This Privacy Policy applies to the SheSTEM website (hereinafter, “us”, “we”, or “SheSTEM”). We respect your privacy and are committed to protecting personally identifiable information you may provide us through the Website or any of our owned/managed/partnered data channels.
We have adopted this privacy policy (“Privacy Policy”) to explain what information may be collected on our Website, how we use this information, and under what circumstances we may disclose the information to third parties. This Privacy Policy applies only to information we collect through the Website and does not apply to our collection of information from other sources.
This Privacy Policy, together with the Terms of Use posted on our Website, set forth the general rules and policies governing your use of our Website. Depending on your activities when visiting our Website, you may be required to agree to additional terms and conditions.
We generally keep this Privacy Policy posted on the Website and you should review it frequently, as it may change from time to time without notice. Any changes will be effective immediately upon the posting of the revised Privacy Policy.
When you access our website, you agree to this privacy policy. If you do not agree to this privacy policy, or to any changes we may subsequently make, immediately stop accessing our website.
Our Data Protection Policy
1. Information We Collect
Our Website typically collects two kinds of information about you:
- information that you provide which personally identifies you; and
- information that does not personally identify you which we automatically collect when you visit our Website or that you provide us.
- Personally Identifiable Information: Our definition of personally identifiable information includes any information that may be used to specifically identify or contact you, such as your name, address, email address, phone number, etc. As a general policy, to facilitate the use of SheSTEM content, you must provide personally identifiable information when registering. Affiliates of SheSTEM may also be required to provide a tax identification number.
- Non-Personal Information: Our definition of non-personal information is any information that does not personally identify you. Non-personal information can include certain personally identifiable information that has been de-identified; that is, information that has been rendered anonymous. We obtain non-personal information about you from information that you provide us, either separately or together with your personally identifiable information. We also automatically collect certain non-personal information from you when you access our Websites. This information can include, among other things, IP addresses, the type of browser you are using (e.g., Internet Explorer, Firefox, Safari, etc.), the third-party website from which your visit originated, the operating system you are using (e.g., Vista, Windows XP, Macintosh OS, etc.), the domain name of your Internet service provider (e.g., Comcast, Verizon, etc.), the specific areas of the Website that you visit, and the duration of your visit.
2. Data Handling Procedures and Review
- Review current mailing lists: We check contacts for records of consent. Remove individuals without a proactive consent notice. Those related with marketing automation create a separate segmentation list for these contacts to secure consent in the future.
- Document all the data collection channels and steps: We document all the channels from which our site receives contact data such as events, website registrations, partners, sales, list purchases, etc., and ensure there is a consent process for each channel.
- Communicate within the organization the seriousness of GDPR: We ensure that each team member understands the potential consequences of not following the regulations. We suggest working with learning and development teams to roll out a data-handling course to all employees.
3. Actions We Take While Collecting Personal Data
- Provide clear consent wording: We as an organization are obligated to use clear, non-legalese language that allows the person to provide unambiguous consent. As our company collects personal information through a web form, we post clearly how the information will be utilized.
- Including a cookie consent notice: As a best practice, we include consent verbiage similar to the cookie consent notice on all web forms. Example: “This site uses cookies to offer you a better browsing experience. Learn more about how SheSTEM uses cookies and how to change your settings.”
4. How We Use & Share the Information Collected
- Personally Identifiable Information:
- The personally identifiable information you submit to us is generally used to carry out your interactions with SheSTEM. In the event you have become a SheSTEM participant, the personally identifiable information you submit to us will be used to identify you as a participant and to facilitate your access to benefits. We may also use this information to later contact you for a variety of reasons, such as customer service, providing you promotional information about our products and services or those of our other affiliated companies (“affiliated companies”), or to communicate with you about the services we have provided.
- In certain instances, we may also share your personally identifiable information with our partners and vendors performing functions on our behalf (e.g., vendors that process credit card orders, and other companies who provide us marketing or promotional assistance, analyze our data, assist us with customer service, etc.). Our partners and vendors agree to use this information, and we share information with them, only to carry out our requests. Except as provided in this Privacy Policy or these Terms of Use, your personally identifiable information will not be shared or sold to any third parties without your prior approval.
- Non-Personal Information: We use non-personal information in a variety of ways, including to help analyze site traffic, understand customer needs and trends, carry out targeted promotional activities, and to improve our services. We may use your non-personal information by itself or aggregate it with information we have obtained from others. We may share your non-personal information with our affiliated companies and third parties to achieve these objectives and others, but remember that aggregate information is anonymous information that does not personally identify you.
5. Actively Managing Existing Contacts and Leads in Our Database
- Sending a re-verification email (double opt-in): While sending all active SheSTEM contacts a new request to re-verify their email address and renew their consent to receive email, mobile in-app, phone, or direct mail communication. We believe in the right to privacy and consent thus we prohibit emailing individuals who previously unsubscribed.
