Last updated: October, 2020
Table of Contents
- Personal Data We Collect
- How We Use your Personal Data
- How We Share your Personal Data
- Cookies and Other Passive Collection Technologies
- Interest Based Advertising
- Data Retention
- International Transfers of Personal Data
- EU Controller
- Our Legal Bases for Handling Your Personal Data
- Your Rights and Choices
- Links to Third Party Sites
- Use of Third Party Services
- How to Contact Us
- OU’s handling of personal data of individuals located outside the United States for
- our kosher certification business and
- marketing and fundraising
We may provide you with additional information relating to our privacy practices in the context of particular services (such as on a form or invitation that requests personal data).
2. PERSONAL DATA THAT WE COLLECT
- contact information, such as name, postal address, telephone number, and email address;
- parent information, such as name, postal address, telephone number, and email address;
- registration information;
- information about your participation in events or activities in which OU is involved;
- payment information, such as credit card numbers and expiration dates;
- photographs taken at OU events or activities or shared on social media by OU participants or partners;
- your mobile device information (e.g., device model, operating system version, device date and time, unique device identifiers, mobile network information);
- how you use our sites and mobile applications, search terms, pages you visit on our websites, and application performance;
- geolocation information;
- user content posted by you in forums, blog posts, comments, or message boards;
- records of your communications and transactions with us;
- information about religious practice and community participation;
- job application data, such as employment history, education and training, and work restrictions;
- when you register for an event or activity, we will ask for your name and contact information, and we may also ask for other information related to dietary restrictions, special facilities or equipment that you may require, health or medical information such as allergies and diagnosis, and emergency contact information;
- insurance information; and
If you choose not to provide information, we may not be able to provide you with requested services, programs, or other OU offerings.
We may also collect or receive Personal Data from third-party sources, such as social media or other third-party integrations, your credit card issuing bank, our payment processing partners, and other third parties.
2.2 Data About Children
We do not knowingly collect Personal Data through the Site from children under the age of 13. We reserve the right to delete any information identified as having been provided through the Site from children under the age of 13.
2.3 Sensitive Information
Unless we specifically request or invite it, we ask that you not send or otherwise disclose to us your racial or ethnic origin, political affiliations or opinions, health information, or criminal background. In those cases where we may request or invite you to provide the foregoing information, we will only do so in accordance with all applicable data protection law requirements. Where you provide us with such information without being requested to do so by OU, we reserve the right (but do not have any obligation) to erase such information at our discretion.
2.4 Social Media
3. HOW WE USE YOUR PERSONAL DATA
- Requests, Inquiries, and Applications: We may use your Personal Data to process, evaluate, and respond to your requests, inquiries, and applications. So, if you request certain information from us, we will use your Personal Data to process and respond to your request.
- Manage Our Relationship With You: We may use your Personal Data to send you important information regarding our relationship with you or regarding the Site, such as changes to our terms, conditions, policies, and other administrative information.
- To Use or Participate In Our Services and Programs: If you provide Personal Data in order to use or participate in our services and programs, to participate in an event or activity, or interact with some functionality available on the Site, we will use your Personal Data to facilitate such use or participation. For example, if you sign up to participate in an advocacy mission, we will use your Personal Data to register you for that activity and to facilitate your participation in that activity.
- Contacting you (such as by text message, email, phone calls, mail, push or messages on third-party platforms) about programs, products, services, companies and events, sponsored by us and others, that you have registered for or that we think might interest you.
- Use of Photographs: We may use your Personal Data in the form of photographs or images taken during OU events, or otherwise taken in conjunction with other OU programs, services, or other offerings, whether by us, you, or other third parties. We share these photographs in newsletters, on our blogs, and on our social media pages so that our members and others can see what OU is up to.
- Contests, Sweepstakes, and Promotions: We may use your Personal Data in order to administer contests, sweepstakes, and promotions that you sign up for. For example, we may use your Personal Data to notify you if you are the winner of a contest or promotion. If you win a contest, sweepstakes, or other promotion, we may request additional information (e.g., social security number for income tax purposes depending on the prize).
