This Privacy Policy applies to information we (American ME and CFS Society) collect about individuals who interact with our organization. It explains what personal information we collect and how we use it.
If you have any comments, concerns, or questions about this notice, feel free to contact us.
PERSONAL DATA THAT WE PROCESS
The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.
Purpose | Data (key elements) | Basis |
Email inquiries | Name, email, message | Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect. |
Subscribing to our email newsletter | Name, email | Consent – you have given your active consent. Consent can be withdrawn at anytime by clicking the “unsubscribe” link at the bottom of our email. |
Making a donation | Name, email, address, payment information | Legitimate interests – this information is necessary for us to fulfill your intention of donating money and your expectation of receiving a confirmation message. |
Signing up as a member | Name, email, U.S. citizenship | Legitimate interests – This information is necessary for tracking and managing memberships. |
Registering an account on our website for using our services | Name, email, ZIP/Postal code, username, password | Legitimate interests – This information is necessary for user login authentication and managing user profile information. Login is necessary for posting comments to our articles and posting classified ad listings in AMMES Connect. |
Website functionality | Website activity collected through cookies | Legitimate interests– it is necessary for us to store a small amount of information using cookies to deliver functionality that you would expect, such as remembering user preferences. |
HOW WE USE YOUR DATA
We will only use your data in keeping with the purpose for which it was collected, as set out in the personal data table above.
For example, we may use your personal information in contact forms to:
- reply to inquiries you send to us;
- handle donations or other transactions that you initiate;
- where you have specifically agreed to this, send you communications by email relating to our work which we think may be of interest to you.
Comments
When visitors leave comments on the AMMES site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help with spam detection.
WHEN WE SHARE YOUR DATA
Your personal data will be kept strictly confidential. Personal data that we process will not be released to third parties except in the following circumstances:
- you have provided your explicit consent for us to pass data to a named third party (e.g. you may consent to having subscriber information passed to MailChimp for handling our email campaigns including newsletters). Likewise, visitor comments are checked through Askismet, a third-party automated spam detection service to help prevent spam comments from being posted on the AMMES site. The information sent to Akismet includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself). The privacy policy for this service can be found here: https://automattic.com/privacy/
- we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfills our legal obligations in relation to the use of third-party data processors; or
- we are required by law to share your data.
Though AMMES provides links to third-party websites and other resources, we do not take any responsibility for the third-party content or information within any linked website.
COOKIES & USAGE TRACKING
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, e.g. remembering your preferences, and counting the number of people looking at a website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for 30 days. If you log out of your account, the login cookies will be removed.
Where cookies are used to collect personal data, we list these purposes in section 1 above, along with other personal data that we collect. However, we also use some cookies that do not collect personal information but that do help us collect anonymous information about how people use our website. We use Google Analytics for this purpose. Google Analytics generates statistical and other information about website usage by means of cookies, which are stored on users’ computers. The information collected by Google Analytics about usage of our website is not personally identifiable. The data is collected anonymously, stored by Google and used by us to create reports about website usage. Google’s privacy policy is available at http://www.google.com/privacypolicy.html.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
HOW LONG WE KEEP YOUR DATA
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We take the principles of data minimization and removal seriously. As such, we have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required. Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.
WHAT RIGHTS YOU HAVE OVER YOUR DATA
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. Please note that relying on some of these rights, such as the right to delete your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
WEBSITE SECURITY
AMMES uses website security measures consistent with current best practices to protect its website and personal data. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
All data is transmitted using Secure Socket Layer (“SSL”) encryption or Transport Layer Security (“TLS”). We use our own protective measures, as well as the capabilities of our software and hardware vendors. With every website there can be incidents of misuse or unauthorized program incursions. In those instances, our goals are to move quickly to isolate the problem, ensure or restore proper functionality and minimize any inconvenience to our users. As appropriate and necessary, AMMES will notify the affected persons and relevant authorities of these incidents of misuse or unauthorized incursions of the AMMES website.
MODIFICATIONS
We may modify this Privacy Policy from time to time and will publish the most current version on our website. If a modification meaningfully affects your rights, we will notify people whose personal data we hold and is affected.
OUR CONTACT INFORMATION
American ME and CFS Society
P.O. Box 26
Whately, Massachusetts 01093-0026
USA