Privacy Policy
Last updated May 1, 2024
Introduction
Prison Yoga Project (“Prison Yoga”, “we”, “us” or “our”) respects the privacy of our website visitors, donors, users, and customers (referred to as “you” or “your”). This privacy policy (as posted on our website www.prisonyoga.org and as amended from time to time and effective as of the date posted) (“Privacy Policy”) describes the types of information we collect from you or that you may provide when you visit or use our public or community websites (www.prisonyoga.org or community.prisonyoga.org) (together, “Website”), purchase our products (“Products”), use our services (“Services”), or make donations, and describes our practices for collecting, using, maintaining, protecting, disclosing, retaining, and transferring that information. This Privacy Policy applies to the data collected by us, or those working on our behalf, through information you enter or from the data imported from sources authorized or approved by us. It does not apply to data collected through third-party websites, or to products, or services not approved by us.
Acknowledgement and Consent
By visiting our Website, or purchasing or using our Products or Services in any manner, or donating to us, you acknowledge that you accept the terms, practices and policies described in this Privacy Policy (and as updated from time to time), and you hereby consent that we may collect, use, process, share, retain, and transfer your information as described herein. If you do not agree with our policies and practices, your choice is not to use our Website or our Services. Your use of the Website and our Services is at all times subject to our Terms of Use (available at www.prisonyoga.org/terms and as amended from time to time and effective as of the date posted (the “Terms”)), which is incorporated by reference herein. Any capitalized terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms.
Changes to Our Privacy Policy
We are constantly working to improve our Website and Services, and we may need to change this Privacy Policy from time to time as well. Our current Privacy Policy will always be on our Website and any updates will be effective upon posting. You are responsible for periodically checking our Website for updates. Under certain circumstances, we also may elect to notify registered Users of changes or updates to this Privacy Policy by additional means, such as posting a notice on the Website or by sending you an email, but you should not rely on receiving such additional notice.
If you use the Website, purchase Products, or use our Services after any changes to the Privacy Policy have been posted, you agree to the new Privacy Policy. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is collected.
What Information Does This Privacy Policy Cover?
This Privacy Policy covers our treatment of your personally identifiable information. “Personal Information” generally refers to any unencrypted or non-deidentified information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular person. However, the definition of Personal Information may vary depending on the state or country in which you reside, and that state’s or country’s definition will apply to your
Personal Information in the context of this Privacy Policy
Please see additional information below on the particular information we may collect.
If you are a citizen or resident of the European Economic Area (“EEA”), United Kingdom, or Switzerland, the definition of personal information is defined under the General Data Protection Regulation (“GDPR”) and you have certain rights; therefore, please see the section below entitled “GDPR”.
Personal Information does not include information publicly available from government records or information excluded by applicable law. Personal Information also does not include your Personal Information that has been deidentified, pseudonymized, anonymized, aggregated, and/or otherwise processed so as to be unidentifiable in such a way that the data can no longer be attributed to a specific individual (by reasonable means) without the use of additional information, and where such additional information is kept separate and under adequate security to prevent unauthorized re-identification of a specific individual such that one could not, using reasonable efforts, link such information back to a specific individual (collectively, all of the foregoing in this sentence being referred to as “De-Identified Personal Information”).
We also may collect Personal Information from you through means other than our Website. This may include offline collection, such as if you submit a paper application, make a payment by check, or call or visit our office. It also may include emails, text messages, or other electronic communications that you send to us separate from our Website or by way of our Service Providers (as defined herein). However, if we combine the Personal Information we collect from you outside of our Website with Personal Information that is collected through our Website or by another means as described above, the Privacy Policy will apply to the combined information, unless specifically disclosed otherwise.
Other than as stated herein, this Privacy Policy does not apply to information collected by any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on our Website. We are not responsible for the practices of sites linked to or from the Website, and before interacting with any of these sites you are advised to review their rules and policies before providing them with any private information.
Individuals under the Age of 18
We do not knowingly collect, solicit or maintain Personal Information from anyone under the age of 18 or knowingly allow such persons to register for or use our Services. If you are under 18, please do not send any Personal Information about yourself (such as your name, address, telephone number, or email address) to us. In the event that we learn that we have collected Personal Information from a child under age 18 without verification of parental consent, we will use commercially reasonable efforts to delete that information from our database. Please contact us if you have any concerns.
