Equity In The Center® Privacy Notice

Last Updated: March 5, 2024

Equity In The Center® is a nonprofit organization based in Washington DC (collectively “EIC,” “we,” “us,” and “our”). This Privacy Notice (the “Privacy Notice”) describes the privacy practices EIC employs in connection with personal information we collect online (e.g., through our website https://equityinthecenter.org (“Website”)), [and offline] (collectively, the “Services”). This Privacy Notice explains the types of personal information we collect, how we may use and share the information, and the privacy choices and rights that you may have with respect to our handling of personal information about you and how you can contact us if you have any questions, requests, or concerns.

Click on the links below to jump to the different sections of our Privacy Notice:

Personal Data We Collect

In this Privacy Notice, we use the term “Personal Data” to refer to information that can be used by itself or in combination with other available information to identify or be associated with you. Directly identifying information includes, for example, information such as your name, e-mail address, and date of birth. Personal information that is associated or linked to you includes data related to your interaction and usage of our Services.

Types of Information We Collect

The Personal Data we collect about you depends on the particular services we provide to you. We do not knowingly collect personal information of children under 13 years of age. We do not sell or share your personal data for targeted advertising. We may collect the Personal Data categories listed below.

Contact information, such as name, email address, postal address, and phone number.
Demographic information, such as date of birth, gender, and zip code.
Content you make available through social media accounts.
Content you post on the Services. When visitors leave comments on the site we collect the information shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After we approve your comment, your profile picture is visible to the public in the context of your comment. If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the Website.
Billing information, such as credit card details and billing address. Note that we use third party payment processors to facilitate your payments and do not store your payment card information.

If you submit any Personal Data relating to other people, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.

How We Collect Information

We may collect Personal Data from various sources, including:

Information Provided By You

You directly provide EIC with some of the Personal Data we collect – in person, by telephone, text, email, or our website. We collect and process Personal Data from the following sources:

Membership. When you become a member, we collect information such as your name and contact details, demographic information, such as date of birth, gender and zip code, information related to your interests, and other information you submit in connection with your membership profile.

Newsletter: information that you provide to sign up for our newsletter.

Communications. When you contact us via a contact form (when you fill out any forms on the Website), email, or other means, you provide us with Personal Data, such as your name and contact details, and the content, date, and time of our communications.

Support Information. When you request technical support services, we will process your Personal Data such as your name and the contact details you use to contact us, as well as information on the reasons for your support request, and any additional information you may provide in that context.

Billing Information. We collect information necessary to process payments you make through the Services, such as tickets to our events or donations. We do not store payment card data on our systems.

Surveys. When you respond to surveys run by ourselves (for example, to get feedback on our own Services).

Information Collected from Other Sources

We may obtain Personal Data about you from our sponsors or third parties who organize events or programs at our facilities or who we partner with to facilitate such programs and events.

Information We Collect By Automated Means

Social Media. We may collect Personal Data via social media tools, widgets, or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link, or post directly to your social media account. When you visit a website that contains such tools or plugins, the social media or other service provider may learn of your visit. Your interactions with these tools are governed by the privacy policies of the corresponding social media platforms.

Website and Cookies. We may collect Personal Data to analyze how people use our website and to improve our website offerings. We may also collect Personal Data via cookies and similar technologies. For more information on our use of cookies, please see our “Cookie and Similar Technologies” section below.

Cookies and Similar Technologies

If you leave a comment on our Website you may opt-in to saving your name, and email address in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

The information that may be collected by automated means includes:

URLs that refer users to our websites
Search terms used to reach our websites
Details about the devices that are used to access our websites (such as IP address, browser type, and operating system information)
Details about users’ interaction with our websites (such as the date, time, frequency, and length of visits, specific content and pages accessed and buttons clicked during the visits, and information provided by you, including email addresses)

Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly. For more information on how to disable cookies, please visit your internet browser’s “help” menu or you can visit http://www.aboutcookies.org/how-to-control-cookies. Please note that not all tracking will stop even if you delete cookies.

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

How We Use Your Information

Under data protection law, we can only use certain Personal Data if we have an appropriate reason for doing so. We rely on various legal bases to process your Personal Data, including:

Consent. You may have consented to the use of your Personal Data, for example to send you electronic marketing communications or for the use of certain cookies. Consent can be withdrawn at any time. This will not affect the lawfulness of the processing before you withdrew your consent.

Contract. We need your Personal Data to provide you with our Services, to complete your requested transactions, and to respond to your inquiries.

Legal. We may also process your Personal Data when necessary to protect your or another individual’s vital interests. We may use your Personal Data as reasonably necessary to assess and ensure compliance with applicable laws, legal requirements, and company policies; to protect our assets or to investigate or defend against any claims of illegality or wrongdoing (including to obtain legal advice or to establish, exercise or defend legal rights); and in response to a court order or judicial or other government subpoena or warrant.

Legitimate Interest. We or a third party may have a legitimate interest in using your Personal Data. We only rely on this legal basis when such legitimate interests are not overridden by your interests or your fundamental rights and freedoms.