6. Other Uses & Information
- IP addresses: An IP address is a number that is automatically assigned to your computer whenever you are surfing the Internet. When visitors request pages from our Website, our servers typically log their IP addresses. We collect IP addresses for purposes of system administration, to report aggregate information to others, and to track the use of our Website. IP addresses are considered non-personal information and may be shared as provided above. We reserve the right to use IP addresses and any personally identifiable information to identify a visitor when we feel it is necessary to enforce compliance with our Website rules or to: fulfill a government request; conform with the requirements of the law or legal process; protect or defend our legal rights or property, SheSTEM, or other users; or in an emergency to protect the health and safety of our Website’s users or the general public.
- Cookies:
- “Cookies” are small text files from a website that are stored on your hard drive. These text files make using our Website more convenient by, among other things, saving your passwords and preferences for you. Cookies themselves do not typically contain any personally identifiable information. We may analyze the information derived from these cookies and match this information with data provided by you or another party.
- If you are concerned about the storage and use of cookies, you may be able to direct your internet browser to notify you and seek approval whenever a cookie is being sent to your hard drive. You may also delete a cookie manually from your hard drive through your internet browser or other programs. Please note that some parts of our Website will not function properly or be available to you if you refuse to accept a cookie or choose to disable the acceptance of cookies.
- Email Communications: We may use your personally identifiable information to respond to your questions or comments. For security reasons, do not send nonpublic personal information, such as passwords, social security numbers, or bank account information, to us by email. Except for our reply to such an email, it is not our standard practice to send you an email unless you request a particular service or sign up for a feature that involves email communications, it relates to purchases you have made with us (e.g., product updates, customer support, etc.), we are sending you information about our other services, or you consented to being contacted by email for a particular purpose.
- Transfer of Assets: In the event that SheSTEM or substantially all of its assets are acquired, your personally identifiable information may be one of the transferred assets.
7. Public Forums
- We may offer chat rooms, blogs, message boards, bulletin boards, or similar public forums where you and other users of our Websites can communicate. The protections described in this Privacy Policy do not apply when you provide information (including personal information) in connection with your use of these public forums. We may use personally identifiable information and non-personal information about you to identify you with a posting in a public forum. Any information you share in a public forum is public information and may be seen or collected by anyone, including third parties that do not adhere to our Privacy Policy. We are not responsible for events arising from the distribution of any information you choose to publicly post or share through our Websites.
8. PubUpdating Our Privacy Policy Regularly and Notifying Proactively
- We include clear privacy policy directions on the website, including what information is being collected, how data is stored and how to contact the organization.
- In addition to our building or modifying the privacy policy page, we proactively send notification of policy updates to our valued customers and subscribers. Specifically, keeping a running list of the ways in which our business interacts with personal data and conducting quarterly audits to ensure the list is accurate. We use the list to guide regular updates of the privacy policy. Send proactive notifications about changes to the privacy policy to all parties whose personal data is covered by it. If necessary, ask constituents to opt in again.
9. Keeping Your Information Secure
- We implement security measures to protect against the loss, misuse, and alteration of information under our control. Please be advised, however, that while we strive to protect your personally identifiable information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and are not responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable information.
10. Our Data Breach Plan
- GDPR requires us to report data breaches no later than 72 hours after we become aware of the breach. We are proactive and have designed a data breach action plan as a precaution.
- The following are our planned best practices for responding to a data breach.
- Communicate internally to all employees and provide training to all customer-facing employees on how to respond and assist customers.
- A social media response plan, ensuring enough staff are available to respond to social media posts.
- Publish as much information as possible, as quickly as possible, about the breach on the company website or direct customers to a microsite designed to dispense information about the breach.
- Notify affected parties. Send an appropriate form of communication, whether through email, paper mail or a phone call, notifying affected parties about the breach.
- Communicate to affected parties and media that the business is taking all measures to mitigate the damage of the breach.
- Inform affected parties and media that they should report any suspicious activity with regard to use of their personal data to the business and the proper authorities (if applicable).
- Engage the public relations firm or external communications to issue a press release and/or hold news conferences to inform the public about the breach. Be as transparent as possible.
- Provide clear instructions about how to file complaints, get assistance or reach the customer service department.
- Provide assistance to customers who are suffering negative consequences resulting from the breach.
- Update affected parties and media about how the company will prevent future breaches.
- Coordinate with internal stakeholders to ensure compliance going forward.
11. Other Sites
- Our Website may contain links to other websites not operated by us. We are not responsible for the privacy practices of these other sites and encourage you to read their privacy statements
12. Other Sites
- For any questions, comments, or concerns about our Privacy Policy, or to update your personal information or preferences, please contact us directly.
- We will respond to your request and, if applicable and appropriate, make the requested change in our active databases as soon as reasonably actionable.