CyArk is a non-profit corporation committed to empowering individual connection with historical places and cultural heritage. The privacy of your personally identifying information is of the utmost importance to us at CyArk and our affiliates (collectively "
This Privacy Policy describes how we collect, use, disclose, share, or otherwise process your personally identifiable information ("
By using our Online Services, you agree to the terms and conditions contained in this Privacy Policy and you expressly consent to the processing of your data in accordance with this Privacy Policy. If you do not agree to any of these terms and conditions, or approve of CyArk's data practices as explained herein, then you are not authorized to use our Online Services.
CyArk collects the following types of personally identifying information ("PII") when you visit our Websites or use our Services:
Our servers, which may be hosted by a third-party service provider, collect certain technical data about your device and software, including your browser type, operating system, IP address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session and may indicate your general location), domain name, and/or a time stamp of your visit. We automatically gather this data and store it in log files each time you visit our website or access an account on our network. Unless you have provided PII in connection with your use of the Online Services (for example, by creating an account), we cannot use such technical data to identify your name or contact information.
We may also directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends in connection with the Online Services. We collect and use this analytics information in aggregate form such that it cannot reasonably be used to identify any particular individual person.
You may visit our Websites if you wish without creating an account or providing us with any information about yourself.
However, if you decide to use certain Services, you may be asked for information that we need in order to provide you with the Services requested. For example, if you decide to sign up for newsletters from us, request data from our Open Heritage Program, attend a virtual event, make a donation to us, or create an account to use certain Services, CyArk may collect some or all of the following PII from you: (1) first and last name, (2) organization name, (3) job title, (4) email address, (5) phone number, (6) location information including state/province and country, and (7) where applicable, a user-generated password for your account. If you provide payment information for a donation, that is securely processed by our third-party payment processor and not used for any other purpose.
If you provide us with feedback or contact us via email (e.g., in response to an employment or grant opportunity posted on our Website), we will collect your name and email address, as well as any other content or information included in or attached to your email, in order to send you a reply. If you order Services from us for a fee, we may also collect information needed for billing and payment purposes that will be processed through a secure third-party payment processor.
We may combine the information we collect directly from you with information we obtain from public sources, partners, and other third parties and use such combined information in accordance with this Privacy Policy.
In summary, we use your PII to respond to your requests, to provide, secure and enhance the Online Services, and to comply with our legal obligations. In particular, CyArk uses your PII for the following purposes as necessary and as permitted by applicable law:
We may also compile statistical or anonymized, non-personally identifiable information and use or transfer such information for any purposes; provided, however, that such data has been fully de-identified and cannot in any way be traced back to the customer or user and does not contain any personally identifiable information. We may also such anonymized information publicly to show trends about the general use of our services.
In connection with our Websites and emails, we use third-party online analytics services, such as those of Google Analytics. These analytics services use automated technologies to collect information (such as email address, IP address, and device identifiers) to evaluate, for example, use of our products and services and to diagnose technical issues. To learn about how Google Analytics collects and processes data, you may visit https://policies.google.com/technologies/partner-sites.
To the extent permitted by applicable law, CyArk may disclose your PII in the following circumstances:
We may engage our affiliates or third-party organizations or individuals to support us in connection with the purposes listed above, such hosting providers, subcontractors, and third-party payment processors.
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for CyArk to disclose your PII. We may also disclose your PII if we determine disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
We may share your PII if CyArk engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of CyArk's assets, financing acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
We may also disclose your PII in other circumstances with your prior informed consent. Service providers acting on our behalf are obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your PII as necessary to perform their functions.
We are committed to protecting the security of information received via the Online Services, including PII. If we collect PII from you, we provide reasonable and appropriate administrative, technical, and physical security controls designed to protect your PII from unauthorized access, use, or disclosure. Despite our efforts, no security controls are 100% risk-free, and CyArk does not warrant or guarantee that your PII will be secure in all circumstances. If you create an account, you are responsible for keeping your account credentials and passwords secure and not allowing others to use your account.
Our Websites and Services are intended for general audiences, and we do not knowingly collect PII from a child under 13 years old.
Please note if you are a California resident, please see Section IX "Additional Information for California Residents" below for more information about your privacy rights under California law.
We offer you choices regarding the collection, use, and sharing of your PII. Where permitted by applicable law, we may periodically send you free newsletters and e-mails that directly promote the use of our products or services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly. Despite your indicated e-mail preferences, we may send you notices of any updates to our Terms of Use or Privacy Policy and similar account notices.