Personal Information We Collect
We may collect several categories of Personal Information from and about you as summarized as follows:
- Identifiers:
- First and last name
- User name (which may include first and last name)
- Email address
- Postal address
- Zip code
- Unique personal identifier (e.g.: customer/account name or number, phone number, mobile device identifier)
- Demographic: Birth date, national origin, country of residence
- Characteristics of protected classifications under California or federal law: Racial origin
- Commercial information: Products/services purchasing history and tendencies; Donation history
- Internet or other electronic network activity; device information:
- Type and manufacturer of device and its ID/UDID or similar device-specific code
- Internet Protocol (IP) address, protocol, and/or sequence information
- Operating system and platform
- Internet service provider or mobile carrier’s name, connection speed, and connection type
- Browsing, session, interaction, and search history related to our Website
- Cookies
- Pixel tags
- Browser type, language, and version
- Screen resolution
- Domain name system requests
- Media Access Control (MAC) address of pages you have visited
- Material and pages viewed
- Time and date of access to our Website
- Number of bytes transferred
- Number of clicks per visit
- Date stamp and URL of the last webpage visited before visiting our Website, and URL of the first page visited after leaving our Website
- Pages viewed, time spent on a page, click-through and clickstream data, queries made, search results selected, comments made
- Type of service requested
- Hypertext transfer protocol headers, application client and server banners, and operating system fingerprinting data
- Professional or employment information:
- Email address that identifies you (e.g., jane.r.smith@website.com versus jrs@website.com)
- Employer, employment history, information from professional references, work experience
- Other information: Signatures
YOUR SPECIFIC CONSENT TO PROCESSING OF “SENSITIVE” OR “SPECIAL” CATEGORIES OF PERSONAL INFORMATION
Certain types of Personal Information are considered, under the privacy laws of some states and countries, to be “sensitive” or “special” categories of information, e.g., race. We “process” or use racial data for the purpose of understanding the demographic makeup of our community and ensuring diversity, equity, and inclusion, and to report to funders. You specifically consent to our processing this type of data for these purposes.
How We Collect Personal Information and from What Sources
Information You Provide Us
The Personal Information we collect through our Website, or from our business partners, service providers, and sponsors may include the following:
- Information that you provide by filling in webforms on our Website. This includes information provided when creating an online account, purchasing our Products or Services, subscribing to our e-newsletters or other communications, requesting information from us, submitting or posting material (where permitted) on our forums, or interacting with customer support or service, report a problem with our Website, Products, or Services, or otherwise communicating with us.
- Membership application information
- Records and copies of your correspondence (including email addresses), if you contact us
- Registering for an event
- Your search queries on the Website
- When communicating with customer service/support
- Third party websites and mobile applications (e.g., websites that share information with us or advertising partners regarding online activities)
- Data suppliers (e.g., companies that provide demographics and other information regarding consumers)
- When making a donation via our Website
- On mobile applications (parent, subsidiary and affiliate brands)
- Fulfillment and delivery service providers
- Social media companies
- Other service providers
- Responding to employment opportunities
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including the following:
- Details of your visits to our Website, including, but not limited to, website traffic data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer, mobile device, and internet connection, including your IP address, operating system, browser type, clickstream patterns, the URL of the most recent website you visited before coming to our Website, the amount of time you spent on our Website, and the pages you viewed while on our Website.
Behavioral Tracking
We do not allow personalized third-party behavioral tracking, though we may use De-Identified Personal Information to track users’ click or browsing patterns. The information we collect automatically is statistical data and may include Personal Information, and we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver better and more personalized Products and Services, including, but not limited to, by enabling us to: estimate our audience/visitor size and usage patterns, store information about your preferences, allowing us to customize and improve our Website, speed up your searches, and/or, recognize you when you return to our Website.
Cookie Notice and Policy
The technologies we use for this automatic data collection may include cookies, local storage cookies, web beacons, pixel tracking, GIF, IP address, and other technologies. Each of these is discussed below.
Browser Cookies
Browser cookies are small files placed on the hard drive of your computer or mobile device. They may contain certain data, including, but not limited to: the name of the server that has placed it there, an identifier in the form of a unique number, and, an expiration date (some cookies only). Browser cookies are managed by the web browser (Internet Explorer, Firefox, Safari, Google Chrome, etc.) on your computer or mobile device. Different types of cookies which have different purposes are used on our Website.
Essential Cookies
Essential cookies are essential to allow you to browse our Website and use its functions. Without them, services such as shopping baskets and electronic invoicing would not be able to work.
Performance Cookies
Performance cookies collect information on the use of our Website, such as which pages are consulted most often. This information enables us to optimize our Website and simplify browsing. Performance cookies also enable our affiliates and partners to find out whether you have accessed one of our Website pages from their site and whether your visit has led to the use or purchase of a Product or Service from our Website, including the references for the Product or Service purchased. These cookies do not collect any information which could be used to identify you. All the information collected is aggregated, and therefore anonymous.
Functionality Cookies
Functionality cookies enable our Website to remember the choices you have made when browsing. For example, we can store your general geographic area (but not precise geolocation) in a cookie so that the Website corresponding to your geographic area is shown. We can also remember your preferences, such as the text size, font and other customizable aspects of the Website. Functionality cookies also may be able to keep track of the products or videos consulted to avoid repetition. The information collected by these cookies cannot be used to identify you and cannot monitor your browsing activity on sites which do not belong to us.
It is possible that you will come across third-party cookies on some pages of sites that are not under our control.
