A. Introduction

PolicyLink, together with its affiliated entities, (“we,” “us,” and “our”) strongly believes in protecting the integrity and privacy of the personal information we collect, and the protection of your privacy very important to us. This Privacy Policy (the “Policy”) has been designed to answer your questions about your privacy rights while you engage with our websites, including those listed below, any additional sites that we control, and mobile applications (each, a “Site,” and collectively, “Sites”), as well as when you participate in our programs and events, and receive any of our other services (collectively, “Services”). If you need more information, please refer to the Contact section of this Policy below.

B. Purpose

This Policy applies to PolicyLink’s Sites and Services that link to or reference this Policy. This Policy describes how PolicyLink collects, uses, shares, and otherwise processes Personal Data, as defined in the section below, and the choices available to you regarding: (1) how we collect, use, and access your Personal Data; and (2) how to confirm your Personal Data is updated, corrected, and/or deleted. Additional terms and information about PolicyLink’s Personal Data handling practices may be provided in services descriptions, supplement statements, or contract terms, or notices provided prior to or at the time of information collection.

The Services do not include any third-party service you interact with via the Sites or Services. This Privacy Policy applies only to information that you provide to us through the Sites and Services.

C. Definition of Personal Data

“Personal Data” is any information that can be used to identify an individual, and may include, but is not limited to, for example, name, address, email address, phone number, login information (account number, password), marketing preferences, social media account information, IP addresses, location data (if combined with other identifiers), personal identification numbers (passport numbers, social security numbers, etc.), photos, video footage with your likeness, audio recordings, payment card number, criminal record, educational and professional records, and any form of biometric, health, genetic, racial, ethnic, religion, political affiliation, gender-based, sexual preference, age-related, or other identifying personal data. If we link other data with your personal information, we will treat that linked data as Personal Data. We may also, from time to time, collect Personal Data from trusted third-party sources and engage third parties to collect Personal Data to assist us.
Our Sites may contain links to other websites, applications and services maintained by third parties. The information practices of such other services, or of social media networks that host our branded social media pages, are governed by third parties’ privacy statements, which we encourage you to review to better understand those third parties’ privacy practices. We have no control over such third parties’ privacy statements or practices.

D. Collection and Use of Your Personal Data

We may collect a variety of information, including Personal Data, about you as you use our Sites and Services and interact with us. A summary of what we collect and how we use the Personal Data associated with our Sites and Services is set forth below.

1. Personal Data Collected on Sites

We use common information-gathering tools, such as log files, embedded web links, web beacons, and cookies, to automatically collect certain standard information that your browser sends back to our Site(s). Examples include:

• Browser type and version
• Address of the website from which you arrived at our Site
• Your Internet Protocol (IP) Address
• Clickstream behavior, meaning the pages you view and the links you click.

These tools help make your visit to our Sites easier, more efficient, and more valuable by providing you with a customized experience and recognizing you when you return.

2. Mobile Application(s)

If you use one or more of our mobile application(s) (a “Mobile App”), we may collect information about the device on which the Mobile App is installed such as a device identifier (IMEI or UDID), subscriber identifier, mobile phone number, device name, type, and manufacturer, operating system type and version, wireless carrier, network type, country of origin, and IP address. We may also collect location data from the GPS on your device.

3. Personal Data Provided at Programs and Events

These types of events include in-person and web-based programs and events and other in-person as well as virtual gatherings (collectively, “events”). If you register for one of our events, we will collect your name, organization name, telephone number, address, email address and select other information, which we will store in our database(s) and use to provide you with information and services associated with the current and future events, and our Sites and Services.

4. Personal Data Provided in Correspondence with PolicyLink

If you correspond with us by email, the postal service, or other form of communication, we may retain the correspondence and the information contained in it and use it to respond to your inquiry and to keep a record of the complaint, accommodation, or other request. If you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on our “master do not send” list in order to comply with your no-contact request.

5. Personal Data Provided in Accordance with Contest Applications

When you submit an application in accordance with a contest sponsored in part, or in whole, by us or in partnership with unaffiliated third parties, we will collect Personal Data about you including: name; email addresses; telephone numbers; education; employment history; the city, state, and country in which you live; gender, race, and LGBTQ affiliation (an applicant may select “prefer not to answer”). We may also collect information about your venture, such as the name, industry, and focus of the venture.

6. Personal Data Provided to Process Payment

You may purchase Services or make a donation to PolicyLink using a payment card. Payment card information may be provided via a Site or an authorized third-party payment site, into the PCI/DSS-compliant payment processing service(s) to which we subscribe. We do not process or store the card information.

7. Use of Google Analytics and Other Backend Analytics Tools

We use Google Analytics, a service that transmits our Site traffic to Google servers in the United States of America. Google Analytics does not identify individual users or associate your IP address with other data held by Google. We use reports and data provided by Google Analytics and other website traffic tracking services to help us understand our Site traffic trends and usage.

8. Do Not Track Option

Some web browsers may give you the ability to enable a “do not track” feature that sends signals to the Sites you visit, instructing that you do not want your online activities to be tracked; however, these features are not uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Be aware that this is different from blocking or deleting cookies, and that browsers with “do not track” features enabled may still accept cookies. PolicyLink takes privacy and meaningful choice seriously. We continue to monitor developments related to “do not track” browser technology and the implementation of a standard. While the Sites do not currently recognize and respond to “do not track” signals, if we do in the future, we will update this Policy.

9. PolicyLink Cookies Statement

To learn more about how to update your choices in relation to cookies and other web browsing technologies, please go to the PolicyLink Cookies Statement, below.

