Privacy Policy

The purpose of this policy is to be more transparent about the personal data we collect on our website, why we collect this data, who we may share this data with, and what rights you have over the use and storage of your personal data. We believe this level of transparency is important for all involved in Affirmation’s efforts to support the LGBTQ+ Mormon community.

Who We Are

Affirmation Gay and Lesbian Mormons; doing business as Affirmation: LGBT Mormons, Families & Friends; is a Utah nonprofit seeking to support LGBTQ+ Mormons, their family members, and friends. For more details about the work of Affirmation, please see our vision and values. The full address of our principal place of business: 912 E 32nd Street, Minneapolis, MN 55407. Our email address is [email protected]. Our website address is affirmation.org.

What Personal Data We Collect and Why We Collect It

Contact Forms

Information collected by any contact form on our website collects the explicit information provided by you when using that form, such as name, email, phone number address, etc. Additional information including user agent, user IP address is also recorded when submitting any form on our website. Additional information that may be collected includes the date of submission, data parameters included in the URL of the page where the form was accessed, and the referring URL. This information allows users to communicate with us, and for us to deliver content and responses relevant to our users. This information is usually sent via encrypted email to email accounts we manage. All form submissions are stored on our website for up to 90 days unless otherwise requested by the user.

Payment Forms

Information collected by any payment form on our website collects the same types of information as any contact form on our website; however, we also store and may possibly securely email information such as the type and last four digits of the credit card used for payment. We never see complete credit card or account numbers used to make payments on our site. Complete payment information is only transmitted securely to our payment processor upon form submission. We use Stripe as our payment processor for the secure processing of payments. You may view Stripe’s privacy policy here. All information collected on our payment forms is required for users to purchase our products and services and for us to process those payments and deliver the products and services users pay for.

Cookies

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use Google Analytics for our website analytics and have set our data retention controls to delete user-level and event-level data associated with cookies, user-identifiers, and advertising identifiers to automatically delete every 14 months. We use analytics data to understand how users are using our website. You may view Google Analytics’ privacy policy here.

Who We Share Your Data With

In General

Unless otherwise noted as a service used for a specific purpose within this policy, we do not share your data with any other party for any reason. We do not sell, exchange, or otherwise distribute data.

We may also share information as required by applicable law, regulation, or government request; for the investigation of potential violations of our policies; to respond to potential fraud, security, or technical issues; to respond to user requests; or to protect our rights, our property, our safety, or the safety of our users and the public. This may include sharing information with other entities as necessary for fraud protection and spam/malware prevention.

Hosting Provider

Our website is currently hosted with WPEngine. As such, any user data collected, processed, or stored on our website is collected, processed, and stored on servers managed by WP Engine. However, WPEngine does not access or process this data directly for their own business purposes. You may view WPEngine’s privacy policy here.

Mailing Lists

We do maintain electronic mailing lists and we utilize MailChimp for the storage of data related to those mailing lists and for the sending of email to those lists. Data stored on these lists are data submitted by our subscribers or members and is required for the purpose of sending relevant or communications to both. You may view MailChimp’s privacy policy here.

Constituent Relationship Management (CRM)

We maintain contact, demographic, and transactional information such as donations made, membership fees paid, event tickets purchased, in a constituent relationship management system. This data enables us to better understand how Affirmation’s constituents interact with the organization, connect those constituents to resources and information relevant to them, and maintain our mailing lists. We use Salesforce as our constituent management system. You can view Salesforce’s privacy policy here.

How Long We Retain Your Data

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. Information submitted via contact or payment forms is kept for up to 90 days after the submission of the form. All cookies are either deleted upon the closing of your browser or logging out of your account. User-level and event-level analytics data is deleted every 14 months. Mailing list data is kept perpetually until a customer cancels their services or a subscriber otherwise unsubscribes from a mailing list. Data in our constituent relationship management system is kept perpetually unless otherwise requested by the constituent. Should such a request be made, transactional information in our constituent relationship management system will be kept, but anonymized, to ensure proper reporting organization activities.

What Rights You Have Over Your Data

If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time. In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information or request portability of your personal information. These requests may be made by emailing [email protected].

You have the right to opt-out of any non-transactional emails we send you at any time. You made do so by clicking the “unsubscribe” link in the footer of these emails.

You have the right to withdraw your consent from us processing your personal data at any time. Withdrawal of consent does not delegitimize any processing of your personal data conducted prior to the withdrawal of your consent, as long as you provided consent prior to such processing.

You have the right to complain to an appropriate authority about our collection and use of your personal data.

Additional Information

How We Protect Your Data

All data transmitted through our website is SSL encrypted over secure HTTPS. All data that we store on our servers or on third-party service providers named in this policy is secured strong passwords that are regularly updated to safeguard the data stored by those services. We use services with records of providing secure processing and storage of data. Even with the best safeguards, it is not possible to guarantee there will never be a breach of personal data.

What Data Breach Procedures We Have in Place

Upon discovery of any data breach, we will immediately update all passwords associated with the breach. We will inform affected users of the breach. Should a data breach occur, we will abide by any requirements of any applicable law.

What Automated Decision Making and/or Profiling We Do with User Data

Personal data collected may be used to distribute information based on location, organizational activity, or submitted demographic information. We do this so that constituents receive information and resources that are relevant to them.

Changes to Our Privacy Policy

This policy may be updated from time to time. If you are concerned about how we protect your privacy or use your personal data, we recommend you review it often. We will notify you about changes to this policy on our website. If we make significant changes, we will notify you through email or other communication. This policy was last updated on May 24, 2018.

Comments are closed.