Last Updated on May 25, 2018
Religion News Service LLC and its affiliates, including its parent, Religion News Foundation (“Company”, “we”, “us”, and “our”), respects individual privacy and values the confidence of its customers, employees, and business partners. Company complies with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, lawfulness of processing, notice, choice, onward transfer, security, access, rectification, erasure, portability and enforcement required under applicable laws, rules and regulations including the GDPR.
This Privacy Statement (the “Statement”) sets forth the privacy principles that Company follows.
This Statement applies to personal data received by Company in any format including electronic, paper, or verbal.
The privacy principles of Company are:
Lawfulness, Fairness, and Transparency
When Company collects personal data, it will be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
When Company collects personal data, it will be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
When Company collects personal data, it will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
When Company collects personal data, it will be accurate and, where necessary, kept up to date; reasonable steps will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without unreasonable delay.
When Company collects personal data, it will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality
When Company collects personal data, it will take measures designed to protect against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Lawfulness of Processing
Any and all processing will be done lawfully. Company will process personal data only if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the data controller is subject; (4) processing is necessary in order to protect the vital interests of the data subject or of another natural person; (5) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and (6) processing is in the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
As you interact with Company, there may be opportunities for you to provide us with your information. Additionally, we may collect certain information about you as further described below.
You may provide us with information about you through a number of sources: Company websites, applications, surveys, social media platforms, sweepstakes entries, and through our customer contact centers. We may also receive information about you through third parties.
The types of information that Company collects about you may include, but are not limited to:
- Contact information (such as name, address, city, state and ZIP code, age or date of birth, occupation, email address and telephone number);
- Payment information (such as your bank account information, credit card number, debit card number, bank or investor account, CVV code, expiration date, and payment history);
- Information about your connected devices (such as mobile phone, computer, or tablet) and how you interact with our services, apps, and websites (such as IP address, browser type, unique device identifier, cookie data, and associated identifying and usage information);
- Demographic information (such as gender, date of birth, marital status, and household composition);
- Marketing/business profile information;
- Photographs and videos such as those that you may submit for contests, sweepstakes and social sharing; and
- Social Security Number (in limited circumstances Company may collect SSN, for example if you win a sweepstakes or receive compensation that must be reported for government tax purposes).
How We Use and Disclose Information
We use and disclose personal information you provide to us as described to you at the point of collection. We also use and transfer personal information from or about you:
- to respond to your inquiries and fulfill your requests, such as to send you documents you request or e-mail;
- to send you important information regarding our relationship with you, changes to our terms, conditions, and policies and/or other administrative information;
- for our business purposes, such as marketing new products, events, and services, data analysis, audits, developing new products, events, or services, operating or enhancing our website, improving our products, events, and services, identifying usage trends, providing products, events, and services, maintaining customer/client relationships, improving the quality, safety, and security of our products, events, and services, administering your account(s), troubleshooting, supporting electronic signature, customizing and improving communication content, evaluating product, event, or service performance, providing customer support, and determining the effectiveness of our website;
- to our third party service providers who provide services such as website hosting and moderating, mobile application hosting, data analysis, infrastructure provision, credit card processing, IT services, e-mail services, marketing services, auditing services, and other services, in order to enable them to provide services;
- to verify your information and authenticate payments and process orders, such as disclosing certain financial and other information you provide to Company to third parties that provide credit reporting, payment or order fulfillment services;
- to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
- when we otherwise have your consent.
We also use and disclose information that is not in personally identifiable form (such as anonymized, masked or de-identified information) for any purpose. If we combine information that is not in personally identifiable form with information that is (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined.
Company will give individuals the opportunity to affirmatively and explicitly consent (opt in) to the disclosure of certain sensitive personal data to a third party or the use of the personal data or sensitive personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company will provide individuals with readily available, affordable and reasonable mechanisms to exercise their choices.
Your California Privacy Rights
Under California’s “Shine the Light Law”, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year.
To obtain this information on behalf of Company, please send an email message to [email protected] with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested information to you at your email address in the response. Please be aware that not all information is covered by the “Shine the Light “ requirements and only information on covered sharing will be included in our response.
We retain your personal information for the period necessary to fulfill the purposes outlined in this Statement, unless a longer retention period is required or allowed by law or to otherwise fulfill a legal obligation.
Company will take reasonable steps designed to protect the personal data in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction, and will take precautions with regard to the nature of the data and the risks of the processing, to preserve the security of the data and, in particular, prevent its alteration and damage or access by non-authorized third parties. Company has put in place technical, physical, and organizational procedures and security measures designed to safeguard and secure the personal data from destruction, loss, alteration, unauthorized access or disclosure, or other forms of unauthorized or unlawful processing commensurate with the risks posed by the particular type of processing, the nature of the personal data and in accordance with applicable law and guidelines, if any, promulgated by authorities having jurisdiction therefor, and taking into consideration the cost of implementing such measures. Company cannot guarantee the security of personal data on or transmitted via the Internet.
