Rev. March 2023
INFORMATION WE COLLECT
When you visit our website, we collect technical data such as the web browser, device, public IP address, page views, and clicks, as well as search terms used to find and explore our website. This information is used to improve the user experience on our website.
We collect and process personal data such as name, date of birth, contact information, and email, as well as billing and payment information, which you provide to us in connection with the use of our services.
We may also conduct surveys and collect data for quality assurance purposes. These data collections may include identifiers that connect back to your profile.
Purpose of Processing
Anonymous web data is used to understand how the layout of our website and digital presence can better deliver and communicate the services we provide.
Your personal data is used to understand the demographics we serve and how we can further provide services to you, your family, and your community.
We may contact you through email, phone, or other electronic communication about services in which you have expressed interest. Survey data is used to modify and audit the services we provide to ensure high-quality delivery. We may reach out to you for more information related to a survey or to resolve issues or challenges related to our services.
Occasionally, we may contact you or your family with offers or promotions for services that we offer based on your history with similar services. We may also contact you regarding our fundraising efforts. You can opt out of these communications by using the unsubscribe link in the communication. However, we will still contact you about services or billing that are currently active based on your profile information.
SHARING OF INFORMATION
The YMCA will not sell your personal data.
We may share your information with the YMCA of the USA as part of our nationwide membership system and to understand how YUSA and partner Ys can continue to serve their respective geographic areas.
We may also engage a partner company for the purposes of data and demographic analysis or enhanced data collection. This information is processed with the same level of security as data under our care.
We may also share your information with local and state agencies in compliance with local laws, ordinances, and programmatic requirements. In the event of an active investigation, we may also share your data with law enforcement agencies. Profile and demographic information will not be shared with law enforcement except under warrant or subpoena.
We collect personal information from our donors, including name, address, phone number, email address, and payment information. This information is used to process donations, communicate with donors about their donations, and send them tax receipts. We may also use this information to keep donors informed about our activities and to request future support. We do not sell, share, or rent donor information to third parties. Donors may choose to remain anonymous at any time.
We may also use donor information for research and analysis purposes, including to improve our fundraising efforts and to better understand our donor base. However, any such research will only use aggregated or anonymized data that does not identify individual donors.
Donors have the option to opt out of receiving communications from us at any time. Donors also have the right to request access to the personal information we hold about them and to request that we update or delete their information. Donors may also choose to remain anonymous at any time.
The YMCA takes the security of your data and information seriously and employs several measures to ensure its protection. The following tools and practices are in place to secure your data:
- Employee Multi-Factor Authentication: To access your data, employees must provide multiple forms of identification to ensure that only authorized personnel have access.
- Employee Training and Auditing: Regular training and auditing programs are conducted to ensure that employees understand the importance of data privacy and security, and follow best practices.
- Job Function-Based Access Restrictions: Access to your data is restricted based on an employee’s role and job function, further enhancing security.
- Regular System Backups: Regular backups of all data and information are taken to ensure that it can be recovered in case of a security breach or data loss.
- Sensitive Data Encryption: Both at rest and in transit, sensitive data is encrypted to prevent unauthorized access.
- Third-Party Auditing and Monitoring: We work with third-party experts to audit and monitor our systems to ensure that they are up to date on the latest security threats and mitigations.
The YMCA is committed to protecting your data and ensuring that it remains confidential and secure at all times.
In the event of a data breach, we have established procedures to ensure that the situation is promptly addressed and any potential impact is minimized. Our incident response plan outlines the steps we will take to assess the breach, contain it, and prevent any further unauthorized access to personal data. We will also promptly notify affected individuals and regulatory authorities as required by law.
To help prevent data breaches, we have implemented strict security measures and regularly review our practices to ensure they are up-to-date with industry standards. Our staff is trained to handle personal data in accordance with our privacy policies and are made aware of the consequences of data breaches. Additionally, we regularly monitor our systems to detect and respond to any potential threats.
RIGHTS OF EU CITIZENS
To comply with the General Data Protection Regulation (GDPR), we are committed to protecting the privacy of EU citizens and their personal data. If you are an EU citizen and wish to request access to your personal information that we may have collected, you may do so by contacting us at GDPR@ymcaboston.org or the mailing address listed in the contact information section at the bottom of this policy.
In your request, please specify what personal data you would like to access and include a copy of a government-issued ID to verify your identity. We will respond to your request within 30 days and provide you with a copy of the requested information, free of charge. If your request is complex or numerous, we may extend the deadline by a further two months and will inform you of this extension within the initial 30-day period.
If you believe that any of the personal data we hold about you is incorrect or incomplete, you may also request that we rectify or update your information. If we have disclosed your personal information to third parties, we will take steps to notify them of any changes to your information, to the extent feasible.
If you would like to exercise any of your rights under the GDPR, please contact us at GDPR@ymcaboston.org.
CHANGES TO THIS POLICY
We may update this policy from time to time to reflect changes in our practices. Any revisions will be posted on this page, and we will notify you of any significant changes through our website or by email.
Our mailing address is:
YMCA of Greater Boston
ATTN: Chief Communications Officer
316 Huntington Avenue
Boston, MA 02115
You can contact us by phone at 617-927-8060. Ask for the office of the Chief Communications Officer.