Effective May 21, 2018
How We Collect and Use Your Personal Information
Registration and Purchase Information
When you purchase a product or service from us or register for membership, events, courses, or one of the other services we provide, our purchase and registration forms require users to give us personally identifiable information and personal data (collectively, “PII”) that may include name, email address, format preference (HTML vs. Text), mailing and billing addresses, telephone number, interests, and similar information. If you choose to complete the purchase or registration form, and in doing so provide personal information about yourself, ZERO TO THREE may use that information to fulfill your purchase, process your registration, provide you with customer service, track and analyze your engagement in ZERO TO THREE activities, and market products and services to you.
i. We do not request or store commercially sensitive/high-risk information from our visitors, such as credit card or Social Security numbers. In addition, we do not view or store payment card information you provide to us on our website. If you choose to pay for a product or service with a credit card or other bank information on our website, Authorize.Net, USA, UK, a third-party payment processor, will process this information so that we can provide you with the product or service you request from us.
Special Categories of Information
We do not request information related to your political opinions, philosophical or religious beliefs, trade union membership, genetic data, or biometric data. From time to time, we may request information on your ethnicity/race or data concerning health. Providing this information is always voluntary and we will obtain your consent before processing this data.
Your User Profile/Account
You are responsible for maintaining the confidentiality of any passwords associated with your ZERO TO THREE account, and monitoring all activity under your account. You assume full responsibility for all activities that occur under your account (unless ZERO TO THREE is the direct cause of a security breach).
Communicating with Us
When you interact with ZERO TO THREE by email, telephone or in person, we may collect PII, such as your name, mailing address, phone number, email address and contact preferences; and information about your membership and the products you own and services you receive. We keep a record of your correspondence or comments, including Personal Information, in a file specific to you. We may use this information to help us provide you with better service in the event that you contact us again.
Your child’s due date or birth date
One of the things visitors tell us they love best about ZERO TO THREE is getting relevant information about their children when they need it most. Knowing your child’s exact due date or date of birth enables us to provide that information – in formats such as email newsletters – tailored precisely for the stage of your child’s age. This is one of the primary services that we provide to our members and users. Your child’s birth date may also be used to help us compile overall, non-personal statistics about our visitors, which we share with advertisers, the media, or other third parties. For example, we might tell an advertiser that a certain number or percentage of our visitors have children born in a certain month and year.
Your Donor Information
All donor information, including names, beneficiaries, gift amounts and estate sizes, is kept strictly confidential by ZERO TO THREE and its authorized staff unless permission is obtained from the donor to release the information.
If users elect to use our referral service for informing a friend about ZERO TO THREE’s Websites, you confirm that you have consent from the relevant friend to provide ZERO TO THREE with your friend’s name and email address. ZERO TO THREE automatically will send the friend a one-time email inviting them to visit the Websites. ZERO TO THREE stores this information for the sole purpose of sending this one-time email.
How We Disclose Your Personal Information
Disclosures to Third Parties Assisting In Our Operations.
We may share your PII under confidentiality agreements and any legally required data processing agreements with other companies that work with, or on behalf of, ZERO TO THREE to provide products and services, such as those who are providing email solutions, providing cloud hosting services, analyzing data and usage of the Websites, fulfilling bookstore orders, providing event registration support, hosting online content (such as online courses, webinars, podcasts, or e-books), providing community chat functionality, processing continuing education assessment, or providing support and maintenance services for the Website, as well as legal, regulatory, audit and other professional advisors. These companies may use your PII to assist us in our operations or for our legitimate business interests. However, these companies do not have any independent right to share this information.
Disclosures Under Special Circumstances.
We may provide information about you, including PII, to respond to subpoenas, court orders, legal processes or governmental regulations or inquiries, or to establish or exercise our legal rights or defend against legal claims. We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
Other Parties with Your Consent or At Your Direction.
Automatically Collected Information and Anonymous Information
Each time you visit a Website, ZERO TO THREE collects some information to improve the overall quality of your online experience.
