2. INFORMATION WE PROCESS
Personal Data is information that directly or indirectly identifies you, such as your name, email address, date of birth and telephone number.
Other Information is information that, by itself does not individually identify you, such as browser type, operating system, the webpages you viewed and how long you viewed them.
We generally do not treat Other Information as Personal Data unless required by applicable law. If we link together different types of Other Information, or link Other Information to Personal Data, we treat the linked information as Personal Data when it directly or indirectly identifies you or another person.
3. HOW WE USE INFORMATION
You may choose not to provide us with your Personal Data. If you choose not to provide your Personal Data, you may not be able to enjoy the full range of the Services.
We receive information:
When you register for the Services: When you register for the Services, we process Personal Data, including your name, email address, mobile telephone number, date of birth and encrypted password. If you are a member of LCI, we also process your Member ID, which may be Personal Data under certain laws.
When you use the Services: We receive information about the Services that you use and how you use them. We may also ask for information, some of which is Personal Data, so that we may keep you informed and provide you with information on upcoming events in your area or inform you of opportunities to support our missions. This information is not required to use the Services.
From Your Device: If you accept cookies, we will receive information about your computer, tablet or mobile telephone (“Device”), such as model, operating system version, mobile network information, mobile telephone number, internet service provider and similar identifiers. We may associate your Device information with your LCI account. We may collect and store information (including your Personal Data) about your Device through a browser web and web application data caches.
If you enable location services on your mobile device, we may also process your geolocation information (“Location Data”) from your wireless carrier, through a wearable or other device you have connected (for example, a smart watch) to our Services, and/or directly from the Device on which you use our Services. Geolocation is not permanently stored. It is only used for targeting activities in your area.
If you are accessing the Services through the MyLion App, how we obtain location data will differ depending on your Device’s operating system. We do not collect location data unless you have “allowed” its collection in your Device’s operating system settings. If you decline to allow location data collection in the app, we will not collect your location data unless you manually enter it.
Through Server Logs: A server log is a list of the activities that a server performs. Our servers automatically store in server logs search queries, hardware settings, browser type, browser language, the date and time of your request and referral URL and certain cookies that identify your browser or LCI account. Some of this information is gathered through Data Collection Technology in order to improve the Services.
4. DATA COLLECTION TECHNOLOGY
Data Collection Technology collects all sorts of information, such as how long you engage with the Services, the content you view, your search queries, error and performance reports, as well as Device identifier or IP address, browser type, time zone and language settings and operating system.
Data Collection Technology deployed through the Services includes cookies.
Cookies: Cookies are small text files that are sent to or accessed from your web browser or your computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your Device, such as user settings, browsing history and activities conducted while using the Services.
The Services use the following cookies:
- Strictly necessary cookies, which are required for the operation of the Services. Without them, for example, you would not be able to register or log in for the Services that we offer.
- Analytical/performance cookies, which allow us to recognize and count the number of visitors, learn how visitors navigate the Services, and improve the Services.
- Functionality cookies, which we use to recognize you when you return to the Services.
To learn more about cookies visit www.allaboutcookies.org.
We also use analytics services, such as Google Analytics, to gather information. Generally, analytics services do not identify individual users. Many analytics services allow you to opt out of data collection.
For example, to learn more about Google Analytics practices and to opt out, visit www.google.com/settings/ads or by downloading the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
How We Use Data Collection Technology: Some Data Collection Technology is utilized by us when you visit the Services. Other Data Collection Technology is deployed by third parties with which we partner to deliver the Services, such as PayPal and Paymentech.
Data Collection Technology helps us improve your experience of the Services by compiling statistics about use of the Services and helping us analyze technical and navigational information about the Services.
We also may use Data Collection Technology to gather information from the Device that you use to access the Services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your Device is located. We do not store this information for purposes of identifying any specific user, but so we can better understand how the Services are being utilized so we can improve the user experience.
Do Not Track: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from gathering certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including us, do not respond to DNT signals.
5. HOW WE PROCESS PERSONAL DATA
We process Personal Data:
- To set up and maintain your registration and account with the Services;
- To communicate with you;
- To deliver relevant content to you;
- To provide features through the Services, such as membership activities and service reporting;
- To prevent and investigate fraud and other misuses of the Services;
- To protect our rights and property;
- To operate, manage and improve the Services; and
- To ensure the technical functionality and security of the Services.
We process Other Information:
- To administer and improve the Services and your experience on the Services;
- To analyze trends and gather broad aggregate demographic information;
- To statistically monitor how many people are using the Services or opening our emails;
- To develop, improve and protect the Services;
- To conduct audience research;
- To audit and analyze the Services; and
- To ensure the technical functionality and security of the Services.
6. HOW WE SHARE INFORMATION
We may process your Personal Data received via the Services as follows:
To Protect Legal Rights. Applicable law may require us to disclose your Personal Data if: (i) reasonably necessary to comply with legal process (such as a court order, subpoena or search warrant) or other legal requirements; (ii) disclosure would mitigate our liability in an actual or threatened lawsuit; (iii) necessary to protect our legal rights or the rights of our users, customers, business partners or other interested parties; or (iv) necessary for the prevention or detection of crime (subject in each case to applicable law).
We may aggregate information received though the Services and remove identifiers so that the information no longer identifies or can be used to identify an individual (“Anonymized Information”). We share Anonymized Information with third parties and do not limit third parties’ use of the Anonymized Information because it is no longer Personal Data. We will never sell or share your Personal Data, including but not limited to donor information collected online or offline, with any unrelated third parties.
7. CHILDREN’S PRIVACY
The Services are not directed to or intended for use by children under the age of 13 (“Minors”). Consistent with the requirements of applicable law, if we learn that we have received any information directly from a Minor without his or her parent’s verified consent, we will use that information only to respond directly to that Minor (or his or her parent or legal guardian) to inform the Minor that he or she cannot use the Services and subsequently will delete that information.
Children below the age of 16: For children under the age of 16 to use the Services consent must be provided by the holder of parental responsibility over the child. We shall make reasonable efforts to verify in such cases that consent is given by the holder of parental responsibility over the child.
California Minors: While the Service is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: firstname.lastname@example.org. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
8. SECURITY OF YOUR PERSONAL DATA
We take precautions intended to help protect information that we process but no system or electronic data transmission is completely secure. Any transmission of your Personal Data is at your own risk and we expect that you will use appropriate security measures to protect your Personal Data.
You are responsible for keeping your login information private. We will treat access to the Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.
If we become aware of a breach that affects the security of your Personal Data, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, we will provide any such notice to you at your account’s email address. By using the Services, you agree to accept notice electronically.
9. RETENTION OF YOUR PERSONAL DATA
We retain Personal Data in identifiable form only for as long as necessary to fulfill the purposes for which the Personal Data was provided to us or, if longer, to (i) comply with law legal obligations, (ii) detect and prevent fraud, (iii) resolve disputes, (iv) enforce agreements, (v) take actions we deem necessary to protect the integrity of the Service or our users, and (vi) similar essential legal purposes.
10. YOUR CHOICES ABOUT YOUR PERSONAL DATA
Your Privacy Preferences. Unless you are a resident of the EU or EEA, when you register for the Services, you consent to receive email messages from us. You may modify this consent later by visiting your account settings. You also may opt out of receiving marketing emails by clicking the opt-out request in each marketing email. (It may take up to 10 days for us to process an opt-out request.) You may not opt out of transactional emails, such as service announcements, administrative notices and surveys, or if you are an officer in a club, district, multiple district or international role, you may not be able to opt out of role-specific communications.
We may also deliver notifications to you directly. You can disable some of these notifications through your Device’s operating system, through your account settings or by disabling the applicable Service.
Changing information in your account or otherwise opting out of specific email communications will only affect future activities or communications from us.
Your Right to Review Your Personal Data: If you would like to review the Personal Data that we maintains about you, please contact us in writing using the contact information below. If you are a registered user in MyLion or MyLCI, you can review certain Personal Data that you provided to us by logging in to your account. If you are not a registered user, or would prefer we make the necessary changes on your behalf, we may take reasonable steps to verify your identity before providing access or making changes to Personal Data. Inquiries to review personal data can be sent to us by email at email@example.com.
Your Right to Correct or Delete Your Personal Data: The easiest way to correct or delete certain Personal Data that you have provided to the Services is to log in to your account and enter the necessary changes to your user profile. Alternatively, your club president, club secretary, or a designated club or district administrator can update your information. You can also contact the Member Service Center at firstname.lastname@example.org. to make changes. If you have additional questions regarding the correction or deletion of your Personal Data, please contact us at email@example.com.
We will review your request but may not be able to grant access to or change or delete certain of your Personal Data. We will respond to your requests within the time allowed by all applicable data protection laws and will make every effort to respond as accurately and completely as possible. If we cannot provide access or correct or delete your Personal Data, then we will notify you within 30 days.
11. ONWARD TRANSFER AND CONSENT TO INTERNATIONAL PROCESSING
If you are using the Services and are from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Data to LCI or LCIF, with servers located in the United States. By providing your Personal Data, you consent to any transfer and processing in accordance with this Policy.
12. COMPLAINTS ABOUT HOW WE PROCESS YOUR PERSONAL DATA
If you have any complaints regarding how we process your Personal Data, please contact us at firstname.lastname@example.org with a detailed description of the complaint. We respond to complaints as soon as practicable, and in any event, within the time limits prescribed by law.
14. APPLICABLE LAW
HOW TO CONTACT US
If you have any questions, comments, or concerns about how we handle your Personal Data, then please contact us as follows:
Telephone: (+1) 630-571-5466, ext. 3847
Lions Clubs International
300 W. 22nd Street
Oak Brook, IL 60523-8842
15. California Shine the Light Law:
For residents of the state of California, Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to email@example.com or write us at: Lions Clubs International, Inc., Attn: Legal, 300 W. 22nd Street, Oak Brook, IL 60523-8842.
16. EU Privacy Notice
For residents of the European Union (EU) and European Economic Area (EEA) whose information has been knowingly collected by us, the following information applies to you:
If you are an EU or EEA resident and we knowingly collect your personal information (also called ‘personal data’), we will do so in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR’) and EU member state national laws that implement or regulate the collection, processing and privacy of your personal data (together, ‘EU Data Protection Law’).
This Privacy Notice also provides information on your legal rights under EU Data Protection Law and how you can exercise them.
When personal data is collected
When you register for the Services, join a Lions club or make a donation, we receive Personal Data, including your name, email address, mobile telephone number, and date of birth. If you are a member of LCI, we also receive your Member ID, which may be Personal Data under certain laws.
Because of the global nature of our organization and its structure of clubs, districts and multiple districts, we may hold and process personal data that is collected from clubs, districts and partner organizations around the world, including within the EU/EEA.
This also means that if you are a member or individual contact of this network resident in the EU/EEA, your personal data may be transferred from the EU/EEA to our headquarters in the United States.
US data privacy laws are currently not considered to meet the same legal standards of protection for personal data as set out under EU Data Protection Law. However, in order to safeguard personal data received from the EU/EEA, we only allow such a transfer of personal data to the US or other third countries under an approved contract or another appropriate mechanism which is legally authorized under EU Data Protection Law.
This is to make sure that the personal data that we receive and process (so far as it relates to residents of the EU/EEA) is properly safeguarded in accordance with similar legal standards of privacy you would enjoy under EU Data Protection Law.
The lawful grounds on which we receive and process personal data
We process your personal data for the above purposes, relying on one or more of the following lawful grounds under EU Data Protection Law:
(a) where you have freely provided your specific, informed and unambiguous consent for us to process your personal data for particular purposes;
(b) where you have freely joined a chartered Lions Club, thereby becoming a member of LCI, and your club must report certain personal data to LCI for purposes of membership administration and support;
(c) where we agree to provide services to you as a member of a Lions club, donor or other lawful purpose, in order to set up and perform our contractual obligations to you and/or enforce our rights;
(d) where we need to process and use your personal data in connection with our legitimate interests as a global association and being able to effectively manage and operate our organization in a consistent manner across all territories. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right to privacy: and/or;
(e) where we need to comply with a legal obligation or for the purpose of us being able to establish, exercise or defend legal claims.
Please also note that some of the personal data we may unintentionally receive and may include what is known as ‘sensitive’ or ‘special category’ personal data about you, for example, information regarding your ethnic origin or political, philosophical and religious beliefs. This is not the type of data that we or chartered Lions clubs would routinely receive, but if we process such sensitive or special category data we will only do this in specific situations where:
(a) you have provided this with your explicit consent for us to use it; or,
(b) there is a legal obligation on us to process such data in accordance with EU Data Protection Law
(c) it is needed to protect your vital interests (or those of someone else) such as in a medical emergency; or,
(d) where you have clearly chosen to publicize such information: or,
(e) where needed in connection with a legal claim that we have or may be subject to.
Individuals within the EU/EEA must opt-in to receive direct marketing communications. If we provide direct marketing communications to individuals in the EU/EEA regarding services and/or events which may be of interest, this will be done in accordance with EU Data Protection Law, and in particular where we contact individuals for direct marketing purposes by SMS, email, fax, social media and/or any other electronic communication channels, this will only be with the individual’s explicit consent or in relation to similar services that the individual has purchased (or made direct enquiries about purchasing) from us before.
Individuals are also free to object or withdraw consent to receive direct marketing from us at any time, by contacting us at firstname.lastname@example.org or by selecting “unsubscribe” at the bottom of any marketing email received.
Disclosing your personal data to third parties
We may disclose your personal data to certain third party organizations who are processing data solely in accordance with our instructions (called ‘data processors’) such as companies and/or organizations that support our business and operations (for example providers of web or database hosting, IT support, payment providers, event organizers, agencies we use to conduct fraud checks or mail management service providers) as well as professionals we use such as lawyers, insurers, auditors or accountants. We only use those data processors who can guarantee to us that adequate safeguards are put in place by them to protect the personal data they process on our behalf.
Other than as described above, we will treat your personal data as private and will not routinely disclose it to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you (such as a criminal investigation). We always aim to ensure that your personal data is only used by third parties we deal with for lawful purposes and who observe the principles of EU Data Protection Law.
Your personal data rights
In accordance with your legal rights under EU Data Protection Law, you have a ‘subject access request’ right under which can request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to as well as certain other information.
Usually we will have one month to respond to a subject access request. However, we reserve the right to verify your identity and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests. We may also require further information to locate the specific information you seek and certain legal exemptions under EU Data Protection Law may apply when responding to your subject access request.
Under EU Data Protection Law. EU/EEA residents also have the following rights, which can be enforced by making a request in writing:
(a) that we correct personal data that we hold about you which is inaccurate or incomplete:
(b) that we erase your personal data without undue delay if we no longer need to hold or process it:
(c) to object to any automated processing (if applicable) that we carry out in relation to your personal data.
(d) to object to our use of your personal data for direct marketing:
(e) to object and/or to restrict the use of your personal data for purpose other than those set out above unless we have a compelling legitimate reason: or
(f) that we transfer personal data to another party where the personal data has been received with your consent or is being used to perform contract with you and is being processed by automated means.
So we can fully comply, please note that these requests may also be forwarded on to third party data processors who are involved in the processing of your personal data on our behalf.
If you would like to exercise any of the rights set out above, please contact us at the address below.
If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to the Office of the Information Commissioner in the United Kingdom.
How long we retain your personal data
We retain Personal Data in identifiable form only for as long as necessary to fulfill the purposes for which the Personal Data was provided to us or, if longer, to (i) comply with law legal obligations, (ii) detect and prevent fraud, (iii) resolve disputes, (iv) enforce agreements, (v) take actions we deem necessary to protect the integrity of the Service or our users, and (vi) similar essential legal purposes. This criteria takes in to consideration the reasonable expectations of those whose personal data we gather in these circumstances, taking into account various legislative requirements and guidance issued by relevant EU regulatory authorities.In accordance with the above retention policy, the personal data that we no longer need will be disposed of and/or anonymized so you can no longer be identified from it. For more information on how your data may be used, please see our Privacy Page.
Modified January 5, 2021