By Accessing and/or Using this Site, You Agree To
- The transfer, processing and maintenance of your personal and sensitive information in the United States of America.
The Personal and Other Information We Collect
Depending on the type of communication or transaction, the personal information we collect may include, but is not limited to, your name, postal address, ZIP code, telephone number, organization name, email address, gender, credit card, bank information or billing information, demographic information, emergency contacts, travel information, physician information, health information, passport information (for international travel), background check information, identification numbers, competition results, participation histories, images and video, survey data, salary/benefits/tax work history (for Special Olympics employees only).
- Special Olympics only uses Personal Information to publicly promote Special Olympics, solicit donations, and recognize Special Olympics sponsors and partners in accordance with the written consent of Data Subjects.
- Where Special Olympics intends to further process Personal Information for a purpose other than that for
which the personal data were collected, Special Olympics will provide notice to the Data Subject prior to that
further processing with information on that other purpose and with any relevant further information.
Where and When We Collect Personal Information
We Do Not Knowingly Collect Information From Children
Our website is intended for general audience and we do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to provide us with their personal information. If you are under 13, do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event we learn that we collected personal information from anyone under the age of 13, we will delete that information as quickly as possible. If you believe that we might have collected personal information from anyone under the age of 13, please contact us at firstname.lastname@example.org.
Online Profile Updates and Donations
If you complete the Profile update form and share your personally identifying information, this information will be used only to provide you with more targeted content. We may use your contact information to send further information about our organization or to contact you when necessary. You may always opt-out of receiving future mailings; see the “Opt Out” section below.
Opt-Out or Change Your Contact Information
Our site provides users the opportunity to opt-out of receiving communications from us. You may choose to receive only specific communications or none at all. You may also update your contact information previously provided to us. You cannot remove yourself from our database, but you can prevent unwanted communication.
Sending Us an Email
- You also may decide to send us personally identifying information, for example, in an electronic mail message containing a question or comment, or by filling out a Web form that provides us this information. We use personally identifying information from email primarily to respond to your requests. We may forward your email to other employees who are better able to answer your questions. We may also use your email to contact you in the future about our programs that may be of interest.
- We want to be very clear: We will not obtain personally identifying information about you when you visit our site, unless you choose to provide such information to us. Providing such information is strictly voluntary. Except as might be required by law, we do not share any information we receive with any outside parties.
- If you sign up for one of our email lists, we will only send you the kinds of information you have requested.
Do We Disclose Any Information to Outside Parties?
Special Olympics Southern California and Special Olympics, Inc. reserve the right to share your personal information in certain situations:
- We may release your information, when we believe release is appropriate, to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
- Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
- We allow trusted third parties, who assist us in operating our website, conducting our business, or servicing you, access to our databases so long as those parties agree to keep this information confidential.
- Data subjects: A Data Subject’s Personal Information may be disclosed to the Data Subject or his/her authorized guardian or representative.
- Medical Emergency: Special Olympics may disclose Personal Information to medical professionals in an emergency.
- Visa Assistance: Special Olympics may disclose Personal Information with government authorities for the purpose of assiting Dta Subjects with any visas regquied for international travel to Special Olympics events.
- We occasionally exchange our donor name and address list with other reputable non-profit organizations to keep our costs down. If shared, the other non-profit organization is only permitted to use such information for a one-time mailing and cannot use it for telemarketing purposes. You can opt out of this exchange at any time by contacting us at DonorServices@SpecialOlympics.org and providing your complete name and address.
- Credit Card Transactions, Electronic Fund Transfers, Payments by Check or Money Order and Online Transactions. Special Olympics uses third parties to provide credit card, bank, payment and information processing services. If you choose to make a donation online, by phone, through the mail or by other means we will share your personal information with our processing service providers. While we believe these other companies will treat your personal information responsibly, we do not own or control them and cannot guarantee your privacy.
- Necessity. If we have reason to believe that there has been some inappropriate interference with or use of our website, communications, or charitable services, or if we have reason to believe that one of the Special Olympics website users, donors, employees or other related parties may have been injured or may have harmed some other party, we will disclose, without notice to you, personal information as we deem appropriate or if compelled by a legal or regulatory authority.
