Data Security Policy for Coastal Neighbors Network (eff. Oct 2020)
Data Protection
Coastal Neighbors Network will never sell or otherwise share your personal data with anyone except as necessary to fulfill your explicit requests. Data protection is an ongoing process and Coastal Neighbors will continue to be proactive about safeguarding your data. Before launching our organization in September 2017, we began working with Helpful Village Inc., which developed the software we use for our website. Its commitment to data protection and security continues to be outstanding. Helpful Village follows the highest level of industry standard data security protocols, which includes standards compatible with the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulations (GDPR) developed and agreed to by the European Union. These standards will ensure the privacy and security of protected personal information that may be stored in our database. In addition, the Coastal Neighbors Network Board, volunteers, and partners (third parties) sign confidentiality agreements to ensure that any data in our system is handled with proper privacy protocols outlined in these regulations (GDPR and HIPAA).
Coastal Neighbors Network Use of Third Parties in Business Activities
Coastal Neighbors Network does work with some third parties in the course of running our organization. At times, these companies require pieces of information from our system to complete their tasks. This does not mean that we share all your data if the company requires just your phone number or your address for example. Be assured that Coastal Neighbors will hold your data private to the extent possible, even when working with third-party companies. Currently, the third parties we work with and the nature of our relationships are listed below.
- Helpful Village, Inc – Software Development company hosting our website
- Stripe, Inc. – A credit card processing company we use for online payments
- UMass Dartmouth School of Nursing – A partnership for clinical practice sessions with members
- Congregational Finance, LLC – A local company we use for accounting & tax purposes
Users Rights
- Users have the right to view and update their personal & contact information and payment history stored in our database.
- Users have the right to be excluded from marketing lists.
- Users have the right to be FORGOTTEN (members & nonmembers).
- Users have the right to complain to the local Data Processing Authority.
How Does My Information Get Into the Database?
When you visit our website to complete some actions, such as registering for an event, you will be asked to agree to our privacy policy. Currently, the data we store on our website includes such things as your name, address, phone and email. If you are a member of or volunteer for Coastal Neighbors, additional data is stored in the system, such as emergency contact details and other items related to your involvement with Coastal Neighbors activities. You may be asked to consent to the following items:
- Allow us to collect and store in our system the information just described above
- Agree to receive communications from us
- Allow us to share some of your information with the third parties (described above) as
- required to do business
Data Handling
Coastal Neighbors Network is responsible for assuring all the personal data in our software system is processed with adequate security to minimize the loss, misuse, unauthorized access or disclosure of the data including when processing the data over a network, on personal computers or in printed materials. All Coastal Neighbors staff, volunteers, board members, committee members and advisors must sign confidentiality agreements and are required to be informed of and to honor the data handling policy.
Data Handling Definitions and Descriptions
- Data items
- Formats
- Transfer Methods
- Locations
- Accountability
- Access
- Lawful Basis
What kind of data is being processed and what category does it fall into? (Confidential, Sensitive, Public)
| Pictures | Sensitive |
| Name & Address | Sensitive |
| Birthdate, death date | Confidential |
| Phone & email | Confidential |
| Donations, payments | Confidential |
| Coastal Neighbors activities | Public |
| Correspondence | Sensitive & Confidential |
| Dr contact info | Sensitive |
| Next of kin contact info | Confidential |
| Member needs or alerts | Confidential |
| Employment status | Confidential |
| Service requests & evaluations | Sensitive |
| Volunteer drivers license & insurance information | Confidential |
| Volunteer vacation dates | Confidential |
| Volunteer CORI reports | Confidential |
| Reduced fee members income data | Confidential |
| Member & Volunteer application forms | Confidential |
Bank and financial data
| Payroll details | Sensitive |
| Bank Statements | Sensitive |
| Tax returns | Confidential |
| Budgets & Financial statements | Confidential |
| Financial reports | Sensitive & Confidential |
| Donor information | Confidential |
| Correspondence | Sensitive & Confidential |
Committees and Board Data
| Financial reports | Confidential |
| Minutes | Sensitive & Confidential |
| Fundraising reports | Confidential |
| Social activites | Sensitive |
| Member & volunteer information | Sensitive & Confidential |
| Donor information | Confidential |
| Payroll information | Confidential |
| Employee information | Sensitive & Confidential |
| Employee applications | Confidential |
In what format does Coastal Neighbors store data (hardcopy, digital, database, mobile phones, etc.)?
Hardcopy
Digital (both on servers & local hard drives)
Mobile phones
How does Coastal Neighbors collect data and share it, both internally and externally?
Collected both electronically & hardcopy
Shared electronically & hardcopy
What locations re involved within the data flow (offices, the Cloud, third parties, etc.)?
Servers
Local computers (desk tops & laptops)
Email
Cloud for servers & for those who backup to the cloud & Google docs
Who is accountable for protecting the personal data? Often this changes as the data moves throughout the organization.
Volunteers & committee members
Board members
Executive Director
Who has access to the data in question?
Only those listed below who have signed confidentiality agreements with Coastal Neighbors Network:
Volunteers & committee members
Board members
Executive Director
What is the lawful basis used for processing the personal data?
Coastal Neighbors Network, Inc. uses personal data to run its operations, including providing services for members, maintaining accurate and complete financial records, fulfilling its legal obligations in accordance with laws pertaining to non-profits, promoting the village in the general community, strengthening and growing the organization, and communicating with you about news and activities.
Only authorized administrators appointed by Coastal Neighbors Network have access to confidential personal and financial information on members. We use this information for the following purposes:
-
To provide and maintain our services
-
To help us improve our products and services
-
To manage the performance of our database
-
To perform accounting and billing activities
Coastal Neighbors Network, P.O. Box 80073, Dartmouth, MA 02748
508.556.4004 - [email protected]