(Effective April 2022)
WHAT IS PERSONAL INFORMATION?
If the policies and procedures outlined in this document do not address a specific situation, individuals are advised to contact the Academy’s Privacy Officer for guidance or clarification.
WHAT PERSONAL INFORMATION DO WE COLLECT?
The Academy collects and uses only the personal information that we need for providing services and operating our business. Generally, the Academy collects the following personal information from individuals for the various purposes set out below:
When using our website www.mckenna.academy (the “Site”) donating, ordering products or registering for event, you may be asked to enter your name, email address, mailing address, phone number, credit card information or other relevant details, which we collect to enhance your experience of our Site, to accept your donation or provide you with products or event registration. We may also collect information you have shared, such as general feedback, comments, or questions and requests to receive periodic updates via our online e-newsletters or other means.
HOW DO WE COLLECT INFORMATION?
We collect information from you whenever you submit information to us, including making a donation, placing an order, registering for an event, subscribing to our newsletter, providing your contact information such as email address, responding to a survey or marketing communication, or otherwise interacting with us or entering information on our site. We also collect certain information automatically, such as IP addresses, when you visit our Site. See Cookies below.
WHY DO WE COLLECT YOUR INFORMATION AND HOW DO WE USE IT?
We normally collect information directly from our customers and donors. We may collect your information from other persons with your consent or as authorized by law. Before or at the time of collecting personal information, we identify the purposes for which we are collecting the information. We do not provide this notification when personal information is volunteered for an obvious purpose. If we wish to use or disclose your information for a new purpose not included in this policy, we will notify you and seek your consent, unless such disclosure is allowed without consent under the law. We use the collected data for various purposes, including to:
- Establish your identity,
- Understand your needs for, and determine your suitability for, products and services,
- Provide services to you and process payments for your account,
- Manage the Academy’s business and operations, including customer relationships and matters,
- Meet legal and regulatory requirements;
- Better understand an individual’s interests in our products and services,
- Deliver, develop, enhance or improve products and services,
- Provide warranties for products and services,
- Enforce our legal relationship with you,
- As is necessary in contemplation of a business transaction,
- Respond to your requests
- Communicate with you concerning your account
- Adhere to applicable legal requirements, and
- In the event you have provided consent to do so, to send you periodic emails regarding other products and services which may be of interest to you (which you may unsubscribe to at any time).
Each time you visit our Site we gather the date, time, browser type, name of the visitor’s Internet service provider, the site that referred the visitor to us, any pages that are requested, the navigation history and IP address of the visitor. The foregoing information does not generally contain anything that can identify users personally. If you object to this gathering of information, you should not use or access our Site. We use this information for our internal security audit log, trend analysis and system administration, and to gather broad demographic information about our user base for aggregate use. This information may be shared with third parties in order to provide services to us or to analyze, store or aggregate the information.
To the extent that our Site contain links to other sites, the owners of those sites are responsible for the privacy practices or content of those other sites. We do not endorse and will not be responsible for the privacy practices on third party websites.
As with almost all websites, temporary log files are kept which identify some information about our visitors, including the IP addresses of machines that access the site. Our Web logs are not available to the public. These logs allow website administrators to see how many people visit, how many pages have been accessed, which pages are accessed most frequently, and which links are leading people to the site.
Standard logs (including ours) also track which pages are visited by each IP address. This information is important for us to have because it allows us to catch "denial of service" attacks (for example, individual computers accessing hundreds of thousands of pages per day). We take great care to make sure this information cannot be used to compromise the privacy and security of our visitors.
Ordinarily we ask for consent to collect, use or disclose personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
You may withdraw consent to the use and disclosure of personal information at any time, unless the personal information is necessary for us to fulfil our reasonable business or legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information.
The purpose for collecting personal information is set out in this policy. Any necessary consent shall be obtained before personal information is collected, used or disclosed.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent orally (in person, by telephone), in writing (by signing a consent form), or electronically (by clicking a button).
In cases that do not involve sensitive personal information, we may rely on “opt-out” consent.
The amount and type of personal information collected by the Academy shall be limited to what is necessary to fulfill the identified purpose. Personal information shall only be used or disclosed for the purposes for which it is collected. Exceptions may be made with the consent of the individual or if authorized or required by law.
Personal information collected by the Academy or on behalf of the Academy will be sent to the Academy’s head office in California and will be subject to the laws of the United States. We also send and store personal information on servers in Portugal.
WHAT DO WE DO WITH YOUR INFORMATION?
Your information will only be used by the Academy for the purposes outlined above under “Why Do We Collect Personal Information and How Do We Use It?”. We will not disclose your personal information to any third party, except as set out below.