A “cookie” is a small piece of data that is sent to your browser from Special Olympics Southern California’s web server and is stored on your computer’s hard drive. Cookies are used to collect non-identifying information about the user, such as Web surfing behavior or user preferences for a specific website. Special Olympics uses two different types of cookies – session-based and persistent cookies. Session-based cookies expire at the end of a browser session so once you close your browser the cookie simply terminates. Persistent cookies remain on your computer until you remove them. Persistent cookies are used to provide internal website analytics. You can manually delete all cookies including persistent ones within your browser privacy settings menu.
Web Site Links
In order to provide certain services and goods at our website, we contract with other companies and individuals. These additional services and goods may include “links” to other websites from our website. Special Olympics Southern California’s privacy practices may not be applicable at any third-party sites. Anytime you leave the www.sosc.org website, we have no control regarding what information may be collected about you, nor do we control what third-parties might do with the information. It is important that you review any privacy policies on third-party sites carefully, BEFORE you use any services or programs offered.
Creating a text link from your website to our site does not require permission. If you have a link you’d like us to consider adding to our website, please send an email to email@example.com with the subject “Link request.”
Use of Text and Images
If you would like to publish information or images that you find on our website, please send your request to firstname.lastname@example.org. Where text or images are posted on our site with the permission of the original copyright holder, a copyright statement appears at the bottom of the page.
This website is designed to be accessible to visitors with disabilities, and to comply with federal guidelines concerning accessibility. We welcome your comments. If you have suggestions on how to make the site more accessible, please contact us at email@example.com.
Principles of Data Processing
Special Olympics has adopted the following principles to govern its processing of Personal Information, except as specifically provided by supplementary policies or as required by applicable laws or regulations.
- Lawfulness, Fairness, and Transparency. Personal Information shall only be processed lawfully, fairly, and in a transparent manner in relation to the Data Subject.
- Purpose Limitation. Personal Information shall be obtained only for specified, explicit, and legitimate purposes, and shall not be further processed in any manner incompatible with those purposes.\
- Data Minimization. Personal Information shall be adequate, relevant, and not excessive in relation to the purposes for which they are processed. d. Accuracy. Personal Information shall be accurate and, if necessary, kept current, as appropriate to the purposes for which they are processed. e. Storage Limitation. Personal Information shall not be kept in a form that permits identification of the Data Subject for longer than necessary for the permitted purposes.
- Integrity and Confidentiality. Personal Information shall be processed in a manner that ensures appropriate security of the Personal Information, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- Data Protection by Design and by Default. Technical and organizational measures shall be designed to implement data protection principles and to ensure that, by default, only personal information necessary for each specific purpose of the processing are processed.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of Data Subjects, Special Olympics will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk. In particular, Special Olympics will implement and maintain appropriate measures to protect Personal Information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise processed. Special Olympics shall also be able demonstrate how data processing is being performed in compliance with applicable laws, including GDPR. The following measures should be considered and implemented as appropriate in accordance with the above principles:
- Office access control such as lock and key, swipe cards, and building security to ensure that only authorized persons are able to enter the premises;
- Paper safeguards including (i) secure storage of written or printed Personal Information to safeguard against disclosure to individuals not involved with the use of the information and (ii) shredding when use of the printed information is complete;
- Digital storage only in data systems approved by the administration of each Special Olympics organization for the Personal Information the system holds;
- Unique login credentials used to access Personal Information with passwords of sufficient length and character types (e.g., numbers, upper case letters, lower case letters, special characters) consistent with industry best practices;
- Automatic lock of computers and devices holding Personal Information after a short period of nonuse;
- Computers and devices secured when unattended in a locked house when at home or locked trunk when traveling by automobile;
- Monitoring, logging, and audit controls on computers, devices and systems holding Personal Information;
- Malicious software protection on computer systems, including regular and prompt updating of antivirus, operating system, and application software to maintain current security features;
- Prompt access removal upon termination of an employee, contractor, or volunteer with access to Personal Information, including return of facilities keys, return of computing equipment, and removal or access to data systems by changing or terminating login credentials;
- Appropriate device and media disposal, including wiping of Personal Information and other confidential information prior to disposal or re-use;
- Remote locking and wiping capability on computers and devices holding Personal Information in order to safeguard data in the event of loss or theft;
- Pseudonymization and encryption to limit risk of unauthorized disclosure of Personal Information;
- Back-up systems to ensure the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident;
- Firewalls to protect against network intrusions and configured to enforce Special Olympics policies, such as blocking prohibited websites; and
- Wireless networks configured in accordance with industry standards for wireless security.
