipients or categories of recipients of the personal data, if any
“Who We Are” and “Sharing Your Information with Others” identifies the recipients of personal information
Where applicable, the fact that the controller intends to transfer personal data to a third country or international organization
The period for which the personal data will be stored
“Data Security, Integrity and Retention” describes how long we store personal information
The existence of certain rights of the data subject
Pursuant to GDPR, data subjects (i.e., individuals in the European Union) have the right to (a) request access to their personal information; (b) rectify or correct inaccurate personal information; (c) have their personal information erased in certain circumstances; (d) restrict the processing of their personal information in certain circumstances; (e) object to the processing of their personal information in certain circumstances, such as processing for direct marketing purposes; and (f) the right to receive, in a structured, commonly used and machine-readable format, the personal information he or she has provided to us under certain circumstances and the right to transmit such data to another controller.
The right to complain to a supervisory authority
Pursuant to GDPR, data subjects (i.e., individuals in the European Union) have the right to lodge a complaint with one of the independent public authorities established by the countries in the European Union (each such public authority is referred to as a “supervisory authority” in GDPR parlance).
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
“Your Controls and Choices” describes your options for providing personal information to us and the potential consequences of your choices. The provision of personal data by you, the data subject, is your choice and not a statutory requirement, unless indicated otherwise at the point of collection.
The existence of automated decision-making, including profiling
We use automated processes, such as data analytics, to analyze your personal preferences, interests, and location with respect to our programs, products and services, and we use such analyses to deliver to you offers, promotions and other information we believe you would find interesting or useful.