We also use cookies such as functionality cookies to implement tracking technology on our Website. This allows us to display advertising that is tailored to you on our Website, to understand which parts of our content interest you the most, and which Product or Service categories you request. This tracking uses De-Identified Personal Information data. Some of our service providers are allowed to place cookies on our Website. Those companies also may provide you with the option of preventing the use of cookies in the future. For more information, contact the relevant third-party provider.
At any time, you can prevent the use of cookies in the future. You may activate the appropriate setting in your browser to refuse to accept browser cookies. However, if you do, your experience on our Website may be affected; e.g., you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
Local Storage Cookies
Certain features of our Website may use local stored objects to collect and store information about your preferences and navigation to, from and on our Website. Local storage cookies are not managed by the same browser settings as are used for browser cookies.
Web Beacons
Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Pixel Tracking
In addition to using cookies, the Website may employ “pixel tracking”, a common process which may be used in connection with advertisements on other sites. Pixel tracking involves the use of pixel tags that are not visible to the user and consist of a few lines of computer code. Pixel tracking measures the effectiveness of advertisements and compiles aggregate and specific usage statistics. A “pixel tag” is an invisible tag placed on certain pages of websites that is used to track an individual user’s activity. We may access these pixel tags to identify activity and interests that may allow us to better match our Products and Services with your interests and needs. For example, if you visit our Website from an advertisement on another website, the pixel tag will allow the advertiser to track that its advertisement brought you to the Website. If you visit our Website, and we link you to another website, we also may be able to determine that you were sent to and/or transacted with a third-party website. This data is collected for use in our marketing, research, and other activities
GIF
We may use tiny images known as clear GIFs to track behavior of users, including statistics on who opens our emails
IP Address
Our servers (or those of our service providers) automatically record certain log file information reported from your browser when you access the Website. These server logs may 7 include information such as which pages of the Website you visited, your internet protocol (“IP”) address, browser type, and other information on how you interact with the Website. These log files are generally deleted periodically.
We also respond to the Global Privacy Control (“GPC”) signal. The GPC signal is a browser-level signal that can reflect the desire to opt-out of having personal information shared or sold. Some browsers allow transmission of GPC signal. By broadcasting this signal, We will not transmit your Personal Information to third parties who perform analytics services or who advertise to you based on this information. Please note that your use of our Website will still be tracked by us and our Service Providers who have agreed to limit their use of Personal Information.
Information We Collect from Third Parties
We may collect information that others provide about you when you use the Website, or obtain information from other sources and combine that with information we collect through the Website.
- Third Party Services. If you link, connect, or login to your account with a third party social media service (e.g., Facebook, Google, Instagram, Yelp, etc.), the third party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
- Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the Website through partnerships, or about your experiences and interactions from our partner ad networks. Other examples of such providers include, but are not limited to, backend processing, fulfillment, and automation, certification, video hosting platform, email management, authentication, form processing, website usage tracking, managing calendar invites and scheduling, and database hosting and management.
Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications, including advertisements, on the Website are served by third parties, including advertisers, ad networks and servers, content providers and application providers. First-party or third-party cookies may be used alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. A first-party cookie is a cookie set by the domain name that appears in the browser address bar. A third-party cookie is a cookie set by (and on) a domain name that is not the domain name that appears in the browser address bar. It might be set as part of a side resource load (image, JS, iframe, etc., from a different hostname) or an AJAX HTTP request to a third-party server. The information that first-party and third-party cookies collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services (i.e., tracking such activities). They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. More information on how to opt-out of third-party advertiser tracking mechanisms is available here.
Google Tools
We use tools provided by Google as described below.
- Google Analytics. We use, and some of our third-party service providers may use, Google Analytics (click for link to Google’s website) or other analytics service to help us understand the use of our Website and Services. Google Analytics is a web analysis service provided by Google. Google utilizes data it collects to track and examine the use of our Website to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. The Personal Information collected and processed may include cookies, usage data, and other internet information. Such service providers may place their own cookies in your browser. This Privacy Policy covers use of cookies by us only and not the use of cookies by third parties.
- Google AdSense Advertising. We use Google AdSense Advertising (or other search engine or display network advertising) on our website. Google’s advertising requirements and principles are available here. They are put in place to provide a positive experience for users. We have implemented the following: (a) Remarketing with Google AdSense and (b) Google Display Network Impression Reporting.
- Google Maps/Google Earth. We also use Google Maps (including the Google Maps API(s)) and/or Google Earth, which may, among other things, request access to your geolocation, and both of which are subject to their own terms of use and privacy policy.
- Google reCAPTCHA. We use Google reCAPTCHA, which identifies bots by collecting hardware and software information and sending that data to Google for analysis. More about Google reCAPTCHA is available here.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add-on.
Posting Content
You also may submit information, such as comments, reviews, testimonials, etc., to be published or displayed (“posted”) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “Content”). Your Content is posted and transmitted to others at your own risk. We cannot control the actions of other users of the Website with whom you may choose to share your Content. Therefore, we cannot and do not guarantee that your Content will not be viewed by unauthorized persons. By posting any Content or submitting Content for posting you agree to and do hereby grant us and our licensors, affiliates, partners, successors and assigns, a nonexclusive, perpetual, irrevocable, worldwide, sub-licensable, transferrable, royalty-free right and license to use, store, publicly display and perform, publish, transmit, transfer, distribute, translate, reproduce, rearrange, edit, redact, modify, aggregate, summarize, abstract, adapt, and create derivative works of the Content that you post or otherwise submit to us for any purpose, in any form, medium, or technology now known or later developed (“Right to Use”).
The Right to Use you grant us above also extends to any Content that you have posted to our Facebook or other social media account pages, or on other websites, e.g., Google, Yelp, Trip Advisor, Instagram, etc.
If we permit you to post Content, by posting any Content, or submitting Content for posting, you agree to with the following “User Content Posting Guidelines.”
To the extent our Website contains areas where you can post or submit to be posted Content such as comments, product reviews, testimonials, etc., you agree to post Content that is proper and related to the general theme of the Website. Content also includes that which you send to us by email, text, mail, or other means. You agree not to post or submit any Content that:
- Is off-topic, false, inaccurate, misleading, defamatory, libelous, stalking, threatening, obscene, pornographic, indecent, vulgar, offensive, which contains unlawful material or information, or which otherwise violate the legal rights (such as rights of privacy and publicity) of others;
- Harasses, degrades, intimidates, or is hateful toward an individual or group of individuals on the basis of religion, gender, sexual orientation or identity, race, ethnicity, age, or disability;
- Is not your own original creation or that you do not have permission to use or that infringes the copyright, trademark, patent, or other proprietary right of any person or that is used without the permission of the owner;
- Is intended to provide professional advice, including but not limited to, the provision of medical treatment, or legal, financial or investment advice;
- Promotes or provides instructional information about illegal or illicit activities;
- Purports to be from any person or entity, including but not limited to one of our employees, or falsely states or otherwise misrepresents your affiliation with a person or entity;
- Includes personal or identifying information about another person without that person’s explicit consent, or is doxxing or gaslighting;
- Contains malicious software code of any kind, including, but not limited to, code that contain viruses, malware, corrupted files, or any other similar software or programs designed to or that may interrupt, lock up, destroy, damage or limit the operation of another person’s computer or network or telecommunications equipment;
- Disrupts the normal flow of dialogue with an excessive number of messages (flooding attack) to the Website, or that otherwise negatively affects the ability of others to use the Website; or,
- Advertises or offers to sell any goods or services, or engage in surveys, contests, chain letters, or for any commercial purpose.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any Personal Information, for one or more of the following purposes:
- To present our Website and its contents to you.
- To provide you with information and respond to your questions on Products or Services that you request from us and information on new products and services, discounts, special promotions or upcoming events, and features or offers that we believe will be of interest to you.
- To provide you with the Products, Services, or information that you have requested.
- To process transaction payments, including, but not limited to, Product and/or Service fees, subscription fees, professional fees, membership dues, registration fees, voluntary contributions, and payments, refunds and reimbursements for any products or services that you choose to purchase from us (though we do not retain your credit or debit card number).
- To provide you with notices about your account, including expiration and renewal notices.
- To notify you about information regarding or changes to our Website, our policies, terms, or any Products or Services we offer or provide, or regarding your account.
- To process your account application and any changes to your account information.
- To process Personal Information or other information that you submit through to us.
- To allow you to participate in interactive features on our Website.
- To contact you about our own and third-parties’ products and services that may be of interest to you.
- For internal purposes, such as Website or Service and system operation, administration, maintenance, internal audits and reviews, diagnosing technical problems, and maintaining security.
- To provide statistics about the usage levels of the Website and other related information to our service providers.
- To notify you of data privacy incidents or provide you with legally required information.
- To request your participation in ratings, reviews, surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our Products and Services.
- To evaluate your performance on continued learning courses and assist you in the tracking of your progress.
- For examination or event registration, scheduling, event attendance, administration and related purposes.
- To fulfill any other purpose for which you provide Personal Information.
- In any other way we may describe and for which we obtain your consent when you provide the information.
We use cookies, clear gifs, and log file information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Website; (b) provide custom, personalized content and information; (c) monitor the effectiveness of our Services; (d) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (e) diagnose or fix technology problems reported by our users or engineers that are associated with certain IP addresses; and/or, (f) help you efficiently access your information after you sign in.
