Last Updated: December 2021
- What is Personal Data
- Personal Data we collect or process, including from our Sites and Services;
- How we use Personal Data;
- Legal grounds for processing your Personal Data;
- With whom we share Personal Data;
- Information about international transfers;
- Your European privacy rights and choices;
- California disclosures;
- Nevada Disclosures;
- Retention Periods and protection of your Personal Data;
- Links to other websites;
- Children’s privacy;
- Automatic Decision-Making
- How you can contact us.
What is Personal Data
Personal Data We Collect or Process
Our Sites and Services collect Personal Data that you provide to us voluntarily. Delta Zeta collects the information that you provide to us when you sign up to receive newsletters, make a foundation donation, reserve a tour of the museum, complete a scholarship or training application, or complete a new member, new member recommendation, or volunteer application. We use this information only to respond to your comments or questions or to fulfill your request. Providing this information is completely voluntary.
Analytics: We use Google Analytics to help us understand how our customers use the Sites and Services. You can read more about how Google uses your Personally Identifiable Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
How We Use Personal Data
We use the Personal Data we collect to respond to your inquiries, provide information you request, perform our contractual and ethical obligations, administer our Sites and Services, to fill volunteer or staff positions, to fulfill legal obligations we have to governmental authorities or other third parties and for other legitimate business purposes. Delta Zeta distributes newsletters and other publications to members and friends of the organization. If you wish to unsubscribe from communications, please contact us by email at [email protected].
Legal Grounds for Processing Your Personal Data
We rely on the following legal grounds to process your personal information:
Performance of a contract. We may need to collect and use your personal information to enter into an engagement or agreement with you or to perform an engagement or agreement that you have with us.
Legitimate Interests. We may use your Personal Data for our legitimate interests to provide and improve our Sites and Services. We may use your Personal Data for our marketing purposes consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable law.
With Whom We Share Personal Data
Delta Zeta is a private membership organization headquartered in the United States, and as such may need to share Personal Data with internal personnel located in different geographic locations in order to fulfill our contractual, legal and ethical obligations. We may also share your Personal Data with third parties (within or outside your country of residence) who perform services on our behalf, including without limitation our technology providers, administrative and support personnel and providers, professional advisors and translators.
We may disclose Personal Data (within or outside your country of residence) if we have a good faith belief that disclosure is necessary by law or the legal process, to protect and defend our or others’ interests or property, or to enforce agreements you enter into with us.
Information about International Transfers
Your European Privacy Rights and Choices
If you are a resident of the European Union or the United Kingdom (also referred to as a “Data Subject”), the General Data Protection Regulation (“GDPR”) provides you with additional rights regarding our use of your personal information. This section is provided pursuant to the GDPR. Each capitalized term used, but not defined, in this section shall have the meaning given to such term in the GDPR. This section describes how we collect, share, disclose, and process the Personal Data of residents of the European Union and United Kingdom. “Personal Data” under the GDPR means any information relating to an identified or identifiable natural person (referred to ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Rights of European Union and United Kingdom Residents
If you are located in the European Union or the United Kingdom, you have certain rights regarding the Personal Data that we maintain about you, which in certain circumstances you will be able to exercise. The rights are as follows:
- You may request a copy of the Personal Data that we maintain about you.
- If we maintain your Personal Data based on your consent or so that we can enter into or perform under a contract with you, you have the right to obtain your Personal Data from us that you consented to give us, that is necessary to enter into or perform the contract, or that is necessary to provide member benefits to you. We will give you your Personal Data in a structured, commonly used and machine-readable format.
- If you believe your Personal Data is incorrect, you may request that we correct, amend or delete your Personal Data that is inaccurate or incomplete.
- Deletion or Restriction of Processing. You may request that we erase or restrict the processing of your Personal Data.
- Object to Processing. You may object to the processing of your Personal Data in certain circumstances when we process your Personal Data for the purposes of our legitimate interests.