10. Personal Data Use Summary

Personal Data you provide to us is used either to respond to requests that you make or to aid us in serving you better. A summary of the ways we may use your Personal Data is set forth below:

• To deliver the Services you request;
• To manage your accounts and maintain our business operations;
• To identify you as a user and allow you access into our Sites;
• To optimize and improve our Sites and Services;
• To protect the security and effective functioning of our Sites and information technology systems;
• To send you administrative email notifications;
• To contact you, and to respond to and track progress of your inquiries;
• To detect, investigate, and prevent illegal or non-compliant activities;
• To address our compliance and legal obligations and exercise our legal rights;
• To administer contests (including by third parties), specifically, to sponsor, promote, and receive Personal Data, and to send marketing materials related to such contests;
• To make phone calls to you, from time to time, to solicit feedback or provide secondary fraud protection; and
• To send you marketing information, program and event recommendations, newsletters, and other non-transactional communications about us, our related entities, similar non-profit organizations, sponsors, and business partners (collectively, the “Affiliates”) for purposes of conducting direct marketing. Please see “Your Rights and Choices Regarding Your Personal Data” to learn how you can control the processing of your Personal Data by PolicyLink for marketing purposes.

E. Sharing Your Personal Data with Third Parties

We may share your Personal Data with Affiliates for the purposes of operating our organization, delivering, improving, and customizing our Sites and Services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law or otherwise with your consent. We may share Personal Data in the following ways:

• With unaffiliated third parties to administer, sponsor, and promote contests, including sharing contest application information and marketing materials that may be relevant to contest applicants;
• With unaffiliated third parties when we transfer personal data to them in connection with business operations we jointly performed;
• Within PolicyLink and with any of the Affiliates for purposes of data processing, research and development, storage, and/or marketing;
• With Affiliates, service vendors, and/or contractors to provide requested Site content or enhancements, Services, or a transaction. Examples include, but are not limited to: processing of orders, donations, and credit card transactions, hosting websites, constituent relationship management, assisting with donation-related efforts or post-donation support, delivering Services or services, and providing customer support;
• With service vendors focused on the provision, payment, and auditing of employee, vendor, and contractor benefits;
• With search engine, web analytics, and survey providers engaged to track trends and other statistics to enhance the user experience;
• In connection with, or during negotiations of, any merger, or combination of PolicyLink with another organization;
• In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation or legal process;
• With law enforcement officials, government authorities, or other third parties as necessary to comply with legal process or meet national security requirements; protect the rights, property, or safety of PolicyLink, our Affiliates, you, or others; or as otherwise required by applicable law.
• In aggregated, anonymized, and/or de-identified form which cannot reasonably be used to identify you; and/or
• If we otherwise notify you and you consent to the sharing.

PolicyLink Sites and select Services may, from time to time, use interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from Sites or Services through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your Personal Data.

F. International Transfers of Your Personal Data

PolicyLink is headquartered in the United States and Personal Data we collect from you will be processed in the United States.

G. Your Rights and Choices Regarding Your Personal Data

PolicyLink encourages you to keep your Personal Data accurate and current. In addition, you have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you, or by contacting us. Please note that some of our Sites and Services may require our legitimate collection, storage and use of your Personal Data, and such Sites and Services may not be available if you are unwilling to provide the necessary Personal Data.

Where you have consented to allow us to use your Personal Data, you can withdraw that consent at any time. If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. You may request that we erase that Personal Data or cease processing it, subject to certain exceptions. You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any Personal Data we hold about you.

You may also request information about: (i) the purpose of the processing; (ii) the categories of Personal Data concerned; (iii) who else other than PolicyLink might have received the Personal Data; (iv) what the source of the information was (if you didn’t provide it directly to us); and (v) how long it will be stored.

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to enable us to deal with your request or to speed up our response.

If you have a complaint about how we have handled your Personal Data, you may be able to ask us to restrict how we use it while your complaint is resolved. In some circumstances you can ask us to delete your Personal Data:

• By withdrawing your consent for us to use it;
• If it is no longer necessary for us to use your Personal Data;
• If you object to the use of your Personal Data and we do not have a good reason to continue to use it; or
• If we have not handled your Personal Data in accordance with our obligations.

H. Security of Your Personal Data

It is our goal to protect the Personal Data entrusted to us and treat it securely in accordance with this Policy. We implement various physical, administrative, and technical measures designed to protect your Personal Data from unauthorized access, use or disclosure. We contractually require our critical vendors to protect such information from unauthorized access, use and disclosure. We restrict access to your Personal Data to those who need to know that information to provide Services or other benefits to you. In addition, our employees are required to maintain the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

We require you to enter a password to access Personal Data associated with your PolicyLink account. Please do not disclose your account password to unauthorized people. Note, however, that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we use reasonable efforts to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you provide to us.

I. Retention of Personal Data

We will retain your Personal Data for the period required to fulfill the purposes for which it has been collected. These purposes may include the need to fulfill various commercial and legal requirements. Key requirements driving the need for collection, analysis and storage of Personal Data may include, for example:

• Business strategy;
• Current and prospective customer outreach;
• Resource planning;
• Legal compliance;
• Financial reporting;
• Dispute resolution; and/or
• Asset protection and agreement enforcement.

Your Personal Data is stored by PolicyLink on servers of the cloud-based database management services we engage, located in the United States. Unless you request otherwise, we will retain data for the duration of your relationship with us or for as long as is required by law. For more information on where and how long your Personal Data is stored, please contact us.