Technical safeguards capabilities should be among criteria for continued use of and/or procurement of any new computing hardware or software.
Where a type of Personal Information processing, in particular using new technologies, is likely to result in a high risk to the rights and freedoms of Data Subjects (taking into account the nature, scope, context and purposes of the processing), Special Olympics will conduct an assessment of the impact of the processing operations on the protection of Personal Information. Special Olympics should conduct this assessment before beginning the contemplated data processing.
Data Privacy Coordinator
The CEO of SO shall appoint a Global Data Privacy Coordinator to be responsible for overseeing, on behalf of SOI, ongoing activities related to the development, implementation, maintenance of, and adherence to policies and procedures covering privacy and data protection. Likewise, the CEO or National Director of each other Special Olympics organization shall appoint an organization-specific Data Protection Coordinator who will be responsible for data privacy implementation for that organization. Duties of the Data Privacy Coordinator include:
- Providing guidance and assisting in the implementation of privacy and data security policies and procedures in coordination with management and legal counsel;
- Performing periodic privacy and data security risk assessments and related ongoing compliance monitoring activities in coordination with applicable organizational departments;
- Ensuring the organization maintains appropriate privacy and confidentiality consent, authorization forms, and information notices reflecting current Special Olympics practices and requirements;
- Ensuring delivery of privacy training and orientation to employees and volunteers with access to Personal Information;
- Investigating and addressing privacy and data security incidents and/or policy violations;
- Working cooperatively with the applicable organizational departments in overseeing Data Subjects’ right to ask to inspect, amend, and restrict access to Personal Information;
- Maintaining current knowledge of applicable laws and monitoring advancements in information privacy technologies to ensure appropriate adaptation and compliance;
- Seeking outside help as necessary when unable to perform any of the duties above.
Violations and Security Incidents
Duty to Report
Any employee who becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information 7 | Privacy and Data Security Policy Effective 25 May 2018 shall immediately report the incident to his/her supervisor and/or the Data Privacy Coordinator. Supervisors receiving reports of potential violations and/or security incidents shall immediately report the matter to the organization’s Data Privacy.
Upon learning of an incident or potential violation, the Data Privacy Coordinator shall respond appropriately based on the circumstances, according to SOI’s incident response policies and procedures, and as at all times directed by the SOI Legal Department. This response may include, but may not necessarily be limited to:
- Notification of executive management where appropriate;
- Notification of affected individuals, organizations, and/or government officials as required by applicable rules, laws, regulations, and contractual obligations;
- Retraining and/or disciplinary action for responsible employees as appropriate if the incident involved a violation of this policy; and/or
- A post-incident analysis conducted by the Data Privacy Coordinator and the Legal Department to incorporate any lessons learned into SOI’s incident response policies and procedures, to evaluate Special Olympics safeguards, and to recommend to management any changes believed appropriate.
Privacy and Data Security Training
Employees and volunteers will be given privacy and data security training and/or guidance appropriate to their roles and responsibilities. The Data Privacy Coordinator shall ensure that training on this policy is provided when it is substantially changed.
Special Olympics organizations shall develop contingency plans to prepare for system failures, and to prepare procedures for maintaining critical operations in the event of system failure.
The Data Privacy Coordinator shall conduct periodic reviews of the organization’s privacy and data security practices. Types of evaluation may vary and may include vulnerability scanning and remediation, firewall audits, penetration tests, social engineering exercises/tests, IT asset audits, audits of policies and procedures for compliance with applicable regulations, and/or audits of compliance with policies and procedures.
Changes to Privacy Practices
From time to time, Special Olympics Southern California may revise its privacy practices to address changing technology, security measures and website functionality. We strive to provide you with timely notice of these changes. Please contact us if you have any questions about changes to our practices.
If you use Special Olympics Network communications tools to disclose information about yourself publicly (for example, in chat rooms or online message boards made available by the Special Olympics Network), other online users may obtain access to any information you provide. The contents of your online communications, as well as other information about you as an user, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena); in other circumstances in which Special Olympics believes the Special Olympics Network is being used in the commission of a crime; when we have a good faith belief that there is an emergency that poses a threat to the safety of you or another person; or when necessary either to protect the rights or property of Special Olympics, the Special Olympics Network or its Accredited Programs or third party providers, or for us to render the service you have requested.
Questions About Our Policies
If you have any questions about this privacy statement, the practices of this site, or your dealings with this website, you can contact us at firstname.lastname@example.org.