We use the Personal Data we collect for the following purposes:

Providing Services, including to operate, maintain, support, and provide our Services. This may include but is not limited to:

To present our Services to you;
To provide you with information, products, or services that you request from us;
To fulfill any other purpose for which you provide it;
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
To notify you about changes to the Services;
To invite you to participate in surveys run by us on our own behalf, for example to invite your feedback on the Services;
To gather analysis or valuable information so that we can develop, test, and improve the Services;
To monitor the usage of our Services
In any other way we may describe when you provide the information; and/or
For any other purpose with your consent.

The legal basis for this processing is our legitimate interest in operating our organization and the performance of a contract with you or to take steps at your request before entering into a contract.

Communicating with You, including to contact you for administrative purposes (e.g., to provide services and information that you request or to respond to comments and questions) or to send you marketing communications, including updates on events, programs, and other offerings, and newsletters, articles, announcements, invitations and other information about programs, classes and events, and other information relating to services or benefits offered by us that may be of interest to you. The legal basis for this processing is our legitimate interest in communications and promoting our organization with our members, patrons, and participants, and the performance of a contract or to take steps at your request before entering into a contract.

Personalization, including to customize our website and Services to you and provide you with the most relevant marketing and advertising materials. The legal basis for this processing is our legitimate interest in customizing our Services and promoting our organization with existing and former members, patrons, and participants and the performance of a contract or to take steps at your request before entering into a contract.

Processing Applications, including soliciting, collecting, and reviewing applications to assess your qualifications and experience in contemplation of potential employment, participation in our programs, and rental space leasing. Our legal basis for this processing is the performance of a contract or to take steps at your request before entering into a contract and your consent, where applicable.

Analytics and Product Development, including to analyze usage trends and preferences in order to improve our Services, our communications and strategies, and to develop new products, services, and features. The legal basis for this processing is our legitimate interest in improving our Services or your consent, where applicable.

Relationship Management, including to track emails, phone calls, and other actions you have taken as our member, patron, participant or vendor. The legal basis for this processing is our legitimate interests in maintaining relationships with our members, patrons, and participants and performance of a contract or to take steps at your request before entering into a contract.

Administrative and Legal, such as to address administrative issues or to defend our legal rights and to comply with our legal obligations and internal policies as permitted by law or to protect your vital interests or the vital interests of another natural person. The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights and those of a third party and our legal and regulatory obligations.

Security. We may process your Personal Data for securing our environment and the Personal Data we process and to protect against, identify, respond to, and prevent fraudulent and illegal activity. The legal basis for this processing is to comply with our legal and regulatory obligations and our legitimate interest in ensuring the security of our environment and in minimizing fraud that could be damaging for you and us.

Consent. For other purposes where you have given consent.

Special Categories of Personal Data

If certain Personal Data we collect is treated as a special category to which additional protections apply under data protection law:

Where we process special category Personal Data, we will also ensure we are permitted to do so under data protection laws, such as:
We have your explicit consent;
The processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
The processing is necessary to establish, exercise, or defend legal claims.

How We Disclose Personal Data

We may disclose Personal Data about you in the following circumstances:

Group Entities and Partners. We may disclose Personal Data about you to our affiliates and subsidiaries, including for marketing purposes.

Public Posts. Any information that you voluntarily choose to post to a publicly accessible area of our Services will be available to anyone who has access to that content.

Service Providers. We work with service providers that perform services on our behalf or others with whom we may collaborate (such as marketing organizations, payment processors, analytics organizations, technology providers, customer management software providers, and other third parties with whom we jointly develop or offer programs or events). These third parties may have access to or process your Personal Data as part of providing those services to us.

We employ third party companies and individuals (“Service Providers”) to facilitate our Website and Services, to provide the Website and Services on our behalf, to perform service-related activities or to assist us in monitoring and analyzing how our Website and Services are used. In general, Service Providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain Service Providers have their own privacy policies in respect to the information provided to them, such as those named below:

Payment Service Provider. We use [____] to process payments for our Services. We will not store or collect your payment details. That information is provided directly to [____], whose use of your personal information is governed by their Privacy Policy.
Mailchimp. We use Mailchimp to manage newsletter subscriptions and send emails to our subscribers. For more information on their privacy practices, please visit their Privacy Policy.

Legal. We may also disclose Personal Data to comply with a legal or regulatory obligation, protect and defend our rights or property, protect the safety of our visitors and website users or the public, or to protect against legal liability.

Sale or Transfer. Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our organization or assets. If we engage in such a sale or transfer, we will – where required by applicable law – make reasonable efforts to direct the recipient to use your Personal Data in a manner that is consistent with this Privacy Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your Personal Data.

Third Parties Approved by You. We may share Personal Data with social media sites you choose to link to your account.

Aggregated Information. We may use and disclose aggregated or otherwise anonymized information for any purpose, unless we are prohibited from doing so under applicable law.

We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers relating to ensure they can only use your Personal Data to provide services to us and to you. We may also share Personal Data with external auditors, e.g. in relation to security accreditations or audits of our accounts.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Children’s Information

We do not knowingly collect personal information from children under 13. Our site is not intended to solicit information of any kind from children under 13. It remains possible, however, that we may receive information given to us by or pertaining to children under 13. If we are notified of this, as soon as we verify the information, we will promptly delete the information from our servers. If you want to notify us of our receipt of information by or about any child under 13, please email us at [EMAIL].

