Privacy Policy

The YMCA of Orange County (the “Association”) is committed to protecting the privacy of its members, employees, donors, volunteers and users of websites operated by the Association (the “Site”).  This Privacy Policy (“Policy”) has been adopted to express the Association’s commitment.

This Policy describes how we collect and use personal information and the choices you have concerning the Association’s use of such information. Please read this Policy carefully.

Please refer to this Policy regularly. The Association may need to change this Policy from time to time to address new issues and reflect changes on our Site and in our policies and procedures. Changes will be posted to this Site and we will update the “last updated” date at the top of this page so that you can inform yourself accordingly.

Scope of Privacy Policy:

This Policy applies to the personally identifiable information (“PII”) which you provide to the Association through the Site, in person, or through other means.

Collection of Personally Identifiable Information (PII):

The Association collects information from members in person and multiple database(s) for the purposes of billing; supporting the progress of its members toward their goals; encouraging the involvement of the whole family; and providing information on upcoming Association events and program opportunities. Member information is also aggregated in certain ways to help staff and the Association’s Board determine how well it is serving the community and how it can improve its operations.

The Association collects PII from you when you voluntarily submit such information to us. This information may include your name, home address, and email address, date of birth, demographic information, and other information about you and your family members that we may need to collect in connection with certain events, including, but not limited to:

  • Registration for, or participation in, events, classes, camps, and other activities;
    • Registration for surveys, forums, content submissions, sweepstakes, promotions, chats, bulletin boards, discussion groups, requests for suggestions, or other services or activities offered by the Association, including on the Site;
    • Answering your inquiries about the Association, the Site, membership, or other services or activities;
    • Registration as a member, donor, and/or volunteer.

Use and Disclosure of Personally Identifiable Information (PII):

If you choose to provide the Association with PII, including related to an activity, event, or service, we may use it to conduct such activity, event, or service and future Association activities that may be of interest to you.

We may combine PII information obtained through this Site with information obtained through other methods, e.g. in person and the Association may contact you based on the combined information.

The Association may share member and donor information with financial institutions, government agencies, and service providers working on behalf of the Association as we believe it is necessary to conduct Association operations, complete transactions or other support services.

We also may share your information with other YMCA’s and with the YMCA of the USA, which is a national resource office for the Associaton and other local YMCAs, to help improve the overall network of YMCAs. The Association may also provide PII to regulatory authorities and law enforcement officials in accordance with applicable law or when we otherwise believe in good faith that the provision of such information is required or permitted by law, such as in connection with the investigation or assertion of legal defenses, for compliance matters or when we believe it to be appropriate to protect an individual or the Association.

Other than as described in this Policy, we will not disclose PII to a third-party for purposes unrelated to the Association’s business without having received your permission, except as permitted or required under applicable law.   While the Association discloses information as set forth in this Policy, the Association does not sell, rent or lease PII to unaffiliated third parties for commercial purposes.

How We Protect Your Privacy:

The Association maintains procedural, electronic, and physical safeguards to protect the PII of its members, donors, and volunteer staff, including, but not limited to, the following:

Procedural Safeguards: 

  • The Association permits access to PII only by authorized employees and volunteers with a need to have such access and who are trained in the proper handling of PII. The Association removes access to systems when authorization ends, e.g. as part of the employee separation process.
  • The Association requires all outside vendors and contractors who may be retained to perform services to conform to Association
    privacy standards and/or sign strict confidentiality agreements, which, among other things, limits the use of PII.
  • The Association uses outside vendors to conduct periodic network security audits to help prevent security breaches.
  • The Association follows published document management procedures providing for the timely destruction of outdated personal information.

Electronic Safeguards: 

  • Electronic commercial transactions are handled by third party service providers. The Association’s service provider masks all but the last four digits of your credit card and bank account numbers in our Membership and Donor application screens.
  • The Association and/or its service providers use SSL (secure socket layer) transmission to transmit electronic funds transfer payments to and from service providers and/or financial institutions.
  • The Association does not display any bank or credit card information on any
    system generated receipts or invoices.
  • The Association ensures that all unattended computers display electronic screensavers to help prevent unauthorized access. Access is locked out until a proper password is entered.

Physical Safeguards: 

  • The Association’s internal audit team periodically audits our offices and locations to ensure that reasonable security practices and internal
    controls are being followed.
  • All Association locations take adequate measures and implement safeguards to reduce the incidents of theft and to ensure that your personal checks are deposited in the bank.
  • Many Association locations have security surveillance cameras to discourage theft on the premises.
  • The Association offices and many locations have controlled access into their facilities.

Please note that despite these and other measures we utilize to protect PII from unauthorized access or disclosure no method of electronic storage or security is 100% reliable.   We cannot “guarantee” privacy and/or security of your PII.