You may edit any of your PII in your account on the Online Services, including contact information and/or notification settings, by editing your account profile. You may also request that we delete your account information by sending an email to info@cyark.org, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). CyArk will respond to such requests within thirty (30) days or sooner if required by applicable law. When we delete account information, it will be deleted from the active database, but may remain in our archives for a limited amount of time. We will otherwise retain your information for as long as your account is active, as needed to provide you with the Online Services you have requested, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If an organization has registered for the Services (a "
Our provision of a link to any website or location outside of the Online Services is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, a third party may collect data, including PII, from you. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on a link to a third party. We encourage you to carefully read the privacy statement of any other website you visit.
CyArk is located in the United States. By accessing or using the Online Services, or otherwise providing information to us, you understand that your information may be subject to processing, transfer, and storage in other locations. In the event that CyArk transfers your Personal Data from the EEA to a country which is not subject to an adequacy decision by the European Commission or which may not provide for the same level of data protection as the EEA, CyArk will ensure that the recipient of your Personal Data offers an adequate level of protection. This may include such measures as entering into standard contractual clauses for the transfer of data as approved by the European Commission, gaining your prior consent, or other appropriate measures in accordance with applicable law.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act ("
The chart below details the categories of personal information we collect, the sources of such personal information, and how we use and share such information for business purposes.
Categories of Personal Information Collected | Sources of Personal Information | Purposes for Use of Personal Information (see "How We Use the Data We Collect" for more information) | Disclosures of Personal Information for Business Purposes (see "Information Sharing and Disclosure" for more information) |
---|---|---|---|
Contact information (e.g., name, email address, phone number, mailing address including state/province, country) |
|
|
|
Financial and transactional information (e.g., payment account information and donation history) |
|
|
|
Login information (e.g., your account name and password) |
|
|
|
Device and online identifier information (e.g., IP address, browser type, operating system, general location inferred from IP address, and similar information) |
|
|
|
Service usage information (e.g., the dates and times you use the services, how you use the services, and the content you interact with on the services) |
|
|
|
If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:
The CCPA further provides you with the right not to be discriminated (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide our services to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.
Please also note that if your personal information has been collected by CyArk as a result of a Customer's (as defined above) use of our services, CyArk collects and maintains your personal information under the directions of the relevant Customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to consumer choices as appropriate and required by applicable laws.
If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer's behalf, please contact us at info@cyark.org.
The CCPA provides certain rights if a company "sells" personal information, as such term is defined under the CCPA.
Shine the Light Disclosure: The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
Data protection laws change and update frequently and we endeavor to always comply with applicable laws where we operate. If you have any questions, concerns, or requests regarding the handling of your personal information please contact us at info@cyark.org. Please note we may take reasonable steps to verify your identity and the authenticity of the request.
Our Websites are intended for general audiences. Our separate Services are not intended for use or access by children or minors. CyArk does not knowingly collect or solicit information from anyone under the age of thirteen (13). If you believe CyArk has inadvertently collected information about a child under the age of thirteen (13), please contact us at info@cyark.org.
CyArk reserves the right to change this Privacy Policy. CyArk will provide notification of the material changes to this Privacy Statement through our Website and, where appropriate, when you login to your account or by email to any email address of yours we may have on file, at least thirty (30) days prior to the change taking effect.
CyArk welcomes your comments, questions, and concerns regarding our Privacy Policy. Please contact us at info@cyark.org or at our mailing address below:
CyArk
Attn: Legal Department
2201 Broadway, STE 602, Oakland, CA 94612
This Supplemental GDPR Privacy Statement is relevant to any individual located in the European Economic Area who uses our Services.
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR“), requires CyArk to provide additional and different information about its data processing practices to data subjects in the EEA. If you are accessing the Online Services from a member state of the EEA, this Supplemental GDPR Privacy Statement applies to you.
For purposes of the GDPR, CyArk 2201 Broadway, STE 602, CA, 94612 USA, is the data controller of your personal information.
As exceptions, CyArk relies on your consent with respect to cookies that are not strictly necessary and direct marketing emails per Article 6(1)(a) of the EU GDPR; and pursues legitimate interests under Article 6(1)(f) of the EU GDPR with respect to situations where CyArk needs to process your personal data to comply with applicable laws (as a U.S.-based company, CyArk is subject to U.S. laws and must comply with them) or processes your personal data to improve our business and Online Services.
Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.
If you have provided consent for cookies that are not strictly necessary, direct marketing emails or other data processing based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority.