The privacy and security of information you provide to the HSCG is of utmost importance to us. This policy clarifies what information the HSCG keeps and how it may be utilized.
When you visit our website and view pages, we might collect the following information..
Statistical Information: We do keep statistics of how many people visit our site, where they came from, and other such data, but nothing in that data uniquely identifies any individual. The statistical information gathered is used to review and improve our website.
Mailing List: If you sign up receive any of our newsletters, we will need your email address and give you the option to provide additional information if you choose. The information you provide will not be used for any purpose other than the one(s) you have authorized. (See more about mailing lists and security of information, below).
Special Requests: If you make a special request using the form provided, the information you submit will be kept in the HSCG database. Your request will be made available to members so they can answer, however your personal contact information will NOT be given out (we use an internal mailer so the members never actually see your contact information). If you choose to respond to any member who answers your request, you can then send him/her your contact information, if you choose to do so.
Registration: If you register on our website, we will collect enough personal information about you to provide you with the service(s) you request. The information you provide will be kept confidential and will not be used for any purpose other than the one(s) you have authorized. (See more about mailing lists and security of information, below). Once registered, you will have the ability to update your contact information, change your log-in information or unregister.
All personal information supplied by current, past or potential members is considered confidential and will not be released or used for any purpose other than to contact the member and/or fulfill the HSCG's obligations to provide services to the member. Such services may include mail, email or phone contact, forwarding information to in broker providing insurance to our members, generating lists of Conference attendees, etc. In no case will contact information be given to any person or entity for any non-HSCG related activity.
Members may opt to include some or all of their contact information in online listings. The information so provided is public information (since it is displayed on the HSCG website) and may be given out to others if requested. However, the HSCG will never give or sell lists of published Vendors or Soapmakers for non-HSCG activities (even though the names are publicly displayed). The HSCG actively discourages anyone from attempting to compile or use such lists.
Sensitive business or financial information may be collected when a member signs up. Such information is treated as confidential information and is stored securely with limited access. This information may be used to compile statistical analyses and reports, but we do not publish names of any individuals or any otherwise identifiable information. Anyone compiling such reports for the HSCG may, in the course of doing so, become aware of details about a specific person or business, but is obligated under HSCG policy not to write, note or copy the information or discuss any such details with any person for any reason (see below).
When you make a purchase through the HSCG store, you provide us with the information necessary to deliver the products and/or services to you. Credit card information is not collected by the HSCG; payments by credit card are completed through a secure, external service. When an order is placed by phone or fax, we must take the credit card information in order to process the order. Any record of the credit card number is securely destroyed once the transaction is completed.
We use Constant Contact, an outside email service, to maintain our mailing lists and send email updates (HSCG eNews). Every email you receive from us will give you the option view your subscription information and to "unsubscribe".
Third Party Data Collection
We use some third-party applications which collect personal information about the people on our mailing list and our website visitors.
As mentioned, we use Constant Contact for maintaining our mailing lists and sending email updates to our email subscribers. Constant Contact collects and shares with us information about which emails individual users have received, if they were opened, and if any of the links were clicked. If you click the unsubscribe link in any of our emails, Constant Contact is responsible for processing these requests and automatically removing you from the email subscriber list.
We have installed Google Analytics on our website, which tracks website visitors’ browsing activities. Information collected includes a visitor’s browser, operating system, and location. The data retention period for data collected through Google Analytics is currently set for 38 months.
We do not use Google AdSense or Google Adwords (both of which would track users) on our website or other websites. We also do not use the UserID capabilities of Google Analytics and do not attempt to connect any Google Analytics information to our database.
Clicky (www.getclicky.com) is another analytics program that we use. It collects information on website visitors, such as page views, and tracks traffic through our website. Information collected includes the user’s browser, operating system, and location. Clicky can also track pages a visitor viewed before an identifiable action (such as an online purchase).
In order to keep track of the status of individuals who have logged into our website or who have initiated a store, we use website SESSIONS which place a cookie on the user’s computer. The cookie is only used for the existing session and expires in about 4 hours (or when the user logs out). We do not use the cookie to track any other information.
In order to make repeated logins to our site easier, you have the option to check the "Remember Me" box at login. If you check the box, we place a cookie on your computer so you will be recognized when you return to the website.
At this time HSCG does not place any other cookies on a user’s computer. Constant Contact, Google Analytics, and Clicky might place cookies on a user’s computer.
