THE Arc OF UNION PRIVACY NOTICE AND POLICY


This Notice and Policy (“Privacy Policy”) is provided by The Arc of Union County, Inc., a non-profit, 501c(3) organization headquartered in Springfield, NJ, (hereinafter “Arc”, “us” or “we”) and applies to all users of The Website, https://arcunion.org/, and of our social media accounts. This Policy is intended to inform you about the information we may collect from you or that you may provide to us, and our practices for collecting, using, maintaining, protecting, and disclosing that information.  This Policy applies to both personal and non-personal information which The Arc may collect and use depending on how you choose to interact with The Website, https://arcunion.org/ (the “Website”) and services owned and operated by The Arc, including our programs, events, and services designed to enrich the lives of individuals of all ages with intellectual and developmental disabilities (collectively, the “Services”). BY USING OR ACCESSING THE SERVICES IN ANY MANNER, YOU ACKNOWLEDGE THAT YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY, AND YOU HEREBY CONSENT THAT WE WILL COLLECT, USE, AND SHARE YOUR INFORMATION IN THE FOLLOWING WAYS. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU MAY NOT USE THE SERVICES. IF YOU USE THE SERVICES ON BEHALF OF SOMEONE ELSE (SUCH AS YOUR CHILD) OR AN ENTITY (SUCH AS YOUR EMPLOYER), YOU REPRESENT THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF.  Please be assured that The Arc will only use your information in accordance with this Policy.

YOUR RIGHTS

If you have a question about how The Arc collects or uses personal information, or if you would like us to delete your personal information, please contact us by email at PrivacyOfficer@arcunion.org.  We reserve the right to request information from you to confirm your identity and to confirm that you have the right to receive access to the information that you request.

Arc will use reasonable efforts to delete your personal information as soon as reasonably possible. Our normal processing time is 45 days from the date we received a verifiable consumer request.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  5. Comply with a legal obligation.
  6. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 INFORMATION WE COLLECT

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device (“personal information”). In particular, we may have collected the following categories of personal information from individuals within the last twelve (12) months:

  • Identifiers, for example your real name, email address, telephone number, postal address, online identifier, user ID, device ID, domain server, type of device/operating system, browser used to access our Services, Internet Protocol address, account name, or other similar identifiers.
  • Biographical, medical and insurance information, for example education, employment, employment history, health insurance information, medical history and health information you provide us, including health conditions, healthcare providers visited, reasons for visit, dates of visit, booking and appointment data (including appointment date/time, provider information, appointment procedure, whether or not user is a new patient for a particular provider). Some information included in this category may overlap with other categories.
  • Protected classification characteristics, for example age, race, ethnicity, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
  • Internet or similar network activity, for example browsing history, search history, information on your interaction with the Website or referring webpage/source through which you access our Services, non-identifiable request IDs, and statistics associated with the interaction between device or browser and our Services.
  • Geolocation data, for example the approximate location (city and state) of the device from which you access our Services.
  • Other identifying information that you voluntarily chose to provide, for example, personal data in emails, letters, or online forms that you send or submit to us.

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from individuals or their agents, including family members and guardians. For example, information that individuals provide to us related to the Services for which they engage us.
  • Directly and indirectly from activity on The Website. For example, submissions through The Website portal or Website usage details collected automatically.
  • From third parties that interact with us in connection with the Services we perform. For example, information an individual’s schools provide to us related to the Services for which the individual engaged us.

PROTECTED HEALTH INFORMATION AND HIPAA

Certain medical, health and/or health-related information that Arc collects about you as part of providing the Services to you may be considered “protected health information” or “PHI” under the Health Insurance Portability and Accountability Act (“HIPAA”). Specifically, when The Arc, acting as a “Business Associate” (as such term is defined in HIPAA) receives identifiable information about you from or on behalf of you, or your healthcare specialist, professional, provider, organization or agent or affiliate thereof (collectively, “Healthcare Providers”), this information is considered PHI. Personal data that you provide to us outside of the foregoing context is not PHI. For example, when you interact with the Website, search the Website for programs, services, or events, or when you voluntarily provide information in free-form text boxes through the Website; or when you send us an email or otherwise contact us, that information is not PHI.

HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. We may only use and disclose PHI in the ways permitted by your Healthcare Provider(s) or authorized by you. Please also refer to our Accounting for Disclosure HIPAA Policy, which is expressly incorporated as if fully recited herein, if you have not already done so.

USE OF PERSONAL INFORMATION

 We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason for which the information is provided.
  • To provide you and your authorized representatives with information and services that you request from us.
  • To provide you with email alerts and other notices concerning our services, programs, events, or news that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve The Website and present its contents to you.
  • For testing, research, analysis, and development of service offerings.
  • As necessary or appropriate to protect the rights, property or safety of us, or others.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred or impacted.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

SHARING PERSONAL INFORMATION

We may disclose your personal information to a government entity when required by law or to a third party in furtherance of the purposes for which you provide personal information to Arc.  When we disclose personal information in furtherance of a purpose for which it was provided, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We disclose your personal information for a business purpose to the following categories of third parties:

  • Apps, websites, and third-party integrations on or using our services;
  • Vendors and service providers, including payment/financial services providers (such as PayPal), human resources management systems (such as ADP), web analytic services (such as Google Analytics), software solutions (such as Therap and Gist), cloud platform providers (such as Google Cloud Platform), and providers for delivery of text and email messages; and
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with services we provide to you.