ZERO TO THREE collects aggregate queries for internal reporting and also counts, tracks, and aggregates the visitor’s activity into ZERO TO THREE’s analysis of general traffic-flow at the Websites. To these ends, ZERO TO THREE may merge information about you into aggregated group data. In some cases, ZERO TO THREE may remove personal identifiers from PII and maintain it in aggregate form that may later be combined with other information to generate fully anonymous, aggregated statistical information. Such anonymous, group data may be shared on an aggregated basis with ZERO TO THREE’s affiliates, business partners, service providers and/or vendors; if it does so, ZERO TO THREE will not disclose your individual identity.
Web Server Logs and IP Addresses.
An Internet Protocol (“IP”) address is a number that automatically identifies the computer or device you have used to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may disclose the server owned by your Internet Service Provider. ZERO TO THREE may use IP addresses to conduct Website analyses and performance reviews and to administer the Website, although it will not combine traffic data with user accounts.
Some of the Websites’ web pages may use web beacons in conjunction with cookies to compile aggregate statistics about Website usage. A web beacon is an electronic image (also referred to as an “action tag,” “single-pixel,” or “clear GIF”) that is commonly used to track the traffic patterns of users from one web page to another in order to maximize web traffic flow and to otherwise analyze the effectiveness of the Website. Some web beacons may be unusable if you elect to reject their associated cookies.
ZERO TO THREE uses analytics data and the DoubleClick cookie to serve ads based on a user’s prior visits to our Websites. Site visitors may opt out of the DoubleClick cookie by visiting the Google advertising opt-out page or they may opt out of Google Analytics by visiting the Google Analytics opt-out page. Google has additional information available about their Remarketing Privacy Guidelines, Policies, and Restrictions.
Response to “Do Not Track” Signals
Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates, although web browsers incorporate and activate this functionality in different ways, and it is not always clear whether users intend for these signals to be transmitted. There currently is disagreement, including among participants in the leading Internet standards-setting organization, concerning what, if anything, websites should do when they receive such signals. ZERO TO THREE currently does not take action in response to these signals, but, if and when a standard is established and accepted, we may reassess how to respond to these signals.
Children’s Privacy Protection
Under Age 16. ZERO TO THREE does not knowingly collect or retain personally identifiable information about persons under 16 years of age. Any person who provides their personal information to ZERO TO THREE via a Website represents that they are 16 years of age or older. The Websites do not knowingly solicit or collect personally identifiable information online from children under the age of 16 without prior verifiable parental consent. If we learn that a child under the age of 16 (or such legally required higher age) has submitted personally identifiable information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children under 16, please contact us at GDPR@zerotothree.org.
Under Age 18. Minors under 18 years of age may have the PII that they have provided to us through the Websites deleted by contacting us at GDPR@zerotothree.org and requesting deletion. Please note that, while we make reasonable efforts to comply with such requests, deletion of your personal information does not ensure complete and comprehensive removal of that data from all our systems and back-up systems.
ZERO TO THREE understands that storing our data in a secure manner is essential. ZERO TO THREE stores PII and other data using reasonable physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. All information that you transmit to ZERO TO THREE through the Websites is transmitted using Secure Socket Layer (“SSL”) encryption. We protect account information by placing it on a secure portion of our Websites that is only accessible by certain qualified employees of ZERO TO THREE. Please note, however, that while ZERO TO THREE has endeavored to create secure and reliable websites for users, the confidentiality of any communication or material transmitted to/from the Website or via e-mail cannot be guaranteed.
Privacy Settings/Opt Out/Changes/Access
If you would like your PII removed from our database, changed or updated, you can contact us at GDPR@zerotothree.org. If requested, we will promptly verify and delete your account and you will no longer receive emails from ZERO TO THREE. Your removal from the mailing list or database will not remove records of past transactions or delete information stored in our data backups and archives where we are required to keep your data for legitimate business or legal requirements. Data on past transactions and data stored in backups and archives will be deleted in the normal course of our business. You have the right to access or, if required by applicable laws, receive a copy of your PII held by us by making a written request by sending an email firstname.lastname@example.org
We will ensure that appropriate safeguards are in place to adequately protect the PII you provide to us, including by implementing appropriate technical and organizational security measures as well as appropriate contractual measures with data processors and other recipients of data to secure data transfers in the form of standard contractual clauses approved by the European Commission from time to time or such equivalent data transfer agreements or arrangements in compliance with the applicable law.
EU Data Protection (EU General Data Protection Regulation – GDPR) To the extent ZERO TO THREE receives or processes personal data directly from an individual located in the European Union (“EU”) or European Economic Area (“EEA”) through this Website, or through electronic or regular mail from such individual, the following additional principles and disclosures pursuant to Article 13, General Data Protection Regulation (EU) 2016/679 (“GDPR”) upon its application shall apply:
(a) Identity and the contact details of the data controller: ZERO TO THREE, 1255 23rd St. NW, Suite 350, Washington, DC 20037.
(b) Contact details of the privacy officer: see the “Contact” section below.
© Purposes of the processing for which the personal data are intended:
i. To fulfill our contractual obligations by providing you with the services and products you request from ZERO TO THREE (e.g., fulfill your purchase; process your registration; send data-driven communications with new resources or information regarding child development, your membership, our organization, or activities you for which you are registered; provide you with customer service; etc.).
ii. To pursue our legitimate interests in improving our services and your experience with ZERO TO THREE (e.g., tracking and analyzing engagement in ZERO TO THREE activities; direct marketing of products and services to you).
iii. To learn more about the populations we serve and their needs through the use of consent-based surveys.
(d) The recipients or categories of recipients of the personal data: employees and consultants of ZERO TO THREE who respond to your inquiries and requests for products and services and third-party service providers who facilitate the services and products offered by ZERO TO THREE. We may share your personal data under confidentiality agreements and any legally required data processing agreements with other companies that work with, or on behalf of, ZERO TO THREE to provide products and services. These include, but are not limited to:
ii. BrightKey, USA iii. Corporate Communications Group, USA iv. Meeting Management Services, USA v. HigherLogic, USA vi. BlueToad, Inc., USA, UK vii. Naylor Association Solutions, USA viii. Nimble AMS, USA ix. Act-On Software, Inc., USA, UK x. Widgix, LLC (dba SurveyGizmo), USA xi. Insight, USA xii. Authorize.Net, USA, UK xiii. Navision Serenic Software, USA xiv. SalesForce, USA xv. SalsaLabs, USA xvi. Amazon AWS, USA, UK (Apps) xvii. Convex, USA xviii. Survey Monkey xix. GetFeedback xx. Stripe xxi. Native iOS/Android Applications
(e) The personal data will be stored by ZERO TO THREE for an indefinite period of time and may be used in all of some of the following ways to: fulfill your purchase; process your registration; provide you with customer service; track and analyze your engagement in ZERO TO THREE activities; and market products and services to you.
(f) The individual has the right at any time to request from ZERO TO THREE access to and rectification or erasure of personal data or restriction of processing concerning the individual or to object to processing as well as the right to data portability. In these cases, please send your email request to ZERO TO THREE’s Privacy Officer at the address provided in the “Contact” section.
(g) The individual has right to withdraw his/her consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by sending an email to the Privacy Officer at the address provided in the “Contact” section.
(h) The individual has the right to lodge a complaint with his/her data protection authority against the data processing.
(i) The individual is obliged to provide his/her personal data to ZERO TO THREE (such as name and contact) so that ZERO TO THREE can respond to the inquiry.
(j) ZERO TO THREE will not use the personal data of the individual for automated decision-making, including profiling.
(k) Where ZERO TO THREE intends to further process the personal data for a purpose other than that for which the personal data were collected, ZERO TO THREE will provide the individual prior to that further processing with information on that other purpose and with any relevant further information, insofar as the individual does not already have the information.
ZERO TO THREE will retain your PII in accordance with its data retention policy. For the purposes of this section, we keep your data indefinitely so that we can continue to provide you with new offers, services, or information, where applicable, and so that we can communicate with you regarding past services, memberships, and products. In order to be completely removed from our database, you must submit a request to be forgotten to email@example.com.
ZERO TO THREE Data Privacy Officer 1255 23rd St. NW, Suite 350 Washington, DC 20037
You can also send an email to: firstname.lastname@example.org