- Donation or Purchase Information: When you donate online or offline, or register to purchase items from us, we collect your contact information and credit card number so that we can process your donation or order, notify you of order status, or provide a receipt. If you dedicate your donation or send a gift to a specific OU organization, we will also provide your information to that entity.
- Survey Information: We occasionally conduct voluntary surveys. If you choose to participate in one of our surveys, we collect information related to you and your responses. We do not share Personal Data collected in these surveys with third parties (other than our service providers). We may share aggregate information with third parties to conduct analytics. The aggregate data cannot be used to identify individuals.
- Internal Business Purposes: We may use your Personal Data for internal business purposes, including without limitation, to help us operate, evaluate, and improve the quality of our services and programs; to better understand those individuals that utilize our services and programs; to verify your identity; to prevent, protect against, identify, or address fraud, unauthorized activity, claims, liabilities, and other wrongdoing; to provide you with customer service; to obtain and maintain our funding; and to generally manage our business.
- Employment: If you provide Personal Data to apply for a job with OU, we may use the Personal Data you provide to evaluate your job application, consider you for that job or for similar jobs in the future, and contact you regarding possible employment.
- Legal Requirements, Industry Standards, and Contractual Obligations: We may use your Personal Data for complying with and enforcing applicable legal requirements, industry standards, and our contractual obligations.
We may use non-personal information or aggregate information that does not identify an individual without restriction, and we may share such information with third parties.
- Marketing. We share personal data with joint marketing partners.
- Related Organizations, Partners, Grantees, and Co-Sponsors: We may share your Personal Data with other reputable nonprofit organizations that share a similar purpose or mission as OU, as well as our partners, grantees, or co-sponsors of our programs, activities, initiatives, and events from time to time. Although our treatment of your Personal Data is governed by this Policy, the treatment of your Personal Data by these third parties will be governed by the privacy policies of such third parties. While we endeavor to share your Personal Data only with partners, grantees, and co-sponsors that will respect your Personal Data, we do not control how these third parties use or disclose your Personal Data.
- Funding Organizations: As a nonprofit, OU may receive funding from third parties, including from other nonprofits and government entities. For example, we may share Personal Data in order to document for a funding agency that we have fulfilled our obligation under a grant.
- Agents, Consultants, and Service Providers: We may share your Personal Data with individuals or companies that we hire to provide services to us, such as website hosting services and payment processors.
- Online Forums: Certain features on the Site give you an opportunity to interact with us and others, including on message boards, chats, and creating community profiles on the Site. When you use these features, you should be aware that any information you submit, including your name, location and email address, are made available to others who have registered to participate in those online forums. We do not have any control over how those other users may use and disclose the information that you share on the forums. It is possible that they could make your information publicly available. We are not responsible for any information you choose to submit through these interactive features.
- Legal Requirements: We use and disclose Personal Data as we believe to be necessary or appropriate: (i) under applicable law, including laws outside your country of residence; (ii) to comply with legal process; (iii) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (iv) to enforce our terms and conditions; (v) to protect our operations or those of any of our affiliates; (vi) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (vii) to allow us to pursue available remedies or limit the damages that we may sustain.
- Passively Collected Information: We may share Traffic Data that does not identify you directly, but may identify your computer or device, as described in Sections 5 and 6 of this Policy.
- Some third parties’ embedded content or plugins on Sites may allow their operators to learn that you have visited or interacted with us, and they may combine this information with other, identifiable information they have collected about your visits to other websites or online services. These third parties may handle this information, and other information they directly collect through their content and plugins, pursuant to their own privacy policies.
5. COOKIES AND OTHER PASSIVE COLLECTION TECHNOLOGIES
5.1 As you navigate our Site, certain Traffic Data may be passively collected, meaning it is gathered without you actively providing it. This is done using the following techniques in the following ways:
- IP Addresses: Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP Address is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many online service providers, including website operators. We use IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering the Site.
- Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type and operating system type and version screen resolution, and Internet browser type and version.
