Introduction
The Cambodia Assist Program is run by humanitarians, philanthropists and volunteers. DBA (doing business as) the Cambodia Assist Program herein referred to as "CAP", “we”, “us” or “our”.
We take privacy and data protection issues seriously.
We have established this Privacy Policy (the "Policy") to explain how we handle personally identifiable information collected from donors and viewers of this Website.
By accessing and/or using this Website, you agree that you have read and understood this Policy and you accept and consent to the privacy practices (and any uses and disclosures of information) that are described in this Policy.
This Policy sets out CAP’s personal information management practices. It covers the following areas:
Application of Policy
This Policy applies to all our personnel, including volunteers and other individuals with whom we do business.
Responsibilities of Personnel
It is the responsibility of all personnel to:
Personal Information Collected
CAP collects only personal information that is necessary for the Website’s functions and activities. This includes personal information collected when you donate directly or via third party websites. This information will only be collected with the consent of the individual or otherwise in accordance with the law.
As with many other websites, the web servers used to host the Website may collect certain non-personal data pertaining to users of the Website and the equipment and communications method that they use to access the Internet and the Website. Without combining this data with other sources of information, they do not readily or personally identify individuals. They may reveal such things as the Internet protocol ("IP") address assigned to an individual's computer, specific pages that an individual accessed on the Website or immediately prior to visiting the Website, and the length of time spent in a visit to the Website. The purposes for which this information is collected and used include facilitating website operation and system administration, the generating of aggregate, non-identifiable statistical information, monitoring and analyzing Website traffic and usage patterns, and improving the content and content delivery with regard to the Website and the content, materials, opportunities, and services that we describe or make available on the Website.
You may receive regular updates from CAP on actions to take. If at any time you would like to unsubscribe from our email list, you may do so by clicking the unsubscribe link in the email.
We may also use "cookies" (small text files stored on users' computers) to help track and customize access and use of the Website. Cookies store and retain information that helps us recognize individuals when they return to the Website following a previous visit. Most popular Internet browser packages allow one to configure the browser so as not to accept cookies. However, setting your browser to reject cookies may, in certain instances, prevent you from taking full advantage of the Website and the information, products, and services that we make available on the Website.
Your Rights and Preferences
Storage and Processing of Your Personal Data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (”EEA”), the country in which you reside, or the country from which you are accessing the Website. We take reasonable steps to ensure that cross-border data transfers comply with existing data protection laws, such as working with third party processors certified in the EU-US Privacy Shield framework or with those that use standard contractual clauses that bind parties to protect the privacy and security of data.
Use and Disclosure of Personal Information
We will generally use and disclose personal information for purposes related to the main purpose for which the information was collected, or where the individual has consented to the use or disclosure. We may also use personal information to send you email communications promoting messages, content or actions on behalf of other organizations. These emails will always come from the Website’s email address. In addition, we may disclose personal information to third party service providers who assist us in providing our services. These may include companies which assist with data processing and analysis, research, mail services or maintenance. These third parties may also include organizations that cross-check the information you provide to us with information about you in other databases, which we will include in our records. We obtain this data with assurance from these providers that you have consented to the collecting and sharing of this data. We do not actively collect sensitive personal data such as medical data.
Personal information will only be disclosed to those third party service providers on a confidential basis so that the service provider can effectively provide those services.
In addition, with your explicit permission, we may pass along certain information to the following groups:
Under circumstances where we determine that users may be misusing our systems for malicious purposes (for example, using the contacts we provide to make harassing phone calls, emails, etc.), such activities may be reported to law enforcement agencies. In such cases, we may release personally identifiable information, including name and address, to those agencies.
We may transfer your personal information to a third party if we or any of our company affiliates are involved in a corporate restructuring (e.g., a sale, merger, or other transfer of assets).
Disclosure When Required By Law
We may otherwise use or disclose personal information where required or authorized by law, which may include emergency situations and assisting law enforcement agencies.
