PII may include a User’s name, screen name, email address, mailing and/or residential address(es), phone numbers, IP addresses or other information that identifies the User personally. The Corporation may require Users to register or provide elements of the PII to use the Services. The PII Users provide via the Services will be used only for its intended purpose. The Corporation, to the extent possible, will protect Users PII consistent with standards applicable to such protection, including the principles of the U.S. Privacy Act of 1974, the U.S. E-Government Act of 2002, the U.S. Federal Records Act, and the General Data Protection Regulation (GDPR) (EU) 2016/679 (adopted on April 27, 2016, and enforceable as of May 25, 2018).
Personally Identifiable Information
When Users choose to provide PII to and through the Services, to the Corporation or to Third Parties, through any methods including uploading data and images, completing Services or web-based forms, populating calendars and participating in calendaring functions, engaging in internal person-to-person, and/or person-to-group, communications via Services-specific information exchange, chats, social media engagement, email exchanges, instant messaging, and other like information exchange capacities, the Corporation may, without further express permission of the participating Users, use PII to help the Corporation provide Users requested or required Services, and service support. The PII that the Corporation receives from any User may vary in form based on the interaction of the User with the Services. No restriction on use of the PII by the Corporation in enhancing the Services is implied based on the form in which the PII is communicated to the Services, or to the Corporation.
Direct Communication to the Corporation via the Services
The Services allow Users to correspond directly with the Corporation as the Services provider, including via emails and direct access forms, which may be converted to formatted emails containing PII. The Corporation will use the information Users provide to respond to Users’ inquiries. The Corporation will only send Users general information via email. Users are expressly reminded that email may not necessarily be secure against interception. Therefore, the Corporation expressly suggests that Users do not send sensitive personal data via email. If a User’s intended email communication is considered by the User to be very sensitive, or it includes information such as User’s bank account, credit card, or Social Security number, the Corporation advises that Users should explore other means of transmitting the data.
Categories of Information
Automatically Collected Information
The Services may collect and temporarily store certain information about the Users immediate interaction with the Services. The Corporation may use this information for Services management and security purposes only. The Corporation may collect and analyze this information because it aids in upgrading the Services to our Users evolving needs. The Corporation may also automatically collect information about web content a User views in the event of a known security, virus or other threat. This information may include:
The Internet domain from which the User accesses the Services (for example, “xcompany.com” if the User employs a private Internet access account, or “yourschool.edu” if the User connects from an educational domain);
The Internet Protocol (IP) address (a unique number for each device connected to the Internet) from which the User accesses the Services;
The type of browser (e.g., Firefox®, Internet Explorer®, Chrome® or the like) used to access the Services;
The operating system (e.g., Windows, Mac OS, Unix) used to access Services;
The date and time the User accesses the Services;
The Universal Resource Locators (URLs), or addresses, of pages the User visits via the Services;
The Users username, if it was used to “log in” to the Services; and
Other like information.
The Corporation may share the above information with its employees or representatives with a “need-to-know” in the performance of their official duties supporting the Services. This information is only used to assist the Corporation in revising, updating or improving the Services in support of one or more Users. Raw data logs are retained temporarily as required for security and Services management purposes only.
Third-Party Data, Websites and Applications
The Corporation may have access to publicly-available Third Party databases, which may include PII. The Corporation, in furtherance of its business objectives, may use information from these databases to offer the Services to individuals and groups. These databases are now, and will be, kept segregated from User-submitted PII. The Corporation will not share User-submitted PII with any Third Party, except as expressly provided below.
The Services include a social media component and access to select Third Party websites, including social media portals. The Services may use web measurement and customization technologies to measure the number of Users accessing Third Party channels. When accessing Third Party websites or channels, the Third Party applications may request PII, including an email address, username, password, and geographic location (e.g., State, region, or ZIP code) for any one of a number of purposes, including account registration purposes. The Services and the Corporation do not use Third Party applications or websites to solicit and collect PII from any individuals, including Users. Any PII passively collected (i.e., not solicited) by the Third Party applications or websites will not be transmitted or stored by the Services or the Corporation; no PII will be disclosed, sold or transferred to any other entity outside the Corporation by the Corporation or the Services, unless required for law enforcement purposes, by statute or by other legally justiciable requirement.