Notice of Rights with Respect to Personal Data
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (the "GDPR") with respect to information HSCG collects that, alone or in combination with other information we collect, can be used to identify you (such information being "personal data"):
Right to Information Regarding the Processing of Your Personal Data: You have the right to obtain the following information:
- confirmation of whether and where we are processing your personal data
- information about the purpose of the processing of your personal data
- information about the categories of personal data being processed
- information about the existence of, and an explanation of the logic involved in, any automated processing of your personal data that has a significant effect on you
- information about the categories of recipients with whom your personal data may be shared; and
- information about the period for which your personal data will be stored or the criteria used to determine that period.
Right to Access to Your Personal Data: You may request a copy of your personal data that we, or our third-party processors, collect and maintain. Similarly, you have the right to, when technically feasible, have your personal data transferred to another entity to determine the purpose and means of processing your personal data.
Right to Have Errors Corrected: You have the right to rectification of inaccurate personal data. If you notify us that any of your personal data is inaccurate or incomplete, we have the responsibility to, either directly or through our third-party processors, ensure that such personal data is erased or corrected.
Right to Have Personal Data Erased or Processing Restricted: You have the right to have your personal data erased when (i) the personal data is no longer needed for its original purpose and no new lawful purpose exists; (ii) the personal data is being processed based solely on your consent and you withdraw your consent; or (iii) the personal data is being processed unlawfully. Similarly, you have the right to limit our use of your personal data when (i) the personal data is no longer needed for its original purpose, but we still need to maintain the personal data to establish, exercise, or defend legal rights; (ii) the personal data is being processed unlawfully; or (iii) the accuracy of the personal data is contested, but then our use of the personal data is restricted for only so long as it takes to verify the accuracy of the personal data.
Right to Object to Processing of Your Personal Data: You have the right to object to our processing of your personal data if the basis for that processing is (a) public interest; or (b) our own legitimate interests in doing so. Additionally, you have the right to object to the processing of your personal data for the purpose of direct marketing or statistical purposes.
Right to Lodge a Complaint with a Supervising Authority: You have the right to lodge a complaint concerning the processing of your personal data with your country’s independent public authority designated to act as its data protection "supervising authority" under the GDPR.
Right to Withdraw Consent to the Processing of Your Personal Data: You have the right to refuse to consent to, and to withdraw your consent to, the processing of your personal data. To the extent we rely on your consent to collect and store your information, when you withdraw such consent we must cease collection and retention of such information. Note, however, we do not require your consent to collect or otherwise process your personal information if (a) such information is not personal data or (b) such information is personal data and we have another lawful basis for processing the information (for instance, the information is needed to enter into or preform under a contract with you).
Responses to your requests to us regarding your personal data will be provided free of charge (including copies of materials), except that we may charge a reasonable fee for any repetitive requests, manifestly unfounded or excessive requests, or further copies. Similarly, we may refuse to act upon requests that are manifestly unfounded or excessive.
Unless otherwise stated above, we keep any information collected until the user requests that it be destroyed or we determine that it is no longer needed for legal, statistical or other record-keeping purposes.
Security of Information
In the course of performing duties for the HSCG, some individuals may have access to sensitive information. Therefore, any HSCG Board Member, employee, sub-contractor, consultant or volunteer must comply with HSCG Policy "Privacy Procedures" which includes the following guidelines:
- No paper documents with sensitive information may be kept any longer than absolutely needed, and when kept, must be stored securely.
- All paper documents containing sensitive information must be shredded or burned (not tossed in the trash) once they are no longer needed.
- No credit card information may ever be sent by email, under any circumstances.
- When viewing sensitive information online, appropriate security precautions should be taken, including an up-to-date firewall, especially when viewing documents through a public network (as in a hotel or library).
- Reasonable precautions must be taken to protect any sensitive information on a personal computer, including password protecting access to the area, making the computer files inaccessible to others (file sharing), etc.
- Any electronic files on a local computer containing sensitive or personal information must be deleted after work is complete and the recycle bin emptied on a regular basis.
- No private or sensitive information may be discussed with any unauthorized person for any reason.
In the event a Board Member, employee, sub-contractor or volunteer discovers that any sensitive information in their control has fallen into unauthorized hands, the matter must be reported to the Executive Director immediately.
How to Contact Us
184 Edie Rd Ste A,
Saratoga Springs, NY 12866
Telephone number: (518) 306-6934