THIRD-PARTY VENDORS AND SERVICE PROVIDERS

To the extent that we use third-party vendors and service providers, they may only use personal information pursuant to a data-sharing agreement with us. Such an agreement shall impose similar data protection-related terms on the vendor or service provider that will not be less protective than those imposed on us.

We may rely on the services of the following third-party vendors and service providers in delivering our services to you:

In such case, we will provide such personal information subject to such vendor’s or service provider’s own data protection policies, which can be found at the links indicated above.

THIRD-PARTY WEBSITES AND SERVICES

The Website may contain links to other sites (“Third Party Website”). These links are provided solely for your convenience. We do not necessarily endorse, sanction or verify the accuracy of the information contained on any Third Party Website. Once you access a Third Party Website through a link on The Website, you are no longer covered by our Privacy Policy, and you should check the applicable privacy policy of the Third Party Website to determine how the third party will handle any information it collects from you. Any concerns regarding any Third Party Website should be directed to the Third Party Website itself. We bear no responsibility for any action associated with any Third Party Website.

COOKIES AND SIMILAR TECHNOLOGIES

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings when accessing and interacting with the Website, compiling aggregate data about site traffic and site interaction so we can gain insight on how to best optimize the user experience, content, and marketing, enable you to sign in, and fulfilling other legitimate purposes.

You have a variety of tools to control the data collected by cookies and similar technologies. For example, you can use controls in your internet browser to limit how the Website is able to use cookies, alert you about the cookies, and to withdraw your consent by clearing or blocking cookies.

CHILDREN

The Website is not directed to individuals under the age of 13, nor does the Website contain information that would be potentially harmful to minors in any way. However, we advise all visitors to The Website under the age of 13 not to disclose or provide any personal information. In the event that we discover that a child under the age of 13 has provided personal information to us, we will delete the child’s personal information in accordance with the Children’s Online Privacy Protection Act of 1998. (See, the Federal Trade Commission’s website at: http://www.ftc.gov/bcp/conline/edcams/kidzprivacy/). Parents or guardians who are concerned about information possibly submitted to The Arc by their children should contact PrivacyOfficer@arcunion.org for assistance in identifying and removing any such data.

Notwithstanding the foregoing, pursuant to 47 U.S.C. Section 230 (d), as amended, we hereby notify you that parental control protections are commercially available to assist you in limiting access to material that is harmful to minors. More information on the availability of such software can be found through publicly available sources. You may wish to contact your Internet Service Provider for more information.

We collect personal information on minors when provided by their parents or legal guardians for the purposes of requesting services from us for the benefit of such minors.

PROTECTION OF INFORMATION

We use reasonable physical, technical, and administrative measures to safeguard personal information in our possession against loss, theft, and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure, guarantee, or warrant the security of any information that you transmit to us or that we transmit to you.

PLEASE KEEP YOUR DEVICES AND PASSWORDS SECURE

Please keep your devices secure and do not share devices, logins, or passwords to any device with others. PLEASE SECURE YOUR LOGIN INFORMATION AND DO NOT DISCLOSE YOUR PASSWORDS AND ANY SENSITIVE INFORMATION TO ANYONE ELSE.  If you believe that your personal information was compromised while requesting or receiving services from us, please notify us at: PrivacyOfficer@arcunion.org

VIRTUAL SERVICES

It is highly recommended that if individuals and their family members or caregivers would like to discuss any sensitive information during a remote phone call or video call that they are aware of their surroundings and ensure the privacy of the individual. All Participants including staff members in a virtual or phone conference meeting are to remain vigilant of potential confidentiality issues, and are advised to take precautionary measures such as wearing headphones or earbuds, holding conversations in private rooms, closing doors, etc. It is also recommended that a separate appointment is set up if you or your family member or caregiver would like to discuss sensitive information with  ​an involved planning team member over a remote phone call or video call to ensure that team members included are not in the presence of third parties.

RETENTION OF INFORMATION

Consistent with our legal obligations, we will keep your personal information for as long as you maintain an ongoing relationship with us unless our legal or contractual obligations require us to retain your personal information for a longer period.  Thereafter, we will keep your personal information for as long as is necessary:

  • To respond to any questions, complaints, or claims made by you or on your behalf;
  • To provide services as contracted for by you;
  • To show that we treated you fairly; or
  • To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this Privacy Policy. Different retention periods apply for different types of personal information. When it is no longer necessary to retain your personal information, we will delete or anonymize it.

If any claim, legal process, or enforceable government request is brought, we may continue to retain your information for an additional time as necessary to protect our legal interests or to comply with any applicable law, regulation, legal process or enforceable governmental request.

We reserve the right to and may retain information about you beyond the above retention criteria for statistical purposes, and information retained for such purposes will be in an anonymized form that is not identifiable to you.

CHANGES TO OUR PRIVACY NOTICE AND POLICY

We reserve the right to amend our Privacy Policy at our discretion and at any time. When we make changes to our Privacy Policy, we will notify you by email, through a notice on The Website, or in another appropriate manner based on how we interact with you.  We will provide you with any such updated notice prior to or before any new personal information is collected from you. You will also be able to determine the date that our current Privacy Policy has become effective, by viewing the Effective Date at the top of this document.

CONTACT INFORMATION

If you have any questions or comments about our Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under our Privacy Policy, please do not hesitate to contact us at:

The Arc of Union County, Inc.

70 Diamond Road, Springfield, NJ 07081

Phone: 973-315-0000

PrivacyOfficer@arcunion.org