Company will comply with the GDPR, and other applicable local laws, rules and regulations with respect to data breach disclosure and notification.
Upon request by the individual, Company will grant individuals reasonable access to their personal data. Such access will include: (1) confirmation as to whether or not personal data concerning him or her are being processed; (2) the purposes of the processing; (3) the categories of personal data concerned; (4) the recipients or categories of recipient to whom the processing data have been or will be disclosed, in particular recipients in third countries or international organizations; (5) if possible, the period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (6) the existence of the right to request from Company rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (7) the right to lodge a complaint with a supervisory authority; (8) information about the source of the data, if not directly from the data subject; (9) whether the personal data will be subject to automated processing, including profiling and, if so, the logic and potential consequences involved; and (10) if the data is transferred to a third country or international organization, information about the safeguards that apply.
If the data subject requests, their personal data collected by Company will be corrected and incomplete personal data completed based on information provided by the data subject. Where necessary, Company will take steps to validate the information by the data subject to ensure that it is accurate before amending it.
If the data subject requests, their personal data collected by Company will be erased without undue delay provided that one of the following applies: (1) the personal data are no longer necessary for the purposes for which they were collected; (2) the data subject withdraws consent and there is no other legal ground for processing; (3) the data subject objects to the processing of the personal data; (4) the personal data have been unlawfully processed; (5) the personal data have to be erased for compliance with a legal obligation of Company; or (6) where the personal data was relevant to the data subject as a child.
If the data subject requests, their personal data collected by Company will be provided to them in a structured, commonly-used and machine readable or the personal data transferred to another party.
Company will use a self-assessment approach to verify compliance with this Statement and periodically verify that the Statement is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible, and in conformity with this Statement.
Company encourages interested persons to raise any concerns using the contact information provided in this Statement. Company will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal data in accordance with this Statement. Any employee of Company that Company determines is in violation of this Statement will be subject to disciplinary action up to and including termination of employment.
Company will (1) provide recourse to data subjects with respect to enforcement of this Statement; (2) provide follow up procedures for verifying that the attestations and assertions Company has made about its privacy practices are true; and (3) remedy problems arising from the failure of Company to comply with this Statement.
International Data Subjects
While this Statement applies to personal information generally, the local laws, rules and regulations of jurisdictions that are applicable to Company (“Local Laws”) may require standards which are stricter than this Statement and, in such event, Company will comply with applicable Local Laws. Specific privacy policies may be adopted to address the specific privacy requirements of particular jurisdictions. Your personal information may be stored and processed in any country where we have facilities or service providers. Irrespective of which country your personal data is transferred, we would only share your personal data under a ‘need to know’ basis. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by organizational, technical, contractual and/or other lawful means.
EU Data Subjects
In the European Economic Area and Switzerland (“EU”), “Personal Data” is defined very broadly and includes any information about a natural person, who can be identified, directly or indirectly, from data that we hold about them or from data that is combined with other information. EU data protection law requires us to have a legal basis before processing any Personal Data about you. The legal basis’ for us processing your Personal Data for the above purposes may be because: (i) you have provided your consent; (ii) it is necessary to for the performance of a contract with you; (iii) the processing is necessary for our compliance with a legal obligation; or (iv) the processing is in our legitimate interests. To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your Personal Data. In some circumstances, withdrawing your consent to Company’s use or disclosure of your Personal Data will mean that you cannot take advantage of certain Company products or services.
We may transfer your Personal Data outside the EU to the United States or any country that Company or its service providers may have operations. Such countries do not have the same data protection laws as the EU. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the EU, any transfer of your personal information will be subject to a European Commission approved contract (as permitted under the General Data Protection Regulation) that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. To obtain a copy of the such safeguards please contact us.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information
- Access to your personal information and to certain other supplementary information that this Statement is already designed to address
- Require us to correct any mistakes in your information which we hold
- Require the erasure of personal information concerning you in certain situations
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object at any time to processing of personal information concerning you for direct marketing
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- Object in certain other situations to our continued processing of your personal information
- Otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- Email, call, or write to us
- Let us have enough information to identify you
- Let us have proof of your identity and address
- Let us know the information to which your request relates
If you would like to unsubscribe from any email newsletter you can also click on the unsubscribe button at the bottom of the email newsletter. It may take a few days for this to take place.
How to Complain
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
In compliance with this Statement, Company commits to resolve complaints about the privacy, collection and use of personal data. Persons with inquiries or complaints about this Statement are encouraged to first contact Company.
Changes to this Statement
This Statement may be amended from time to time, consistent with the requirements of applicable law. The last updated date at the top of this Statement will be changed when there are any updates.
If you have any questions about this Statement, please contact us via one of these methods: