The Canon Law Society of America uses data to provide and improve its services. By using the Society’s website and engaging in its services, you agree to the collection and use of information in accordance with this policy.
1.1 The Canon Law Society of America (the “Society” or “CLSA”) is a registered Catholic charity incorporated in the District of Columbia and a not for profit corporation under section 501(c)(3) of the Internal Revenue Code. The Society has a primary place of business at 415 Michigan Ave NE, Suite 101, Washington, DC 20017.
1.2 When an individual provides the CLSA with Personal Data to engage and/or benefit from activities, the Society may keep a record of the data to comply with statutory obligations and to achieve legitimate business, charitable, or ecclesiastical objectives of advancing and maintaining the Canon Law Society of America’s mission.
1.3 For the purpose of the European Union’s General Data Protection Regulation 2016/279 (GDPR), the Society is a Data Controller with regard to Personal Data. In some cases, the Society may be a joint Data Controller of Personal Data (e.g., where data is shared between the CLSA and another organization for a particular purpose).
1.4 The Canon Law Society of America is committed to ensuring that Personal Data is properly and securely managed in accordance with relevant data protection laws and regulations.
Please read this Notice to understand how the Society uses and protects the information provided, obtained, or held about individuals, and to understand an individual’s rights with regard to Personal Data. This Notice applies to information about living identifiable individuals only.
2 PERSONAL DATA
2.1 The Canon Law Society of America may hold the following types of Personal Data:
2.1.1 name and contact details;
2.1.2 sex, age, date of birth, marital status, and nationality;
2.1.3 education/work history and professional qualifications;
2.1.4 information about involvement in Society activities and events;
2.1.5 details of any donations made to the Society;
2.1.6 information about ecclesiastical status;
2.1.7 information obtained as a result of any background checks on employees;
2.1.8 video recordings and photographs;
2.1.9 information collected through an individual’s use of the CLSA website(s) such as IP addresses and other information collected using cookies; and
2.1.10 any other information that individuals provide to the Society.
2.2 The Society may also hold Special Categories of Personal Data as defined by the General Data Protection Regulation.
2.3 The Society may also receive Personal Data about an individual from a third party, for example, family members, other members of the Society, dioceses and religious communities, or police and other law enforcement bodies.
3 PROCESSING PERSONAL DATA
3.1 Personal Data, whether collected directly from an individual or indirectly from a third party may be Processed in a number of ways, for example:
3.1.1 to communicate with individuals in relation to news about or activities and events taking place in the Society, including seeking feedback and informing individuals of any changes to Society activities;
3.1.2 to improve the way the CLSA communicates with individuals, to include the CLSA website, webinars, or social media;
3.1.3 to carry out activities in furtherance of the goals of the Society;
3.1.4 to process donations or other payments and solicit donations through direct and electronic mail;
3.1.5 to administer, support, improve, and develop the administration of the Society’s work and operations and to keep the Society’s accounts and records up-to-date;
3.1.6 to process applications, including scholarship and grant applications and applications for any role within the Society;
3.1.7 to help the Society improve its fundraising and find potential sources of additional funds, by gathering information about supporters, either information that they have shared themselves or that is publicly available, which can be used to tailor requests; through building relationships with supporters. Supporters can ask the Society not to use their data in this way by emailing firstname.lastname@example.org;
3.1.8 for audit and statistical purposes;
3.1.9 to ensure compliance with legal obligations;
3.1.10 to prevent or detect crime, and to help create a safer environment for our staff, members, and visitors; and
3.1.11 to live stream or re-play records.
3.2 Any information gathered through cookies and similar technologies via the CLSA website is used to measure and analyze information on visits to the website, to tailor the website to make it better for visitors and to improve technical performance. The Society will not use the “cookie” data to identify you personally.
4 OBLIGATIONS FOR PROCESSING PERSONAL DATA
4.1 The Canon Law Society of America must have a lawful basis for Processing an individual’s information; this will vary according to the circumstances of how and why the Society has Personal Data, but typical examples include:
4.1.1 the activities are within a legitimate interest in advancing and maintaining the Roman Catholic religion and her discipline, providing information about the activities of the Society, and to raise charitable funds;
4.1.2 by engaging with the CLSA, an individual gives consent to the Society’s use of Personal Data (consent may be withdrawn at any time by contacting the Society using the details below);
4.1.3 the Society is carrying out necessary steps in relation to a contract to which the individual is a party;
4.1.4 the Processing is necessary for compliance with a legal obligation (e.g., responding to a request from law enforcement authorities);
4.1.5 the Processing is necessary for carrying out a task in the public interest; or
4.1.6 to protect an individual’s vital interests (e.g., reporting information for a workers’ compensation or unemployment claim).