- Right to Complain. You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your Personal Data infringes upon your rights.
- Withdraw Consent. If we are processing your Personal Data based on your consent to do so, you may withdraw that consent at any time.
Collection of Personal Data
We only collect Personal Data that is reasonably necessary for us to provide our Services. Subject to applicable exceptions, we will obtain your Consent before collecting, using and disclosing your Personal Data for the specified purposes. In addition to circumstances in which you Consent to the use of your Personal Data, the Personal Data we collect may be used or processed where we have a legitimate interest in or other legal basis for processing such data.
If we need to process your Personal Data to fulfil or enter into a contract with you, failure to provide that Personal Data will mean that we cannot perform or enter into a contract with you. If we collect your Personal Data for one purpose and need to process it for second purpose, we will provide you with additional information regarding this secondary purpose to ensure fair and transparent processing before we engage in further processing.
Access to Specific Information Requests: You may request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable Consumer request, we will disclose to you:
- The categories of Personal Information we collected about you;
- The categories of sources for the Personal Information we collected about you;
- Our business or commercial purpose for collecting, sharing, or selling that Personal Information;
- The categories of third parties with whom we share that Personal Information;
- The specific pieces of Personal Information we collected about you (also called a data portability request) and provide a copy to you in an electronic or paper format; and
- The categories of Personal Information, if any, we disclosed for a business purpose to a third party.
Deletion Request: You may request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable Consumer request from you, we will delete (and direct our Contractors and Service Providers to delete) your Personal Information from our (and their) records, unless an exception applies (as described below).
As described in the CCPA we may delete your Personal Information by (a) permanently and completely erasing the Personal Information on our existing systems with the exception of archived or back-up systems; (b) de-identifying the Personal Information; or, (c) aggregating the Personal Information.
We may deny your deletion request for any reason including if retaining the information is necessary for us or one of our Contractors or Service Providers to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal, regulatory or law enforcement obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Making Access, Data Portability, Correction, and Deletion Requests: To make an access, data portability, or deletion request, please submit a verifiable Consumer Request by contacting us using the contact information at the end of this Policy. Only you, an authorized agent, or an entity registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer Request related to your Personal Information. You may only make a verifiable Consumer Request for access or data portability twice within a 12-month period. To be verifiable, the Consumer Request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of that person and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your Request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. Making a verifiable Consumer Request does not require you to create an account with us. We will only use Personal Information provided in a verifiable Consumer Request to verify the requestor’s identity or authority to make the Request.
Upon receiving a Request from you, we will verify your identity based on the information we have on file for you. Upon verification of your identity, we will proceed to process your request (subject to the exceptions stated above).
We endeavor to confirm receipt of your request within ten (10) days of receiving it. We will respond to a verifiable Consumer Request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.
We will deliver our written response via email to the email address associated with you or, if we are unable to determine your email address, via mail, if you provided that information to us.
Any disclosures we provide will only cover the 12-month period preceding the verifiable Consumer Request receipt. If applicable our response to your Request will explain any reason we cannot comply with the Request. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that your Request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your Request.
Non-Discrimination: We will not discriminate against you simply for making a Request pursuant to this section of the Policy.
Retention Periods and Protection of Your Personal Data
We retain the Personal Data we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual, legal and ethical obligations, and for any applicable statute of limitations periods.
We take reasonable administrative, physical and technical precautions to protect your Personal Data and communications between us. This includes, when required or as we deem appropriate and feasible under the circumstances, written commitments from third parties that may have access to your Personal Data that they will protect the data with safeguards that are substantially equivalent to those used by Delta Zeta. No Internet or e-mail transmission is ever fully secure or error free, however. We therefore cannot guarantee absolute security of your data, and we are not responsible for processes and networks that we do not control and for unauthorized access to information by those who have gained access through illegal means.
Links to Other Websites
We do not profile or use automated decision making.
How you can contact us
To make a request or to ask us a question about our data practices, please contact us via email at [email protected].