We may publish donor names to recognize donor support and they may be made available for viewing online. We honor requests from donors who prefer to give anonymously and safeguard such preferences along with stored donor contact information.
Third Party Services
Our service providers/subsidiaries in the United States and Portugal collect, use or disclose your personal information for the following purposes:
- data storage services,
- marketing services including the notification of new products and services special offers, some customer support services,
Whenever we engage a third party service provider to do work for us, we confirm that its privacy and security standards meet our requirements.
Important Notices to Non-U.S. Residents
We may be involved, from time to time, in transactions to sell parts of our business or assets or merge with other businesses. Since our customer information may be part of such transactions, we may use or disclose this information to other parties involved in the transaction. In such cases, the information that is shared is limited to what is necessary to accomplish the transaction, and we take appropriate steps to protect the information from improper use or disclosure.
There are exceptions where we may collect, use or disclose personal information without consent when required or permitted by law.
From time to time, we may be compelled by legal action to release information (e.g., statutory reporting obligation, search warrant, court order, bankruptcy or insolvency proceedings etc.). In certain circumstances, we may also be permitted by law to collect, use or disclose information without the consent of the individual concerned. For example, we may disclose personal information without consent if it is to be used in an emergency that threatens the life, health or security of the individual, or when collecting unpaid amounts owed or owing to us, to other businesses in order to investigate a breach of an agreement or a contravention (or anticipated contravention) of a federal or provincial law where it is reasonable to expect that obtaining the consent from the individual for the disclosure would compromise the investigation. For the purposes of detecting or suppressing fraud we may also disclose personal information without consent to a government institution or to the individual’s next of kin or authorized representative if there are reasonable grounds to believe that the individual has been the victim of “financial abuse,” and where it is reasonable to expect that obtaining the consent from the individual for the disclosure would compromise the ability to prevent or investigate the abuse. We may also make limited disclosure of personal information to an organization or government institution without the individual’s consent in order to reduce the risk or mitigate the harm resulting from a breach.
We do not sell, or trade your personal information to outside parties.
HOW DO I OBTAIN ACCCESS TO MY PERSONAL INFORMATION?
Upon request received by the Academy in writing, individuals shall be informed of the existence, use, and disclosure of their personal information records and shall be given access to that information. Requests to access personal information held by the Academy should be directed to the Academy’s Privacy Officer. We are also happy to delete your information from our database, in accordance with the "right to be forgotten." However, we are not required to comply with your request to erase personal information if the storage or disclosure of your personal information is necessary for compliance with a legal obligation and/or the establishment, exercise, or defense of legal claims.
LIMITATION TO ACCESS
The Academy will only refuse access to information about you in those circumstances permitted or required by applicable privacy legislation.
In the event that the Academy refuses to provide access to information, it will provide you with the reasons for its refusal upon request. Exceptions may include information that contains references to or opinions of other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. The Academy will respond to your requests for access in accordance with applicable privacy legislation.
SECURITY OF PERSONAL INFORMATION
Personal information will be retained only as long as necessary and will be disposed of in a manner that is appropriate to the sensitivity of the information. We render client personal information non-identifying, or destroy records containing personal information once the information is no longer needed. We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.
We take commercially reasonable steps to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail may not be secure, and you should, therefore, take special care in deciding what information you send to us via e-mail.
To help prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
All online donation transactions are handled by Payment Card Industry (PCI)-compliant vendors. PCI refers to the technical and operational standards that businesses must follow to ensure that credit card data provided by cardholders is protected. Personal information will be protected by security safeguards, appropriate to the sensitivity of the personal information.
If you are a visitor from the European Economic Area and/or to the extent required by applicable law, you have the following additional data protection rights:
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. Withdrawal of your consent may make it impossible to provide certain services to you. To make such a request contact our Privacy Officer: email@example.com
- You have the right to access your personal information, request correction of your personal information and information on to whom your information has been disclosed. To make such a request contact our Privacy Officer firstname.lastname@example.org
- You have the right to lodge a complaint with an applicable privacy commissioner. You have the right to lodge such a compliant in the province of your habitual residence.
We reserve the right to limit the rights described above at any time where permitted under applicable law, including where your identity cannot be reasonably verified by Miller or to the extent your rights adversely affect the rights and freedoms of others.
You can exercise any of the foregoing rights by contacting us using the contact details provided under the How To Contact Us section below.
If you are not satisfied with the response from our Privacy Officer after making a complaint, you may have recourse to additional remedies under applicable privacy legislation.
COPPA (Children Online Privacy Protection Act)
We do not specifically market to children under the age of 13 years old. Should you become aware of anyone under the age of 13 years using our Site please let us know.
How to Contact Us