- Through your device: If you access the Site through a mobile device or other network-connected product, certain information may be collected about that device, including your device type, network service provider, and other identifiers. We may collect unique device identifiers (such as IDFA and AID tags and UUID and UDID identifiers) associated with the device you use to access the Site.
- Using Monitoring Tools: The Site may utilize pixel tags, web beacons, clear GIFs, Flash Shared Objects, HTML5 Local Storage, HTML5 Mini Databases, and other similar technologies, both on certain aspects of the Site and in HTML-formatted e-mail messages to you. These monitoring tools are used for the purpose of, among other things, measuring the success of our marketing campaigns, compiling statistics about Site usage and response rates, and tracking the activities of users of the Site and e-mail recipients.
- Social Media Widgets. Our Site may include social media tools, including social media widgets or plug-ins, to connect you to your social media accounts. These features may set a cookie or use other automatic collection and tracking technologies to collect information about you and your use of the social media features through and in connection with our Site. These social media tools may be hosted by a third party. Your interactions with these tools and the corresponding social media platforms are governed by the privacy policies of the companies that provide such platforms.
5.2 How to Control & Delete Cookies
5.2.1 Osano Consent Tool
5.2.2 Using Your Web Browser
You can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies.
6. INTEREST BASED ADVERTISING
6.2 You may see certain ads on other websites because we work with advertising partners (including advertising networks) to engage in remarketing and retargeting activities. Our advertising partners allow us to target our messaging to users through demographic, interest-based and contextual means. These partners track your online activities over time and across websites by collecting information through automated means, including through the use of third-party cookies, web server logs, and web beacons. They use this information to show you advertisements that may be tailored to your individual interests. The information our advertising partners may collect includes data about your visits to websites that participate in the relevant advertising networks, such as the pages or advertisements you view and the actions you take on the websites. This data collection takes place both on our Site and on third-party websites that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts. For example, we utilize certain of our ad partners’ targeted advertising services to show you our ads on other websites based on your prior visits to our Site and other online activity. The interest-based data collected about you is linked to your computer or device. Our advertising partners may use the information that they receive to provide advertising services to the OU or to third parties using the same advertising network.
6.3 You may opt-out of receiving interest-based advertisements by disabling marketing cookies using the Osano Consent Tool https://www.osano.com/ on our Site.
6.4 Provided that a company participates in industry-developed programs designed to provide consumers choices about whether to receive targeted advertising, you also may opt out of ad network interest-based advertising generally through the Network Advertising Initiative website or by visiting http://www.aboutads.info/choices/ (web-based advertising) or http://www.aboutads.info/appchoices (for mobile advertising). To learn more, please visit the websites operated by the Network Advertising Initiative and Digital Advertising Alliance at www.networkadvertising.org/choices.
6.5 Opting-out does not mean that you will stop receiving ads from us. It means that you still stop receiving ads from us that have been targeted to you based on your visits and browsing activity across websites over time.
6.6 Do Not Track
We take what we believe to be reasonable steps to protect the Personal Data collected by us from loss, misuse, unauthorized use, access, inadvertent disclosure, alteration, and destruction. However, no network, server, database, or Internet or e-mail transmission is ever fully secure, error-free, or “hacker proof.” Therefore, you should take special care in deciding what information you provide to us. Please keep this in mind when disclosing any Personal Data.
In the event that we believe the security of your personal data in our possession or control may have been compromised, we may seek to notify you of that development. If we believe a notification is appropriate and we have your e-mail address, we may notify you by e-mail. You consent to our use of e-mail as a means of such notification. If you prefer for us to use the United States postal service to notify you in this situation, please contact us as described below.
Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
8. DATA RETENTION
We generally retain Personal Data for so long as it may be relevant to the purposes above, or for longer when required by law. To dispose of Personal Data, we may anonymize it, delete it, or take other appropriate steps. Even if we delete your Personal Data, it may persist on backup or archival media for an additional period of time for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.
9. INTERNATIONAL TRANSFERS OF PERSONAL DATA
OU is based in the United States. The recipients of the Personal Data disclosures described in the “How We Share Your Personal Data” Section above may be located in the United States or elsewhere in the world. Privacy laws in these countries may not provide protections equivalent to those of your country of residence, and your government may or may not deem such protections adequate. Whenever we transfer personal data outside of the European Economic Area (“EEA”) or the UK, we take legally required steps to make sure that the appropriate safeguards are in place to protect your Personal Data.