Disclosure to Partner Organizations
From time to time we will feature actions including, but not limited to petitions and email campaigns, supplied by partner organizations on the Website. These actions may be subject to data sharing agreements between us and these partner organizations. Where such agreements are in place, this will be clearly noted on the pages associated with the action. You will be provided with an express opt-in before we share your information with the partner organization(s). You acknowledge that CAP has no control over the content, frequency and/or any other aspect of such communications.
From time to time we may feature rewards, supplied by partner organizations on the Website. These actions may be subject to data sharing agreements between us and these partner organizations. Where such agreements are in place, this will be clearly noted on the pages associated with the reward and at the point of entry. By entering the reward, you are agreeing to further contact from the partner organization(s) associated with that reward. You acknowledge that CAP has no control over the content, frequency and/or any other aspect of such communications.
Access to Database/Mailing Lists
We will not allow access to our database or mailing lists to any organization or individual, except as expressly permitted by the user. However, if the material another organization or individual wishes to circulate through our database aligns with our core values and is within the use anticipated by those on the mailing list, we will take responsibility for the circulation and will ask that the organization/individual provide us with a letter explaining their request.
Credit Card Security
On the Website, CAP may use PayPal or another third party to process and accept transactions. We do not store any credit card information.
PayPal adheres to international PCI (payment card industry) compliance standards for data security. Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements that all businesses who handle credit or debit card payments must comply with. The PCI Security Standards require all merchants, regardless of size or number of transactions, who accept, store, transmit or process any cardholder data to comply with PCI DSS.
Security of Personal Information
We take reasonable steps to protect all of the personal information CAP holds from misuse and loss and from unauthorized access, modification or disclosure. This protection applies in relation to information stored in both electronic and hard copy form.
Information Security
We use firewalls and other industry standard security technology, as well as industry standard security practices, to protect personal and confidential information that we receive and to prevent that information from being accessed by unauthorized persons. For example, we work to protect the security of information submitted through the Website during transmission by using Secure Sockets Layer (SSL) software, which encrypts information. The information that you submit through the Website is gathered on computers, and stored in a data center, protected by industry standard security practices. The number of employees that have physical access to our data center, and to the computer on which personal information is stored, is limited. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission, we make our best effort to ensure its security on our systems.
Data Tracking
In order to better serve our members, we use cookies and periodically analyze web logs. We may collect IP addresses to better understand where our traffic is coming from, and to provide customized services to donors. We may also use third-party services, including, without limitation, Google Analytics. This helps us understand traffic patterns and know if there are problems with our website. We may also use embedded images in emails to track open rates for our mailings, so that we can tell which mailings appeal most to CAP donors.
URLs contained in emails may contain an ID that enables us to correctly identify the person who takes an action using a web page. We use these URLs to simplify the process of signing petitions and filling out surveys. We may occasionally present a shortened URL that references a longer URL which contains an ID—we do this to simplify the display, to prevent links from becoming broken when copied, and to ensure compatibility with email programs which do not handle long URLs. When a shortened URL is displayed in an email, you will see the full URL in the browser's address bar when you access the page.
Links to Other Websites
We may provide links to third party websites, and other websites may provide links to this website. Third party websites operate according to their own terms of use and privacy policies. We have no control over such third party websites, and by using this Website, you acknowledge and agree that we are not responsible for the availability of such third party sites, and does not endorse and is not responsible or liable for any content, advertising, products or other materials on or available from such sites. You further acknowledge and agree that we will not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, advertising, products, or other materials on or available from such sites.
Changes to this Privacy Policy
We may revise or amend this Policy at any time at our sole discretion. If we make any substantive changes in the way we collect or use personally identifying information provided by users, we will post a prominent announcement on the website and post the changes on this page. We will never change our policies and practices to make them less protective of user information collected prior to the effective date of any changes without the consent of affected users. We encourage users to visit this page periodically to review our current policy.
Contact
If you have any questions about this privacy statement, your personal information, or the practices of CAP, please contact us via email.
We are the sole data controller for the purposes of the personal data processed under this Policy.