4.2 If the Canon Law Society of America processes any Special Categories of Personal Data it must have a further lawful basis for the processing. This may include:
4.2.1 where an individual has given explicit consent to do so;
4.2.2 where the Processing is necessary to protect a vital interest or someone else’s vital interests (e.g., passing on information to law enforcement);
4.2.3 where the Processing is carried out in the course of a legitimate interest as a Roman Catholic association of the Christian faithful;
4.2.4 the information is public;
4.2.5 where the Processing is necessary for the establishment, exercise, or defense of legal claims;
4.2.6 where the Processing is necessary for carrying out the Society’s employment and social security obligations; or
4.2.7 the processing being necessary for reasons of substantial public interest (e.g., where steps are taken to prevent fraud or other dishonest activity), provided that the legal basis is proportionate to the aim pursued and provides for suitable and specific measures to safeguard an individual’s rights, or as part of the Society’s legitimate interests.
4.3 If the Canon Law Society of America processes any Personal Data comprising criminal convictions or offences, it must also have a further lawful basis for the processing. This may include:
4.3.1 where the Society is exercising obligations or rights that are imposed by law or policy (e.g., to undertake appropriate checks on individuals prior to taking up a role);
4.3.2 where it is necessary for the prevention or detection of an unlawful act (e.g., passing on information to the Police or other investigatory body);
4.3.3 where the Society is complying with or assisting others to comply with regulatory requirements relating to unlawful acts or dishonesty (e.g., passing on information to the Police or other investigatory body);
4.3.4 where it is carried out in the course of safeguarding children or other individuals at risk e.g., making a safeguarding disclosure;
4.3.5 where an individual has given consent to the processing;
4.3.6 where the Society is establishing, exercising, or defending legal claims (e.g., providing information to its insurers or lawyers in connection with legal proceedings);
4.3.7 where it is carried out in the course of the Society’s legitimate activities as a not-for-profit body with religious aims (e.g., carrying out pastoral activities).
5 SHARING OF PERSONAL DATA
5.1 The Canon Law Society of America uses Personal Data for the purposes for which it was obtained, unless an individual has agreed to the sharing of Personal Data with another organization.
5.2 The Society may share Personal Data with government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime.
5.3 Sometimes the Canon Law Society of America contracts with third parties to Process Personal Data on its behalf (e.g., IT consultants, distributors of newsletters and directories). The Society requires these third parties to comply strictly with CLSA’s instructions and with relevant data protection regulations.
5.4 The Society has in place administrative, technical, and physical measures designed to guard against and minimize the risk of loss, misuse or unauthorized processing or disclosure of the Personal Data.
5.5 The Society does not sell or rent your information to third parties. The Society does not share your information with third parties for marketing purposes.
6 HOW THE SOCIETY HANDLES YOUR CREDIT CARD INFORMATION
6.1 Any sensitive information (such as credit or debit card details) is encrypted and protected with security measures from the WooCommerce platform and the payment processor, Stripe. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer or Google Chrome.
6.2 Non-sensitive details (email address, etc.) are transmitted normally over the Internet, and this action can never be guaranteed to be 100% secure. As a result, while the Society strives to protect your personal information, the Society cannot guarantee the security of any information you transmit, and you do so at your own risk. Once the Society receives your information, trained personnel make their best effort to ensure its security on the Society’s systems.
6.3 Where the Society has given (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. The Society asks you not to share your password with anyone.
7 DURATION OF INFORMATION STORAGE
7.1 The Society stores Personal Data as long as necessary for a legitimate business or ecclesiastical function and consistent with any document retention policies.
8 INDIVIDUAL RIGHTS
8.1 An individual may have certain rights with regard to Personal Data provided to the Canon Law Society of America. Such rights of an individual may include:
8.1.1 the right to request a copy of some or all of that individual’s Personal Data;
8.1.2 the right to withdraw consent to the way the Society processes Personal Data;
8.1.3 the right to ask for correction to inaccuracies in Personal Data;
8.1.4 the right to request that the Society restricts the Processing of all or part of an individual’s Personal Data;
8.1.5 the right to ask for deletion of Personal Data where there is no legitimate business or ecclesiastical purpose to continue to process it;
8.1.6 the right to object to Processing Personal Data for direct marketing purposes; and
8.1.7 the right not to be subject to legal or other significant decisions on the basis of an automated process (i.e., without human intervention).