10. EU CONTROLLER
European Union data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process Personal Data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.
11. OUR LEGAL BASES FOR HANDLING YOUR PERSONAL DATA
The laws in some countries require us to tell you about the lawful grounds we rely on to collect, use, disclose, and otherwise process your Personal Data. To the extent those laws apply, our lawful bases for processing your Personal Data are:
- To Honor Our Contractual Commitments to You: In some cases, we process Personal Data to meet our obligations to you, or to take steps at your request, in anticipation of entering into such a contract with you, or as is otherwise necessary for our contractual relationship.
- Consent: Where required by law, and in some other cases, we process Personal Data on the basis of your consent. This may be implied consent where permitted by law, and it will be explicit consent where required by law.
- Legitimate Interests: In many cases, we process Personal Data on the ground that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- customer service;
- protecting our customers, community, users, personnel, and property;
- analyzing and improving our business;
- processing job applications; and
- managing legal issues.
We may also process Personal Data for the same legitimate interests of our customers, business partners, and related organizations.
- Legal Compliance: We need to process, use, and disclose Personal Data in certain ways to comply with our legal obligations.
- To Protect the Vital Interests of the Individual or Others: For example, we may collect or share Personal Data to help resolve an urgent medical situation.
12. YOUR RIGHTS AND CHOICES
12.1 Opt Out From Direct Electronic Communications
Where it is in accordance with your preferences, OU may send you direct electronic communications, such as through email or text message, regarding donation opportunities or events or programs that might be of interest to you. You may “opt out” of receiving these electronic communications by clicking on the opt-out link within the e-mail you receive, or by sending an e-mail to email@example.com indicating which communications you no longer wish to receive. Please note that if you opt out of receiving promotional messages from us, this does not impact other transactional and administrative messages which you will continue to receive (such as emails relating to logistical information for an event for which you are registered or regarding changes to this Policy).
12.2 Opt Out From Cookie-Related Processing and Interest Based Advertising
You can opt out from certain cookie-related processing and interest-based advertising as described in Sections 5 and 6 of this Policy.
- Under the laws of the European Economic Area (and in some cases in Israel and other countries outside the United States), individuals have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them (including, in some cases, in portable form), and to obtain its correction, update, amendment or deletion in appropriate circumstances. They may also object to our uses or disclosures of personal data, request a restriction on its processing, or withdraw any consent, though such actions typically will not have retroactive effect. This also will not affect our ability to continue processing data in lawful ways (for example, if you opt out of the use of your telephone number for direct marketing, we might still decide to contact you by phone in an emergency).
12.3 How You Can Access, Update, Correct, or Delete Your Personal Data
If you would like to submit a data access, correction, restriction, or deletion request, you can do so by contacting us at firstname.lastname@example.org and we will process such request with respect to any Personal Data that we are able to link to you individually based on the information that you can provide to us. These rights and options that you have with respect to Personal Data are subject to limitations and exceptions under applicable law. In addition to those rights, if you live in certain jurisdictions, you have the right to submit a complaint to your relevant supervisory authority. However, we encourage you to contact us first at email@example.com and we will try to resolve your concerns.
12.4 Notice to California Residents
Subject to certain limits under California Civil Code § 1798.83, if you are a California resident, you may ask us to provide you with: (1) a list of certain categories of Personal Data that we have disclosed to certain types of third parties for their direct marketing purposes during the immediately preceding calendar year; and (2) the identity of the third parties that received certain Personal Data from us for their direct marketing purposes during that calendar year. To do so, please contact use at firstname.lastname@example.org.
The rights and options described above are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.
13. LINKS TO THIRD PARTY SITES
14. USE OF THIRD PARTY SERVICES
16. HOW TO CONTACT US
If you have any questions regarding this Policy or the use of your Personal Data under this Policy, you can contact us at:
New York, NY 10004