Your Rights and Choices

As provided under applicable law and subject to any limitations in such law, you have the following rights:

Access. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have directly provided to us, and request certain information about its processing.

Rectification. You may ask us to update and correct inaccuracies in your Personal Data. You also may ask us to complete information you believe is incomplete.

Erasure. You may ask to have your Personal Data anonymized or deleted, under certain conditions.

Restrict Processing. You may request that EIC restrict the processing of your Personal Data, under certain conditions.

Object to Processing. You may object to EIC’s processing of your Personal Data, under certain conditions.

Data Portability. You may request that EIC transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data at any time and free of charge. We will apply your preferences going forward. This will not affect the lawfulness of the processing before you withdrew your consent.

Right Not to Be Subject to Automated Individual Decision-Making. You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you would like to exercise any of these rights, please contact us at [EMAIL] or using the contact details at the end of this Privacy Notice.

Please provide enough information to identify yourself, including your full name and address and any additional identity information we may reasonably request from you and let us know what right you want to exercise and the information to which your request relates. We reserve the right to verify your identity in connection with any requests regarding Personal Data to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information.

If you make a request, we will try to comply with your request as soon as reasonably practicable.

Note that applicable laws contain certain exceptions and limitations to each of these rights. We may reject your request, as permitted by applicable law.

Please note that we often need to retain certain data for record keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase, event, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed. In addition, there may be certain data that we may need to retain and/or not allow you to review for legal, security or other reasons.

Marketing

We (or our service providers and advertising partners) may send you direct marketing communications and information about our products and services that we consider may be of interest to you.

You have the right to opt out of receiving promotional communications at any time by:

Contacting us at [contact details for marketing opt-out]; and

Using the “unsubscribe” link in emails or “STOP” number in texts.

However, if you opt out of receiving such communications, we retain the right to send you non- marketing communications (such as information about your purchase or changes to our Privacy Notice). We may ask you to confirm or update your marketing preferences if you instruct us to provide further products or Services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your Personal Data with the utmost respect and never sell your Personal Data.

Links to Other Websites and Third Party Content

We may provide links to other websites, services, and applications that are not operated or controlled by us (the “Third Party Services”). This Privacy Notice does not apply to the Third Party Services. While we attempt to facilitate access only to those Third Party Services that share our respect for your privacy, we cannot take responsibility for the content, privacy policies, or practices of those Third Party Services. We encourage you to review and understand the privacy practices of any Third Party Services before providing any information to or through them. Your interactions with these features are governed by the privacy policy of the Third Party Service that provides the feature.

For EEA and EU Residents:

To provide the Services, we may transfer your Personal Data outside of the country in which it was collected and where the level of protection of Personal Data may be different than in your country. Personal Data may be transferred to United States of America, [other countries if applicable], and countries in the European Economic Area (“EEA”). If we do so, we will comply with applicable data protection laws, in particular by relying on an EU Commission adequacy decision, on contractual protections for the transfer of your Personal Data, or on another approved derogation for a specific situation, such as your explicit consent. For more information about how we transfer Personal Data internationally, or to obtain a copy of the safeguards we use for such transfers, please contact us as specified below.

How We Protect Information

We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Data we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We limit access to your Personal Data to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Despite these efforts, however, no organization, including EIC, can fully eliminate risks or guarantee the security of Personal Data. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and we bear no liability for uses or disclosures of Personal Data or other data arising in connection with theft of the information or other malicious actions.

Retention

We will keep your Personal Data while we are providing the Services to you. Thereafter, we will keep your Personal Data for as long as it necessary to respond to any questions, complaints or claims made by you or on your behalf, to show that we treated you fairly, or to keep records required by law.

We take measures to delete or anonymize your Personal Data when it is no longer necessary for the purposes for which we process it, unless we are required by law to keep it for a longer period. When determining the retention period, we take into account various criteria, such as the type of products or services provided to you, the nature and length of our relationship with you, mandatory retention periods, and applicable statutes of limitations. Once the retention period has expired, we will delete or anonymize your Personal Data. We may retain aggregated or de-identified information indefinitely.

Changes to Our Privacy Notice

We may at any time in our sole discretion revise or update this Privacy Notice. We will post any changes on this page and indicate at the top of this page the date this Privacy Notice was last revised. You may read a current, effective copy of this Privacy Notice at any time by visiting this page. We will follow applicable laws and regulations regarding notification of such changes.

How to Contact the Appropriate Authority

We hope that we can resolve any query or concern you raise about our use of your Personal Data. If you are an EEA or EU resident and wish to report a complaint or if you feel that EIC has not addressed your concern in a satisfactory manner, you have the right under to lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.

The EU Commission has a list of supervisory authorities here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Contact Us

EIC is based in Washington DC and is the data controller responsible for your Personal Data.

If you have any questions, requests or complaints regarding this Privacy Notice or if you would like to exercise your rights with respect to your Personal Data, please contact us at info@equityinthecenter.org or [ADDRESS].