Effective Date: April 21, 2020
1. Information We Collect
When you use the Services, we collect the following types of Information:
a. Information We Collect About You.
We collect various information about your use of our Services, including but not limited to your internet connections, computer equipment, web browsers, the URLs of sites visited before using or accessing our Site, and other similar information about traffic and usage, as you navigate to, through, and away from our Site. This is called “Non-Personal Data” because it does not identify you, but provides insights to us regarding your use of the Services.
Web Beacons are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, and to monitor how many visitors view our Services. Unlike Cookies, which are stored on the device, Web Beacons are typically embedded invisibly on web pages or in an e-mail.
Log Data refers to certain information about how a user (including both account holders and non-Account holders) uses our Services. Log Data may include information such as a user’s Internet Protocol address, browser type, operating system, the pages or features of our Services to which a user browsed and the time spent on those pages or features, search terms, the links on our Services that a user clicked on, and other statistics.
You may be given the option to receive push notifications while using our Services. In order to serve push notifications, we may need to collect your IP address and a persistent identifier from your device. You can turn off push notifications in your device settings.
Personal Data and Non-Personal Data are collectively referenced as “Data.”
b. Information You Provide.
When you register to use our Services, respond to communications (e.g., surveys, requests for feedback), contact us via phone, e-mail, postal mail, or inquiry and signup forms, and so on, we will collect certain types of the information you provide us. This may include your first and last name(s), mailing address, e-mail address, phone number, organization, payment information, geolocation information, and/or your IP address. By using the Services, you may also choose to disclose or provide your communication preferences, your physical location, and your demographic information. You may also be asked to provide your billing information, for example, when you make a donation, contribute to an endowment fund, become a member, symbolically adopt an elephant, join The Elephant Sanctuary’s VIP Program, or make a purchase on or through the website. This information, including a credit card number and billing address, may also be collected. You may also provide information through certain online campaigns run through third parties, such as first and last name(s) and e-mail addresses, which information may be provided to us by these third parties. This type of data is called “Personal Data” because it can be used to identify you.
c. Geolocation Information.
You may choose to allow us to access your location by granting the Site access to your location when prompted or through your device’s location services settings. You may change these settings on your device.
When you connect to the Services, we are able to recognize the IP address of the computer providing you with internet access. Our use of this IP address may be to help diagnose problems with our server or otherwise administer our Services. This IP address may also be used to gather broad demographic information. Your IP address is never associated with you as an individual and never provided to another company or organization.
d. Third-Party Social Networking Service(s).
If you choose to access, visit, and/or use any third-party social networking service(s) that may be integrated with our Services, we may receive your Personal Data and other information about you and your computer, mobile, or other device that you have made available to those social networking services, including information about your contacts through those services. For example, some social networking services allow you to push content from our Services to your contacts or to pull information about your contacts so you can connect with them on or through our Services. Some social networking services also allow you to interact with elephant tribute pages and other features of our Site. Your decision to use a social networking service in connection with our Services is voluntary. However, you should make sure you are comfortable with the information your third-party social networking services may make available by reviewing privacy policies of those providers and/or modifying your privacy settings directly with those networking sites/services.
We may obtain Information, including Personal Data, from third parties and sources other than the Site, such as our partners or advertisers. If we combine or associate information from other sources with Personal Data that we collect through the Services, we will treat the combined Information as Personal Data in accordance with this Policy.
e. Tribute Donations.
Donors to The Elephant Sanctuary may elect to make their donations on their own behalf or on behalf of another, as a dedication or a gift (“Tribute Donation(s)”). When a donor submits a Tribute Donation, we do not collect or store Information about the tributee; we use the donor’s information to send an acknowledgment of the gift to the donor. The acknowledgment may contain links to help tributees access our Site and Services and/or sign up to receive communications, which the donor may then send to the desired tributee.
f. Physical Mailings.
We use physical mailings, such as pledge cards and inner envelopes, to contact potential and present donors about The Elephant Sanctuary and the Services. When you return a physical mailing, we may collect certain types of the information you provide to us. This may include your first and last name(s), e-mail address, mailing address, phone number, organization, and payment information which are added to our donor registry, and we may use this information to send news and other communications from The Elephant Sanctuary. If you navigate to any URLs provided on the physical mailings, we may also collect your IP address and/or geolocation information. If you no longer wish to receive these communications, you may opt-out of receiving such communications through the “unsubscribe” link at the bottom of the communication or by contacting us at email@example.com.