Text Messages
Our Services may include sending you Short Message Service (“SMS”) messages, which may deliver up to two messages per week to your wireless device (unless you communicate further with us), but message frequency may vary. We may use your information to contact you about attendance. You may remove your information by replying “STOP” to the SMS text message you received After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have been unsubscribed. Alternatively, you may submit your request by email to us, including the email address and phone number you registered with us, or by any reasonable means. After this, you will no longer receive SMS messages from us. If you want to join again, 11 just sign up as you did the first time and we will start sending SMS messages to you again. For help, please reply to a text with HELP. Message and data rates may apply, depending on your cell phone plan. Carriers are not liable for delayed or undelivered messages.
How We Share Your Personal Information
We may or do disclose your Personal Information, in whole or in part, to the following types of third parties, and for one or more of the following purposes:
- Data storage or hosting providers: To secure storage and transmission of your data
- Database and software service providers: The management and tracking of your data
- Payment solution providers: The Secure processing of payments you provide to us
Disclosures to Service Providers
We may share your Personal Information with third parties for the purpose of providing or improving the Services to you. We may share your Personal Information with third party service providers which perform services on our behalf (“Service Providers”). This includes, without limitation, Service Providers which provide services relating to: outbound and/or inbound communications, data analysis, managing information, creating, hosting, and/or providing customer or support services on our behalf, fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information from lists, providing search results and links, processing credit card payments, or managing our events. These Service Providers may have access to your Personal Information in order to provide these services to us or on our behalf. If we engage Service Providers for any of the foregoing, use of your Personal Information will be bound by obligations of confidentiality and their use of Personal Information will be restricted to providing their services to us. We may store Personal Information in locations outside our direct control (for instance, on servers or databases located or co-located with hosting Service Providers).
Required Disclosures
Except as otherwise described in this Privacy Policy, we will not disclose your Personal Information to any third party unless required to do so by law, court order, legal process (e.g., subpoena), including, but not limited to, in order to respond to any government, regulatory, or licensing request, or if we believe that such action is necessary to: (a) comply with the law, comply with legal process served on us or our affiliates, subsidiaries, service providers, or partners, or investigate, prevent; (b) enforce our Terms or customer agreement (including for billing and collection purposes); (c) take precautions against liability; (d) investigate and defend ourselves against any third-party claims or allegations or to investigate, prevent, or take action regarding suspected or actual illegal activities; (e) assist government enforcement agencies or to meet national or other security requirements; (f) to protect the security or integrity of our Website, Products or Services; or, (g) exercise or protect the rights, property, or personal safety of us, our users or others. We will attempt to notify you, where practicable, about these requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of harm to an individual or group, or create or increase a risk of acts of fraud done upon us or our users. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact if we determine in good faith that we are no longer legally prohibited from doing so and that no risk scenarios described in this paragraph apply.
Sale/Disclosure of Personal Information
No Sale of Personal Information
We do not disclose or share your Personal Information with any third parties for which we receive any monetary or other valuable consideration. In other words, we do not sell your Personal Information, period.
Disclosure of De-Identified Personal Information
We may share De-Identified Personal Information with third parties for any purpose. De-Identified Personal Information or non-Personal Information may be aggregated for system administration and to monitor usage of the Website. It may be utilized to measure the number of visits to our Website, average time spent, number of pages viewed and to monitor various other Website statistics. This monitoring helps us evaluate how visitors use and navigate our Website so we can improve the content. We may share De-Identified Personal Information or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties in any way we choose and for any purpose. We may disclose, sell, rent, etc., your De-Identified Personal Information to third parties and we may receive valuable consideration for doing so.
Your Consent to Disclosure/Transfer/Sale of Your Personal Information
You consent (and shall not object) to our disclosure, transfer, and/or sale of your Personal Information, De-Identified Personal Information, and other information you provide to us, as well as the rights you have granted or consented to in this Privacy Policy (collectively, “Transferred Information”) to a potential or actual buyer or acquirer of assets or equity of our company or other successor for the purpose of considering or undergoing a merger, divestiture, restructuring, reorganization, dissolution, change in control, or sale or transfer of some or all of our assets (each of the foregoing referred to as a “Transfer”), whether as a going concern or as part of bankruptcy, liquidation or other court proceeding, in which Personal Information held by us is among the assets transferred. We cannot make any representations regarding the use or transfer of Transferred Information that we may have in the event of our bankruptcy, reorganization, insolvency, receivership, or an assignment for the benefit of creditors. Furthermore, except as required by law, we are not and will not be responsible for any breach of security by any third parties or for any actions of any third parties that receive any of the Transferred Information that is disclosed to us.
Security
We have implemented technical, administrative, and organizational security measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, destruction, alteration and disclosure. Your Personal Information is contained behind secured networks and a firewall and is only accessible by our personnel and by a limited number of Service Providers who have special access rights to our systems, and who are required to keep the information confidential. Our Website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our Website safe.
Any payment transactions involving credit or debit cards will be performed using our third party payment processors or gateways, who will use appropriate security procedures designed to protect your information. We do not collect or store full credit card numbers.