The Corporation, via the Services or otherwise, may use various types of surveys to collect opinions and feedback from random samples of Users. The surveys do not and will not collect User PII. Although the survey invitation may be presented randomly to Users of the Services, participation in any survey is optional and will not affect a User’s interaction with the Services or the Corporation. If a User declines the survey, the User will still have access to the identical information and resources provided by the Services and the Corporation as those who take the survey. Survey reports are available only to the Corporation and its designated agents or staff who require the survey information to perform their duties. Any further details regarding use of a survey that deviates from the above will be included in a Notice accompanying the invitation to participate in the survey at the time the invitation is posted.
Information Collected for Tracking and Customization (Cookies)
A cookie is a small file that a website transfers to a user’s computer to allow the website to remember specific information about the user’s session while the user is connected. In such instances, the user’s computer will only share the information in the cookie with the website that provided it, and no other website can request it. There are essentially two types of cookies:
Session: Session cookies last only as long as the user’s web browser is open. Once the user closes the user’s browser, the cookie is deleted. Websites may use session cookies for technical purposes such as to enable better navigation through the site, or to allow the user to customize user preferences for interacting with the site.
Persistent: Persistent cookies are saved on a user’s hard drive in order to determine which users are new to the site or are returning, and for repeat visitors, to block, for example, recurring invitations to take surveys, among other tracking purposes.
If any User of the Services does not wish to have session or persistent cookies stored on the User’s device, it is up to the User to manage those preferences within the capabilities of the User’s device. User selections regarding how to manage cookies should not noticeably affect the User experience with the Services, but may affect interaction with Third Party websites via the Services.
Overarching PII Security
The Corporation takes the security of all User PII very seriously. The Corporation takes precautions to maintain the security, confidentiality, and integrity of the PII Users input via the Services. Security measures include access controls designed to limit access to the PII only to the extent necessary to accomplish the objectives of the Corporation via the Services. The Corporation implements and employs various security technologies to protect the PII stored, even temporarily, via the Services or otherwise on our systems. The Corporation routinely tests and updates its security measures to ensure that those measures remain up-to-date, operational and effective, and in compliance with changing industry standards.
The Corporation has implemented the following steps to secure any PII collected by the Services:
Employ internal access controls to ensure that the only Corporation personnel who have access to User PII are those with a need to do so to perform their official duties.
Train appropriate personnel on Corporation and Services privacy and security policies and compliance requirements.
Secure any areas where the Corporation may retain hard copies of User PII we may collect via the Services, or otherwise.
Perform regular review and purge of any User PII collect online to attempt to further ensure against misuse or loss.
Use technical controls to secure User PII we collect online including, but not limited to:
Secure Socket Layer (SSL)
Periodically test Corporation security procedures to ensure personnel and technical compliance.
Employ external access safeguards to identify and prevent unauthorized access by outsiders that attempt to “hack” into, or cause harm to, the information, including User PII, contained in our systems.
The Corporation holds its employees, partners, agents, contractors and other Third Party providers to the same high standards that the Corporation uses to ensure the security, confidentiality, and integrity of User PII to which they may gain access or to which they may be exposed in the course of their work completed on behalf of the Corporation in operating the Services.
Interaction With Children Online
The Corporation, via the Services and otherwise, is particularly committed to the protection of children’s online privacy. The U.S. Children’s Online Privacy Protection Act (COPPA) governs PII gathered online from or about children under the age of 13. Verifiable consent from a child’s parent or guardian is required before an entity collects, uses, or discloses PII from a child under age 13. To the maximum extent possible, the Corporation will specifically avoid collecting ANY PII regarding any child under the age of 13. The Corporation requests, and expects the cooperation of adult Users in assisting the Corporation in this regard.
Visiting Other Websites via the Services
The Services provide pass-through access to Third Party websites, organizations, and commercial entities. The Third Party websites are not within the control of the Corporation, and may not follow the same privacy, security, or accessibility polices implemented by the Corporation via the Services. Once a User links to a Third Party website via the Services, the User is subject to the policies and vulnerabilities of that Third Party website.
295 Bendix Rd, Suite 260
Virginia Beach, VA 23452
Updated May 1, 2018