2. Use of Data
a. For Legitimate Interests.
We use Non-Personal Data collected by clickstream information collection, web pixels, and cookies to store your preferences, improve website navigation, make personalized features and other services available to you, to generate statistical information, monitor and analyze user traffic and usage patterns, monitor and prevent fraud, investigate complaints and potential violations of our policies, to improve the our content and the products, services, materials, and other content that we describe or make available through the Site, and otherwise help administer and improve the Services.
We may identify you from your Personal Data and merge or co-mingle Personal Data and Non-Personal Data. Except as otherwise stated, we may use Information we collect from you for the legitimate business purpose of providing our Services to you, including, but not limited to:
- to process your donations;
- to complete your purchase transactions;
- to respond to your requests and provide user support;
- to evaluate and improve the content of our Services;
- to customize the Services to your preferences;
- to establish accounts to use the Services;
- to communicate information and promotional materials to you (where you have not expressed a preference otherwise);
- to check on your account status and maintain record of activities in connection with your use of the Site;
- to notify you of any changes to relevant agreements or policies;
- for research analysis;
- to enforce our agreements, terms, conditions, and policies;
- to prevent or investigate fraud (or for risk management purposes), or to comply with a legal obligation, court order, or in order to exercise our legal claims or to defend against legal claims;
- to comply with a legal obligation, a court order, or in order to exercise our legal claims, or to defend against legal claims;
- to conduct aggregate analysis and develop business intelligence that helps us to enhance, operate, protect, make informed decisions and report on the performances of our Services;
- to describe our Services to current and prospective business partners and to other third parties for other lawful purposes; and
- for other purposes identified to you and as requested by you (please note that you have the right to withdraw your consent to such use at any time by contacting us via the contact information below).
If you are a user accessing our Services from within the EEA and we have collected your Personal Data (such user herein referred to as a “Data Subject”) and we have obtained your consent, we may also use your Data in the following ways; and, if you are a citizen of any other jurisdiction, you acknowledge that we may use your information in the following ways:
- to send e-mail and postal mail to provide you with updates and news;
- to process any request you make;
- to process any commercial transaction, including but not limited to fulfilling a donation, order, or subscription request; and
- to process your Personal Data as described throughout this Policy.
c. Performance of a Contract.
- to establish your account to use the Services;
- to validate your username, e-mail, password, and/or other login credentials;
- to respond to your requests;
- to provide you with merchandise you have requested;
- to fulfill your subscription purchase(s);
- to fulfill your donation(s);
- to notify you of your contest or sweepstakes results;
- to send you e-mail and postal mail supplying you with the most recent service information or to send you information about your order (e.g., order confirmations, shipment notifications, etc.);
- to notify you of any changes to relevant agreements or policies; and
- to process your Non-Personal Data as outlined as described throughout this Policy.
In addition, we may use third‐party e‐mail providers to deliver communications to you. This is an opt-in e-mail program. If you no longer want to receive these e-mail communications, you may opt-out of receiving e-mail communications through the “unsubscribe” link or by contacting us at firstname.lastname@example.org.
We may, from time to time, invite you to participate in online surveys. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, purchase history, and purchase intent regarding products, events, and Services. The information collected by these surveys is used to research market trends, company growth, community needs, etc. Your input will help us to improve customer experience and shape development of our products and Services.
We may anonymize or aggregate Data that we collect from the use of the Services, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Services, market trends, and other analysis that we create based on the information we receive from you and other users. If you provide Personal Data through our Services, we may aggregate that Data with other active Data, unless we specify otherwise at the point of collection.
3. How We Share Information
We do not sell or rent your Personal Data. We do have relationships with trusted third parties, but we will not share any Personal Data that we have collected from or regarding you except as described below:
- Service providers that help us administer and provide the Services (for example, a web hosting company whose services we use to host our platform). These third-party services providers have access to your Personal Data only for the purpose of performing services on our behalf. While we may seek to require such third parties to follow appropriate privacy policies and to prohibit them from using your Personal Data except for the express purpose for which it is provided, you agree that we do not bear any responsibility for any actions or policies of third parties.
