The Church of the Nazarene Inc.
17001 Prairie Star Parkway
Lenexa, Kansas 66220 USA
Phone: (913) 577-0500 (country code “1” for those dialing outside of the U.S.) E-mail firstname.lastname@example.org
Inquiries regarding personal data protection, privacy, and security matters may be submitted to email@example.com.
Most of our services do not require any form of registration, allowing you to visit our website without telling us who you are. However, some services may require you to provide us with personal data. In these situations, if you choose to withhold any personal data requested by us, it may not be possible for you to gain access to certain parts of the website and/or for us to respond to your query.
We may collect data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. The source of the usage data is our cookies tracking system.
We may process your account data ("account data"). The account data may include your name and email address. The source of the account data is yourself.
We may process your information included in your personal profile on our website ("profile data"). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details, and employment details.
We may process information that you submit for publication on our website or through our services ("publication data").
We may process information relating to our customer relationships, including customer contact information ("customer relationship data"). The customer relationship data may include your name, your contact details, and information contained in communications between us and you. The source of the customer relationship data is you.
We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data").
We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
Usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
Account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases, and communicating with you. The legal basis for this processing is consent.
Profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business, or the performance of a contract between you and us, and/or taking steps, at your request, to enter into such a contract.
Publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is consent.
Customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications, and promoting our products and services to customers. The legal basis for this processing is our legitimate interests, namely the proper management of our customer relationships.
Notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights, and the legal rights of others.
In addition to the specific purposes for which we may process your personal data, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Financial transactions relating to our website and services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments, and dealing with complaints and queries relating to such payments and refunds.
EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent, or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information given above.
In order to enter into a contract or subscription regarding The Church of the Nazarene Inc., you must provide us with the required personal data. If you do not to provide us with all the required information, it will not be possible to deliver the requested service.
California Online Privacy Protection Act Compliance
Because The Church of the Nazarene Inc. values your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 7.
As part of the California Online Privacy Protection Act, all subscribers of our website may make any changes to their information at any time by logging into their account and navigating to the “profile page.”
Children’s Online Privacy Protection Act Compliance / GDPR child data protection rights
The Church of the Nazarene Inc. is in compliance with the requirements of the Children’s Online Privacy Protection Act. We will not intentionally collect any information from anyone under 13 years of age. Our website, products and services are all directed at people who are at least 13 years old or older.
The Church of the Nazarene Inc. implements the following technical, physical, and organizational measures to maintain the safety of your personal data against all unlawful forms of processing, including but not limited to: accidental or unlawful destruction or loss of data; alteration of data; unauthorized use of data; unauthorized modification, disclosure, or access of data.
No personal data is stored permanently on outside data servers. The physical security is thereby maintained by The Church of the Nazarene Inc. by using card readers, security cameras, and other measures.
All data transits are encrypted to align with best practices for protecting confidentiality and data integrity. For example, all supplied credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.
All personnel are subject to full confidentiality. Whenever personal data is accessed by authorized personnel, the access is only possible over an encrypted connection. Any device being used to access personal data is login-protected by Active Directory (AD), Microsoft-based identity and access management service, and has The Church of the Nazarene Inc.’s corporate antivirus solution installed. If any personal data is temporarily stored on a device, the storage unit on the device must also be strongly encrypted.
The Church of the Nazarene Inc. will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured, and used.
All access to personal data is blocked by default, using a “zero privileges” policy. Access to personal data is restricted to individually-authorized personnel. The Church of the Nazarene Inc. issues authorizations and maintains a log of granted authorizations. Authorized personnel are granted a minimum access on a need-to-have basis through our AD.
The ability to intervene
The Church of the Nazarene Inc. enables your rights of access, rectification, erasure, and objection through contact with our help desk at firstname.lastname@example.org
Personal Data breach notification
In the event that your data is compromised, The Church of the Nazarene Inc. will notify you and relevant Supervisory Authority(ies) within 72 hours by email with information about the extent of the breach, affected data, any impact on the service, and The Church of the Nazarene Inc.’s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the service.
The Church of the Nazarene Inc. does not sell, trade, or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to- know basis and will be contractually obligated to keep your information confidential.
We may also release your information when we believe it is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
Subcontractors/trusted third parties
The Church of the Nazarene Inc. will monitor subcontractors’ and sub- processors’ maintenance of these standards and audits to ensure that data protection requirements are fulfilled.
Any intended changes concerning the addition or replacement of subcontractors or sub-processors handling personal data will be announced to you with at least three (3) months’ notice. You retain at all times the ability to object to such changes or to terminate the contract with The Church of the Nazarene Inc.
Legally required disclosure
The Church of the Nazarene Inc. will not disclose customer data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from The Church of the Nazarene Inc., The Church of the Nazarene Inc. strives to limit the disclosure. The Church of the Nazarene Inc. will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, The Church of the Nazarene Inc. will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
Occasionally, at our discretion, we may include links to third-party products or services on our website. These third party websites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.
All data will be transferred to, stored, backed up, and/or recovered by The Church of the Nazarene Inc. or their contractors in the United States.
Personal data location
All data is stored in privately-operated databases and file repositories.
Databases are backed up to enable restoration to any point in time within a retention period. Backups are stored on file storage at the same geographical location as the database.
Installation of software
No installation of software is required to use the Service. The login-protected Nazarene account is accessible through a standard web browser, automatically using an encrypted https connection for all communications between your browser and The Church of the Nazarene Inc. server to protect any data from being intercepted during network transfers.
You may at any time obtain confirmation from The Church of the Nazarene Inc. as to whether or not personal data concerning you is being processed.
You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 30 days by The Church of the Nazarene Inc. as spreadsheet files in Microsoft Excel or CSV format. Logical relations between datasets will be preserved in the form of unique identifiers.
You may at any time obtain without undue delay rectification of inaccurate personal data concerning you
Restriction of processing personal data
You may at any time request The Church of the Nazarene Inc. restrict the processing of personal data when one of the following applies:
• If you contest the accuracy of the personal data, for a period enabling The Church of the Nazarene Inc. to verify the accuracy of the personal data;
• If the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
• If The Church of the Nazarene Inc. no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims.
You may without undue delay request the erasure of personal data concerning you, and The Church of the Nazarene Inc. shall erase the personal data without undue delay when one of the following applies:
• If the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• If you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
• If you object to the processing in case the processing is for direct marketing purposes;
• If the personal data has been unlawfully processed; or
• If the personal data has to be erased for compliance with a legal obligation in the EU or any other national law.
Data retention policy
Donor Account Data will, due to tax regulations, be retained for up to five full fiscal years from the cancellation of your donor account.
Configuration Data and System-Generated Data will be erased immediately when you cancel your online Nazarene account.
End User Data will be erased on an ongoing basis after 12 months from registration, and immediately when you cancel your online Nazarene account.
Data retention for compliance with legal requirements
You cannot require The Church of the Nazarene Inc. to change any of the default retention periods, except for the reasons for erasure, but may suggest changes for compliance with specific sector laws and regulations.
Data restitution and/or deletion
No data except Donor Account Data will be retained after the termination of the contract. You may request a data copy before termination. You must not cancel your online Nazarene account until the data copy has been delivered, as The Church of the Nazarene Inc. otherwise will not be able to deliver the data copy.
The Church of the Nazarene Inc. will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to
effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.
Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of our website at nazarene.org.
You may at any time lodge a complaint with a supervisory authority regarding The Church of the Nazarene Inc.’s collection and processing of your personal data. In Germany, you can lodge a complaint with the German Data Protection Agency.