This privacy policy will advise you about our guidelines concerning the use of your personal information, including the reasonable efforts we make to protect your personal information in accordance with these guidelines, and about what choices you have concerning our use of such information. Please read this policy carefully.


1.0    PRIVACY
We keep your private information private by:

Not selling your information. You have entrusted the YMCA of Silicon Valley and the National Council of Young Men’s Christian Associations of the United States of America and its independent and autonomous member associations (collectively “The Y”) with your personal information, and we're committed to using it wisely. The Y will not sell, share or otherwise transfer your personal information to anyone without your consent.


Restricting who has access to your information. The Y takes reasonable precautions to restrict access to your online account and personal information only by employees who are authorized to have such access for business purposes. If you have any questions or concerns about our privacy policy, please contact us at privacy@ymcasv.org.


Please refer to this policy regularly. The Y may need to change this policy from time to time to address new issues and reflect changes on our websites or within YMCA branches. We will post material changes on our website or otherwise notify you and update the “Last Date Updated” field in the “Revision History” at the bottom of this page with the effective dates of such changes so that you will always know our policies regarding what information we gather, how we might use that information, and whether we will disclose that information to anyone.

Scope of Privacy Policy

This policy applies to the personal information that you provide to The Y, either through our websites and mobile applications or in person at a YMCA branch or program site or through exercise equipment or systems provided by The Y’s vendors. This policy does not apply to your use of unaffiliated sites to which our websites may link. This policy does not apply to Personal Health Information (“PHI”) collected through the YMCA Diabetes Prevention Program or any other program offered by The Y that requires the collection of PHI or other HIPPA protected information.

Collection of Personally Identifiable Information

The Y collects personally identifiable information (PII) from you when you voluntarily submit such information to us. The collection of PII may occur in person or on a website or mobile application operated, provided or otherwise controlled by The Y or its vendors. This information may include your name, home address, email address, telephone number, date of birth, demographic information, sex-offender status, membership status, emergency contact information, and other information that we may need to collect in connection with certain events, including but not limited to:

registration for, or participation in, services, events, classes, camps, and other activities or programs offered by The Y;
use of exercise equipment or systems provided by The Y’s vendors participation in YMCA Nationwide Membership registration for surveys, forums, content submissions, chats, bulletin boards, discussion groups, requests for suggestions, or other services or activities offered on our website; answering your inquiries about our websites, organization, membership, or other services or activities; registration as a member of The Y; and verification of status on sex offender registries.


Collection of Photographs

The Y may also collect your photograph, by capturing your image at a YMCA or scanning your personal identification card or by uploading from your computer or mobile application, for the purpose of identifying you as a member, volunteer or program participant. Your photograph will not be used for any commercial purpose without your authorization.

Use and Disclosure of PII

If you do provide us with PII, The Y may contact you based on the information you provide to communicate with you about YMCA activities that may be of interest to you and your family.

The Y will use its best efforts to never disclose any PII about you to any third-party for purposes unrelated to the YMCA without having received your permission except as provided for herein or otherwise as permitted or required under applicable law.

We do not rent or sell PII, including information provided about children, to third-parties. The Y may share PII with trusted service providers, such as payment processors, technology partners or other providers that need access to your information to provide operational or other support services while you are a YMCA member or program participant. In certain circumstances, we may also share information with select similar nonprofit organizations that may offer activities of interest to you.

We may also provide PII to regulatory authorities and law enforcement officials in accordance with applicable law or when we otherwise believe in good faith that the provision of such information is required or permitted by law, such as in connection with the investigation or assertion of legal defenses or for compliance matters.

Collection of Payment Transaction Information

When you make a payment or donation, we collect information to process the financial transaction and may use that information to contact you in the future about The Y and its programs. Your payment information is transmitted to us, using a secure Internet method that helps maintain the privacy of this information. During the time your payment information resides on our computers, it is in an encrypted format and can only be accessed by authorized personnel with a decryption key.

Collection of Non-Personally Identifiable Information

We collect non-personally identifiable information without limitation, through the use of various methodologies including but not limited to:

“Cookie” technology: A cookie is an element of data that a website can send to your browser, which may then store it on your system to help enhance your experience in using our sites and to provide us with technical information about your usage.
IP address tracking: An IP address is a number that is assigned to your computer when you are on the Internet. When you request pages from our Sites, our servers log your IP address.


Web beacons: A web beacon, or “clear gif,” is a small graphic image on a webpage or web-based document that a website can use to determine information about a user.


Non-personally identifiable information might include the browser you use, the type of computer or device you use, technical information about your means of connection to our websites (such as the operating systems and the Internet service providers utilized), and other similar information. Our systems may also automatically gather information about the areas you visit and search terms you utilize on our websites and about the links you may select from within the sites to other areas of the World Wide Web or elsewhere online.