- As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence; and
- Pursuant to your express consent.
4. Data Security
We take reasonable steps online and offline to safeguard the Personal Data that you provide to us, including: Secure Socket Layer (SSL) encrypted connections via HTTPS protocols, data encryption tools, multifactor authentication, access and identity management systems, industry-standard firewalls, regular security updates and patches, and other security safeguards implemented and maintained to protect your Personal Data.
Nonetheless, it is common knowledge that transmission of information via the Internet is not wholly secure, and we cannot guarantee the security of your Personal Data, or any other information, transmitted to or through any of our Services. Any transmission of Personal Data, or other information, is at your own risk. By using our Services, you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Services. Any transmission of information is at your own risk.
If you have any questions about security on our Services, or if you become aware of any unauthorized use of an account, loss of your account credentials, or suspect a security breach, notify us immediately via e-mail at email@example.com. If our security system is breached, we will notify you of the breach to the extent required under applicable law.
5. Rights to Your Personal Data
You may change, edit, update, or delete the information that you provided when you set up your account through our Service(s) through your account settings. You may also request the deletion of this information by sending an e-mail to firstname.lastname@example.org. If you access our Services from certain jurisdictions, such as the EEA, you may have additional rights and options with regard to accessing, reviewing, correcting, and updating your Personal Data, as well as how we use and disclose your Personal Data.
As a Data Subject, you have the right to request access to your Personal Data as it exists in our records by emailing us at email@example.com, calling us at (888) 229-9161, or by completing this webform. You also have the right to rectification, correction, or amendment of your Personal Data if it is inaccurate or incomplete. You may also have the right to erasure of your Personal Data; however, this is not always possible due to legal requirements, and exceptions may apply.
A Data Subject may have the right to object to the processing of his or her Personal Data, for example, due to his or her particular situation, for direct marketing uses, or for scientific or historical research. In certain circumstances, Data Subjects may have the right to obtain a restriction on our processing of their Personal Data, in which case such Personal Data will, with the exception of storage, only be processed with the Data Subject’s consent or in circumstances such as our exercise or defense of legal claims or the protection of another person. Data Subjects may also have the right to request that we provide data portability for their Personal Data via a copy of the data in a commonly-used format and/or transfer their Personal Data directly to another data controller (where technically feasible). Exceptions to these rights may apply, for example, if the processing is necessary for a task carried out in the public interest. Finally, if a Data Subject has given his or her consent to our processing of his or her Personal Data for certain purposes, he or she has the right to withdraw consent to such use at any time by contacting us via the contact information below.
If you are not satisfied with how we manage your Personal Data, you have the right to make a complaint to a data protection regulator. A list of National Data Protection Authorities can be found here.
6. Data Retention
If you have questions regarding our retention of user Data, please contact us by e-mailing firstname.lastname@example.org
7. Geographic Data Transfers
However, this does not change our commitments to safeguarding your privacy, and we will comply with all applicable laws relating to cross-border data disclosure of your Personal Data. Where required, we implement Standard Contractual Clauses with our third parties pursuant to the requirements of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), and you may request a copy of the Standard Contractual Clauses by emailing us at email@example.com. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before disclosing any Personal Data.
8. Data Protection Officer
Our appointed Data Protection Officer is Ashley Thomas. If you have an inquiry regarding your Personal Data, pursuant to the rights listed herein, please send your message to firstname.lastname@example.org.
9. Links to Third Party Sites
10. Children’s Privacy
We do not sell products or services for purchase by anyone under the age of thirteen (13). In accordance with the Children’s Online Privacy Protection Act (“COPPA”), we will never knowingly request or solicit Personal Data from anyone under the age of thirteen (13) without verifiable parental consent. In the event that we receive actual knowledge that we have collected such Personal Data without the requisite and verifiable parental consent, we will delete that information from our database as quickly as is practical. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Service(s).
11. Your California Privacy Rights
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to email@example.com. In addition, please see the California Privacy Notice.
13. How to Contact Us
By e-mail: firstname.lastname@example.org
By telephone: (888) 229-9161
By regular mail: The Elephant Sanctuary in Tennessee
Attn: Privacy Inquiry
P.O. Box 393
Hohenwald, TN 38462