8.2 The above rights may be limited in some situations – for example, including where the Society has a legal requirement to process Personal Data. The CLSA reserves the right to require proof of identity for verification and data security purposes before an individual can exercise any of the rights listed in this section.
8.3 Rights may only be exercised by the individual whose information is being held by the Canon Law Society of America or with that individual’s express permission, or by an individual’s conservator if such request is deemed reasonable by the Society.
9 CHANGES TO THIS NOTICE
9.1 The Society may make changes to this Notice from time to time as organizational practices and/or applicable laws change. The CLSA will not make any use of Personal Data that is inconsistent with the original purpose(s) for which it was collected or obtained.
10 CONTACT DETAILS
10.1 If you wish to exercise any of the above rights, or for questions or further information about how the Society protects Personal Data, please contact the General Secretary of the Canon Law Society of America at email@example.com or (202) 832–2350, 415 Michigan Ave NE, Suite 101, Washington, DC 20017.
10.2 The Canon Law Society of America will respond to requests regarding the processing of Personal Data within thirty (30) business days.
11.1 Cookies, also known as browsers or tracking cookies, are small text files that are added to your computer when an individual visit a website.
11.2 The Canon Law Society of America uses the following cookies:
11.2.1 Google analytics. The Society uses Google analytics cookies on the website for tracking purposes. The cookies allow the CLSA to understand general traffic to the website, such as the number of visitors and length of time on site. This process collects data (but in an anonymous form), develops the website, and enhances the user experience.
11.2.2 IT provider. The Society uses the services of an IT company for technical support for its website, and that company will have access to information gathered through the website. The IT provider is compliant with governing data protection regulations.
11.2.3 Website users may opt in or out of some types of cookies using their own web browsers. However, users cannot opt-out of the deployment of cookies that are necessary for delivery of the CLSA website or services to visitors.
12 LINKS TO OTHER SITES
13 EIGHTEEN OR UNDER
13.1 The Society is committed to protecting the privacy of children aged 18 or under. If you are aged 18 or under‚ please obtain your parent/guardian’s permission before you provide us with personal information.
14 VULNERABLE CIRCUMSTANCES
14.1 The Society is committed to protecting vulnerable members, supporters, customers, and volunteers, and the Society appreciates that additional care may be needed when using their personal information. The Society observes good practice guidelines in its interactions with vulnerable people.
15 TRANSFERRING YOUR INFORMATION OUTSIDE OF EUROPE
15.1 As part of the services offered to you through the Society’s website, the information which you provide to the Society may be transferred to countries outside the European Economic Area (“EEA”), e.g., this may happen if any CLSA servers are, from time to time, located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the EU. By submitting your personal data, you are agreeing to this transfer, storing, or processing. If the Society transfers your information outside of the EEA in this way, the Society will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
15.2 If you use the Society’s services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services. The Society undertakes regular reviews of who has access to information that the Society holds to ensure that your information is only accessible by appropriately trained staff, elected officers, and contractors.
16 TECHNICAL DEFINITIONS (as defined in the GDPR)
16.1 “Data Processor” means any person, organization, or body that Processes personal data on behalf of and on the instruction of the Society. Data Processors have a duty to protect the information they process by following data protection laws.
16.2 “Data Subject” means a living individual about whom the Society processes Personal Data and who can be identified from the Personal Data. Data Subjects may have different legal rights in relation to their Personal Data depending on their national origin, citizenship, or residency.
16.3 “Personal Data” means any information relating to a living individual who can be identified from that information or in conjunction with other information which is in, or is likely to come into, the Society’s possession. Personal Data can be factual (such as a name, address, or date of birth) or it can be an opinion (e.g., a performance appraisal). A mere mention of someone’s name in a document does not necessarily constitute Personal Data, but personal details such as someone’s contact details or donor history would fall within the definition.
16.4 “Processing” means any activity that involves use of Personal Data. It includes obtaining, recording, or holding the information, or carrying out any operation or set of operations on it, including organizing, amending, retrieving, using, disclosing, erasing, or destroying Personal Data. Processing also includes transferring or disclosing Personal Data to third parties.
16.5 “Special Categories of Personal Data” means information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health, or condition or sexuality. Under the General Data Protection Regulation, it also includes genetic and biometric data. Special Categories of Personal Data can only be processed under strict conditions and such processing will usually, although not always, require the explicit consent of the Data Subject.