Our agents, contractors, Service Providers, and partners who require access to your Personal Information in order to provide services to us or to you on our behalf are also required to keep the information confidential in a manner consistent with this Privacy Policy and are not permitted to disclose the information to third parties or use the information for any purpose other than to carry out the services they are performing for us, or as permitted pursuant to our agreement with them.
The safety and security of your information also depends on you. You should maintain good internet security practices. Where you have password-protected access to an account or certain parts of the Website or Services, you are responsible for keeping this password confidential. Please help keep your account safe by using a strong password, or, better yet, a strong pass phrase. You should not share your password with anyone. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or mobile device and browser by signing off after you have finished accessing your account. If your email account or Facebook account is compromised this could allow access to your account with us if you have given up those details and/or permitted access through those accounts. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. The information you share in public areas may be viewed by other users. We will never email you to ask for your password or other account login information. If you receive such an email, please send it to us so we can investigate.
You hereby release and forever discharge us and our affiliates, subsidiaries, officers, directors, employees, and agents, and their respective successors and assigns, and you will indemnify, defend and hold us harmless, from and against any liability, claim, or cost (including attorneys’ fees), arising directly or indirectly from any failure by you to maintain the security of your email or other accounts that directly or indirectly results in an unauthorized third party having access to such email or accounts or causes us to transfer funds based on instructions purporting to have originated from you (i.e., “wire transfer fraud” or “business email compromise” events).
Unfortunately, the transmission of information via the internet is not completely secure. Although we do use security measures designed to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to us or which we obtain. Any transmission of Personal Information is at your own risk. Unauthorized entry or use, or hardware or software failure, and other factors, may compromise the security of user information at any time. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or used with our Services.
Data Retention
In general, our retention Personal Information is reasonably necessary and proportionate to achieve the purposes for which the Personal Information was collected or processed, or for another disclosed purpose that is compatible with the context in which the Personal Information was collected, and not further processed in a manner that is incompatible with those purposes. The time period for which we retain your Personal Information depend on the purposes for which we use it. We will retain your Personal Information for as long as your account is active, or as long as you are a registered member or user of our Services or for as long as we have another business purpose to do so (such as, but not limited to, for business, tax, or legal purposes) and, thereafter, for no longer than is required or permitted by law, or our records retention policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide you with feedback or information you might request. This period of retention is subject to our review and alteration.
Following termination or deactivation of your user account, we may retain your profile information and all information posted to public areas of the Website. Following termination or deactivation of your user account, we may retain your Personal Information and other data, but will maintain it as confidential according to the Terms, this Privacy Policy, and as required by applicable law. We have the right to delete all of your Personal Information and other data after termination of your user account without notice to you.
We may retain De-Identified Personal Information for as long as we deem appropriate.
What Information You Can Access, Change, or Delete
Through your user account settings page, you may access and, in some cases, edit, or delete certain information you have provided to us, such as name and password, email address, address, user profile information, etc. The information that you can view, update, and delete may change as the Products, Website, Services or our practices change. If you have any questions about viewing or updating information we have on file about you, please contact us.
Notices; Opting Out
By providing us with your email address (you consent to our using the email address to send you Service-related notices by email, including any notices required by law (e.g., notice of data privacy or security incidents), in lieu of communication by postal mail. You also agree that we may send you notifications of activity regarding our Products, Services, the Website, your Personal Information, or any aspect of our relationship, to the email address you give us, in accordance with any applicable privacy settings. We may use your email address to send you other messages or content, such as, but not limited to, newsletters, additions or changes to features of the Service, or special offers. If you do not want to receive such email messages, you may opt out by emailing us your opt-out request or, where available, by clicking “unsubscribe” at the bottom of our e-newsletter. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or offers. You may not opt out of Service-related emails.
You can add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by emailing us. It is your responsibility to maintain your current email address with us.
Contact Information
If you have any questions about this Privacy Policy or our privacy practices, please contact us: by email at info@prisonyoga.org.
Where We Process and Store Personal Information
We have our headquarters in the United States. The Personal Information we or our service providers collect may be stored and processed in servers within or outside of the United States and wherever we and our service providers have facilities around the globe, and certain information may be accessible by persons or companies outside of the United States who provide services for us. You consent to our and our service providers’ transmission and/or transfer of your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take reasonable steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it.
If you are a resident or citizen of the UK, European Economic Area (“EEA”), or Switzerland, please see the section below on GDPR compliance.
If you are a citizen or resident of the UK, EEA, Switzerland, or other regions with laws governing data collection and use that may differ from the laws in the United States, please note that we may transfer your information to a country or jurisdiction that does not have the same data protection laws as your jurisdiction. We may do so to process your information by staff, contractors, or service providers operating outside the these countries who work for us.
If you are a resident of a country other than the United States, you acknowledge and consent to our (and our service providers) collecting, transmitting, processing, transferring, and storing your Personal Information out of the country in which you reside.