Although an industry-standard do-not-track (DNT) protocol has not yet been established, The Y’s information collection and disclosure practices and the choices it offers to consumers will continue to operate as described in this Policy.

Use of Non-Personally Identifiable Information

We use non-personally identifiable information for our purposes related to running YMCAs and their programs, and, in particular, to administering websites, and, in the aggregate, to determine what technologies are being used. We may also share aggregate, non-personally identifiable information with third-parties.

Collection of Sensitive Information

Where necessary, The Y may collect certain sensitive information from you, including

payment card or bank account information to process fees or donations;
health information in connection with various fitness programs, programs in which we are responsible for supervising children, health screenings, or other health service events that we may provide from time to time;
Access to sensitive information is restricted to those individuals who have a legitimate need for access. We will not use or disclose your information to third-parties unless such disclosure is necessary to accomplish the purpose for which the information is collected.

Privacy of Children

We are mindful that young people need special safeguards and privacy protection. We realize that they may not understand all the provisions of our policy or be able to make thoughtful decisions about the choices that are made available to our adult users. We strongly urge all parents or legal guardians to participate in their children’s exploration of the Internet and any online services and to teach their children about protecting their personal information while online.

If we ask for PII from children under 13 we will take additional steps to protect the privacy of such information, including

obtaining consent from the parent or legal guardian of the child before collecting or using the child’s PII;
notifying parents about what PII is being requested and how that PII will be used and/or shared, such as through this policy;
limiting the collection of PII from children to no more than is reasonably necessary to accomplish the purpose of the collection; and
giving parents access to the PII we have collected from their children and offering them the opportunity to request that such PII be changed or deleted.


Links to Other Sites

Users may find other content on our websites, mobile apps, equipment and systems that link to the sites and services of other third-parties. We do not control all the content or links appearing on these sites. Third-party sites or services, including their content and links, may be constantly changing and may have their own privacy policies and customer service policies. We encourage you to review the privacy policies of any third-party sites or services before providing any of them with your personal information.

Choice/Opt-Out

If you opt-in to receive information from us, you can change your mind later. If at any time you would like to stop receiving such information or opt out of a feature, you may change your options by following the unsubscribe link on the communication or by contacting any of our branch locations. You should be aware, however, that it is not always possible to completely remove or modify information in our databases and servers, although we will make reasonable efforts to do so upon your request, and we are unable to have your information removed from the records of any third-party who has been provided with your information in accordance with this policy.

Personal Data Access and Accuracy

You may contact The Y with inquiries or complaints regarding the use of information about you. We will use reasonable efforts to grant reasonable requests to access data about the requester. We will also make reasonable efforts to correct any incorrect or misleading data about the requester.

2.0    SECURITY


YMCAs take appropriate administrative, technical, and physical measures to safeguard against unauthorized processing of personal information, and against the accidental loss of, or damage to, personal data. However, The Y cannot provide an absolute guarantee of the security of any of our websites or any other site on the Internet.

Consent to Transfer

YMCA websites are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to The Y will be transferred to the United States by using YMCA websites, participating in any YMCA services, and/or providing us with your information, you consent to this transfer.

California Privacy Rights

The California “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third-parties for direct-marketing purposes in the preceding calendar year. The Y does not distribute your personal information to outside parties for their direct marketing without your consent. You may prevent further disclosure of personal information by emailing your request to privacy@ymcasv.org.

3.0 NOTICES AND DISCLOSURES


Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links

We do not include or offer third-party products or services on our website.

Google

Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.

We may use Google AdSense Advertising on our website.

Google, as a third-party vendor, uses cookies to serve ads on our site. Google's use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

We have implemented the following:

Remarketing with Google AdSense
Google Display Network Impression Reporting
Demographics and Interests Reporting
DoubleClick Platform Integration
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

Opting out:


Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting PII from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.

According to CalOPPA, we agree to the following:

Users can visit our site anonymously. We have added a link to this privacy policy on our home page or as a minimum, on the first significant page after entering our website. Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:

On our Privacy Policy Page on our website
You can change your personal information:

By emailing us
By calling us
By logging in to your account
In person at your home YMCA branch location


How our site handles Do Not Track signals

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify you via email and post a notification on our website.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out penalties for violations.

We collect your email address in order to:

Send information, respond to inquiries, and/or other requests or questions
Process orders and to send information and updates pertaining to orders
Send you additional information related to your product and/or service
Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.


To be in accordance with CANSPAM, we agree to the following:

To not use false or misleading subjects or email addresses.
Identify the message as an advertisement in some reasonable way.
Include the physical address of our business or site headquarters.
Monitor third-party email marketing services for compliance, if one is used.
Honor opt-out/unsubscribe requests quickly.
Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at: privacy@ymcasv.org we will promptly remove you from ALL correspondence.

Updating your Personal Information

You can update your personal information contacting member services at 408-351-6479 by emailing us at: privacy@ymcasv.org or by contacting any of our branch locations.

Privacy Policy effective: 12/18/17