Privacy of Children: 

The Association is mindful that young people need special safeguards and privacy protection. We realize that they may not understand all of the provisions of Association policy or be able to make thoughtful decisions about the choices that are made available to our adult members. We strongly urge all parents/guardians to participate in their children’s exploration of the Internet and any online services and to teach their children about protecting their personal information while online.

Enrollment for our activities for children under the age of 13 must be handled by a parent or guardian.

To the limited extent we may ask for PII from children under the age of thirteen (13) through the Site we take additional steps to protect the privacy of such information, including:

  • Obtaining verifiable consent from the parent or legal guardian of the child
    • Notifying parent(s)/guardian(s) about what PII is being requested and how that PII will be used and/or shared, such as through this Policy;
    • Limiting the collection of PII from children to no more than is reasonably necessary to accomplish the purpose of the collection; and
    • Giving parents’ access to the PII we have collected from their children and offering them the opportunity to request that such PII be changed or deleted.

Links to Other Websites: 

Users may find content or features on the Site that links to the websites and services of third parties. We are not responsible for the linked websites and, among other things, do not control the content or links that appear on these linked websites. These websites and services may have their own privacy policies and customer service policies.  We encourage you to review the privacy policies of any third-party websites or services
before providing any of them with your personal information.

Collection of Non-Personally Identifiable Information: 

We may collect non-personally identifiable information without limitation through the use of a variety of types of technologies, including, but not limited to, the following:

“Cookie” technology: A cookie is an element of data that a website can send to your browser, which may then store it on your system to help enhance your experience in using our Site and to provide us with technical information about your Site usage.

IP address tracking: An internet protocol (IP) address is a number that is assigned to your computer when you are on the Internet. When you request pages from our sites, our servers log your IP address.

Log files: As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the Site, to track users’ movements around the Site and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personal information, nor do we tie IP addresses to personal information.

Web beacons: A Web beacon, or “clear gif”, is a small graphic image on a webpage or web-based document that a website can use to determine information about a user.

Although an industry-standard do-not-track (DNT) protocol has not yet been established, the Association’s information collection and disclosure practices and the choices it offers to consumers will continue to operate as described in this Policy.

Use of Non-Personally Identifiable Information: 

We use non-personally identifiable information for our purposes related to operations of the Association and its programs and, in particular, to administer our Site and, in the aggregate, to determine what technologies are being used so that we may continually improve our Site and other services. We may also share aggregate, non-personally identifiable information with other third parties.

Donations: 

When you make a payment as a donation, we collect information to process your donation and may use that information consistent with applicable law as well as to contact you in the future about the Association and its programs. Your payment information is transmitted to us and our service provider completing the transaction, who is contractually required to use reasonable security methods designed to maintain the privacy and security of this information.  Certain of the personal information is provided to us.  You will also have the opportunity to select whether you would like your donation displayed publicly and whether you would like to receive communications from us.

How to Access, Amend or Opt-Out: 

You may contact the Association in order to access any of your PII in our possession. We will use reasonable efforts to promptly grant reasonable requests to access data.   We will also make reasonable efforts to correct any incorrect or misleading data about you.

You have the opportunity to opt-out from receiving communications from us at any time.   Please notify us at the address below if you would like to stop receiving such information or opt out of a feature. You can also utilize the opt-out provisions in emails that we send you. You should be aware, however, that it is not always possible to completely remove or modify information in our databases and servers, although we will make prompt and reasonable efforts to do so upon your request.

We reserve the right to request additional information in order to authenticate any request.

Personal Data Access and Accuracy: 

Security 

As noted in part above, the Association takes reasonable administrative, technical, and physical measures to safeguard against unauthorized processing of personal information, and against the accidental loss of, or damage to, personal data. However, the Association cannot provide an absolute guarantee of the security of any of our Sites or PII that we maintain.

International Users/Consent to Transfer: 

The Site is operated in the United States. If you are located outside of the United States, please be aware that any information you provide to the
Association will be transferred to the United States. By using our Site, participating in any Association services, and/or providing us with your information, you consent to this transfer.

Careers:

Information about potential employment opportunities with our locations can be accessed from the career section of this Site. A separate privacy policy governs information collected by our service provider, Paycom, related to potential employment matters.

Notice to California Residents- California Privacy Rights: 

Pursuant to California law, California residents, may request from us information concerning: the categories of information we have collected; the categories of sources from which the personal information is collected; the purpose for which we collect or sell the personal information; the categories of third parties with whom we share personal information; and the specific pieces of personal information we have collected.    You also have the right to ask us to delete the personal information we maintain regarding you. We will not discriminate against you for exercising any of these rights.

If you are a California resident and would like to make such a request, please submit your request in writing to the address below.

How to Contact Us: 

You may contact us at privacy@ymcaoc.org or

YMCA OF ORANGE COUNTY
CORPORATE OFFICE
13821 Newport Ave #200
Tustin, CA 92780
Attention: Privacy

(714) 549-9622