GDPR: The Following Provisions Apply only to Citizens and Residents of the United Kingdom, EEA, and Switzerland
The following provisions apply only if you are a citizen or resident of the UK, EEA, or Switzerland (collectively referred to in this section for convenience as the “EU Region”). For such citizens or residents, all processing of your Personal Information is performed in accordance with privacy rights and regulations, in particular, (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (“GDPR”, and which includes the UK’s similar law), and our processing will take place in accordance with the GDPR. For purposes of the GDPR, we will be the “data controller” of Personal Information (defined in the GDPR (available here) as “Personal Data”, but still referred to herein as Personal Information) we collect through the Website, unless we collect such information on behalf of a “data controller” in which case we will be a “data processor.” This Privacy Policy does not apply to websites, applications or services that do not display or link to this Privacy Policy or that display or link to a different privacy policy. For EU Region residents and citizens only, to the extent any definition in this Privacy Policy conflicts with a definition under the GDPR, the GDPR definition shall control.
We provide adequate protection for the transfer of Personal Information to countries outside of the EU Region through one or more of the following methods: (a) a series of inter-company agreements based on or incorporating the Standard Contractual Clauses, (b) we may rely on the European Commission’s adequacy decisions about certain countries, as applicable, (c) we may obtain your consent for these data transfers from the EU Region to the United States to other countries, (d) we may adopt binding corporate rules, or (e) to the extent applicable, we may rely on derogations as set forth in GDPR Article 49 for the transfer and onward transfer of Personal Information collected from individuals in the EU Region to the United States and other countries that the EU Region may view as not providing adequate data protection. Regarding method (e), we may transfer Personal Information to a third party to perform a contract with you, with your explicit consent or in a manner that does not outweigh your rights and freedoms. If this Personal Information is not processed and transferred, we will not be able to execute the contract with you or you will not have access to any or all the benefits and features associated with your transaction.
We also may need to transfer your Personal Information to other group companies or service providers in countries outside the EU Region. This may happen if our servers or suppliers and service providers are based outside the EU Region, or if you use our Products and/or Services while visiting countries outside these areas.
Our Legal Basis for Processing Personal Information (UK, EEA, and Swiss Visitors Only)
If you are a visitor using our Website from the UK, EEA, or Switzerland, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we need the Personal Information to perform Services for you for which you have contracted with us, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we also may have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.
The collection and processing of your personal information may be necessary for the purposes of our legitimate interests. Such legitimate interest purposes may include:
- Fraud prevention
- Ensuring network and information security
- Indicating possible criminal acts or threats to public security, including enhancing protection of our community against spam, harassment, intellectual property infringement, crime, and security risks of all kind, and enforcing legal claims, including investigation of potential violations of our Terms of Use
- When we are complying with legal obligations
- Processing employee or visitor, member, attendee, or registrant data
- Performing the function or service you requested of us
- Providing our Services and their functionality to you where such processing is necessary for the purposes of the legitimate interests pursued by us or by our service providers related to the Services
- Direct marketing
- The relevant and appropriate relationship we have with you
- Analytics, e.g., assess the number of visitors, page views, use of the Website, etc., in order to understand how our Website, Products and Services are being used, to optimize the Website and/or future communications, and to develop new services and Website features
- Updating your information and preferences
- Offering and improving our Website, Products, and Services
- Enforcing legal claims, including investigation of potential violations of our Terms
Your Data Rights Under GDPR
If you are subject to GDPR, your rights include the following:
- The right to access: Upon request, we will confirm any processing of your Personal Information and, provide you with a copy of that Personal Information in an acceptable machine-readable format.
- The right to rectification: You have the right to have us correct any inaccurate Personal Information or to have us complete any incomplete Personal Information.
- The right to erasure: You may ask us to delete or remove your Personal Information and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion).
- The right to restrict processing: You have the right to ask us to suppress the processing of your Personal Information but we may still store your Personal Information. See below for more information.
- The right to object to processing: You have the right to object to your Personal Information used in the following manners: (a) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); (b) direct marketing (including profiling); and, (c) processing for purposes of scientific/historical research and statistics. See below for more information.
- The right to data portability: You have the right to obtain your Personal Information from us that you consented to give us or that is necessary to perform fulfillment of member benefits with you. We will give you your Personal Information in a structured, commonly used and machine-readable format.
- Rights regarding automated decision making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except for the exceptions applicable under relevant data protection laws.
- The right to complain to a supervisory authority: You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Information relating to you infringes upon your rights.
- The right to withdraw consent: If we are processing your Personal Information based on your consent to do so, you may withdraw that consent at any time.
What is the legal basis?
We collect and process your personal information in compliance with the GDPR and the applicable EU laws.
Collection and processing is based on your consent Art. 6(1)a GDPR, Art. 4(11) GDPR
We will always ask for your consent to collect and process your personal information for the aforementioned specific purposes, unless the collection and processing of your personal information is permitted by statutory laws. Where you have provided us with your consent to the collection and processing of your personal information for the aforementioned specific purposes, you have the right to withdraw your consent at any time.
Collection and processing is necessary for taking steps prior to enter into a contract: Art. 6 (1)b GDPR
The collection and processing of your personal information may be necessary for the performance of a contract to which you may be a party. Prior to entering into such contract, the collection and processing of your personal information also may be necessary in order to take steps at your request. This applies for installation and the use of our extension as well as any payment processing in connection with donations.
Collection and processing is necessary for the purposes of our legitimate interests: Art. 6 (1)f GDPR
The collection and processing of your Personal Information may be necessary for the purposes of our legitimate interests. Such legitimate interest purposes may include:
- Fraud prevention
- Ensuring network and information security
- Indicating possible criminal acts or threats to public security, including enhancing protection of our community against spam, harassment, intellectual property infringement, crime, and security risks of all kind, and enforcing legal claims, including investigation of potential violations of our Terms
- When we are complying with legal obligations
- Processing employee or visitor, member, attendee, or registrant data
- Performing the function or service you requested of us
- Providing our services and their functionality to you where such processing is necessary for the purposes of the legitimate interests pursued by us or by our service providers related to the services
- Direct marketing
- The relevant and appropriate relationship we have with you
- Analytics, e.g., assess the number of visitors, page views, use of the Site, etc., in order to understand how our Site and services are being used, to optimize the Site and/or future communications, and to develop new services and Site features
- Updating your information and preferences
- Offering and improving our services
Privacy Notice for Colorado Residents
Residents of Colorado have certain rights, many of which are described elsewhere in this Privacy Policy. Such rights include the following:
- Right to Access Information. You have the right to access information practices. Much of the information you are entitled to access is disclosed in this Privacy Policy. You also have the right to access the categories of Personal Information we collect, with whom we share that information, and, in some cases, what specific Personal Information we associate with you or your account (where applicable).
- Right to Data Portability. If you request a copy of your specific information then we will provide it in an easily accessible format.
- Right to Deletion or Erasure. You may request that we delete the personal information we have collected about you. Depending on the applicable law, in some cases we are required or permitted to retain your information, even if you validly requested we delete or erase it.
- Right to Correct Information. You may request we correct or rectify inaccurate information we have collected about you.
- Right to Withdraw Consent. You may withdraw your consent to our data privacy practices.
- Right to Non-Discrimination. You have the right to not experience discrimination from us for exercising the rights listed in this section.
- “Opt Out” of Sales: As permitted by applicable law, we may share your Personal Information for monetary or other valuable consideration (under Colorado law, this is considered a “sale”). You may opt out of such a “sale” of your Personal Information to third parties. You can exercise your right to opt-out by emailing us (see our contact information below).
Data Access and Portability Right
You have the right to request no more than twice in a 12-month period that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable Consumer request, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request) and provide a copy to you in an electronic or paper format.
- If we disclosed your Personal Information for a business purpose, a list disclosing disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Right
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable Consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies (as described below).
As permitted by Colorado law we may delete your Personal Information by (a) permanently and completely erasing the Personal Information on our existing systems with the exception of archived or back-up systems; (b) de-identifying the Personal Information; or, (c) aggregating the Personal Information.
We may deny your deletion request if retaining the information is necessary for us or our Service Provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Correct Products, Services, or our Website to identify and repair errors or issues that might impair existing or intended functionality.
- Exercise free speech, ensure the right of another Consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal, regulatory or law enforcement obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
For Colorado residents only, if we deny your request, you may appeal our decision by submitting an appeal request. Please refer to the communication you received from us denying your request for additional information you may need to provide in making you appeal request. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to your appeal. If the appeal is denied, you may file a complaint with the Colorado Attorney General using their webform available at https://coag.gov/file-complaint/.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to us by sending an email to us at info@prisonyoga.org. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your Personal Information. You also may make a verifiable Consumer request on behalf of your minor child. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. The verifiable Consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable Consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Verification Process
- Email Verification Method: Upon receiving a data access or deletion request from you we will send an email to you at the email address we have for you on file. The email will ask you to respond to verify you as the Consumer making the request. Upon receipt of your verification we will match your information to that which is in our file. Upon verification of your identity we will proceed to process your request (subject to the exceptions stated above).
- Webform Verification Method: When you submit a request using our webform (available here) we will match the information you submitted with the information we have for you on file. Upon verification of your identity we will proceed to process your request (subject to the exceptions stated above). We may not be able to comply with your request if (a) we are unable to verify your request, (b) if we are unable to match you with information in our database, or (c) if an exception under the law exists exempting us from complying with your request.
Response Timing and Format
We will confirm receipt of your request within ten (10) days of receiving it. We will respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up 21 to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable Consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable Consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Please note that this right does not apply if the disclosure of Personal Information is for purposes consistent with the California resident’s reasonable expectations, when considering the submission’s circumstances.
Non-Discrimination
We will not discriminate against you simply for your exercising any of your legally available rights.