Baptist Global Response: Privacy Statement
Baptist Global Response (BGR) believes that information personal to our website users and constituents should be respected and protected. We are committed to protecting your nonpublic personal information and using it only as appropriate or necessary to provide you with the best service possible. For that reason, we have created this PRIVACY STATEMENT in order to demonstrate our commitment to privacy.
This Privacy Statement explains BGR’s approach to privacy on BGR’s website, www.GoBGR.org, as well as other websites owned and controlled by BGR. BGR’s Privacy Statement describes only BGR’s practices for gathering, using, and disclosing personally identifiable information collected by BGR solely at BGR’s website. BGR’s website may contain links to other websites that are not operated by BGR. BGR is not in any way responsible for the privacy practices, collection, use, or disclosure of personally identifiable information by such other websites, nor is BGR responsible in any way for the content of such other websites.
For purposes of this privacy statement, the term “BGR” includes all BGR offices worldwide, all BGR employees and contractors subject to BGR control and partner entities owned by BGR.
BGR encourages its users to be aware when they leave BGR’s website and to read the privacy statements of each and every website that collects any personally identifiable information.
The Collection, Use, and Disclosure of Personally Identifiable Information
As used in BGR’s Privacy Statement, the phrase “personally identifiable information” is personal information that identifies a specific natural person and means: (a) a first and last name; (b) an address, including a street name, city or town, and zip code (but excluding a post office box); (c) an e-mail address; (d) a telephone number; (e) a Social Security number; (f) self-identified health information, and/or, (g) an account number or credit card number (including but not limited to, banking account and routing numbers). In BGR’s Privacy Statement, the phrase “personally identifiable information” is abbreviated as “PII”.
The definition of PII will differ depending upon applicable law. In Europe, it will include all information that directly or indirectly relates to a user, and includes “personal data” as defined by the General Data Protection Regulation (GDPR). Where GDPR or other EU privacy laws apply to a user, this Privacy Statement details how a user can exercise user’s rights.
BGR is the owner of all PII that is collected by BGR on BGR’s website. BGR may collect PII from users, constituents, and in responses to online surveys and group discussions at several different points on BGR’s website.
BGR will not sell or rent PII to other organizations in ways that are different from what is disclosed in this Privacy Statement or not permitted under the GDPR.
BGR may use PII to contact the user about BGR, the goods and services available on BGR’s website, and to provide information about other topics and discussion groups.
BGR may disclose PII to third parties as required or permitted by law.
BGR may share aggregate demographic information that does not contain PII.
“Legitimate Interest” under the GDPR
BGR will generally only collect European Union (EU) and European Economic Area (EEA) (comprised of EU member states, and Iceland, Liechtenstein, and Norway) based user’s PII when it is necessary for BGR’s “legitimate interests,” including but not limited to, fulfilling BGR’s mission and vision, and performing BGR’s legitimate legal, employment, and business interests. BGR may also use user’s PII for the legitimate interest of providing goods and services, ministry needs, and processing donations. The table below provides some examples of how BGR uses user PII, and the legal basis for such use of user PII.
|How BGR Uses PII||The Types of PII||Legal Basis||Legitimate Interest|
|To contact users about the activities of BGR||Identity Data; Contact Information||Legitimate Interest||BGR may use a user’s contact information to send user information about BGR activities that he/she has requested|
|For electronic marketing communication||Identity Data; Contact Information; Marketing/Communication Data||Consent; Legitimate Interest||When users engage with BGR, the law permits BGR to send user relevant email marketing|
|For physical communication (e.g., post, telephone calls, etc.) and non-marketing electronic communication||Identity Data; Contact Information; Marketing/Communication Data||Legitimate Interest||To keep users informed of BGR’s work; To send users information and resources that BGR believes would interest user|
|For contact management||Identity Data; Financial Data; Contact Information; Requests and Preferences; Demographics||Legitimate Interest||To manage participation in BGR’s ministry and contact management across the organization|
|To improve user’s experience and allow log-in access to BGR affiliated websites and online portals||Identity data; Contact Information; Security Credentials||Contract; Legitimate Interest||To ensure that Users’ accounts on BGR’s websites and online portals are kept safe and private|
|For fund development||Identity Data; Financial Data; Financial Transaction Data; Contact Information; Information about user’s beliefs and circumstances; requests and preferences||Legitimate Interest||To provide opportunities for user to partner with BGR through financial giving, communication or prayer|
|To process donations||Identity data; Financial Data; Financial Transaction Data; Contact Information; Tax Status||Contract; Legitimate Interest
|To securely receive user’s donation toward BGR’s charitable aims|
|For statutory reporting||Identity Data; Contact Information; Tax Status||Legal Obligations; Legitimate Interest||BGR may have obligations to report government authorities|
|To deliver goods and services||Financial Data; Financial Transaction Data; Contact Information||Contract||To provide user with goods or services that the user has purchased or requested|
|To enable user to partake in a prize draw, sweepstakes, competition, or complete a survey||Identity Data; Contact Information; Marketing/Communication Data||Contract||To collect contact information to provide user with any prize they have one; To gather survey data that the user has provided voluntarily|
|To allow BGR to improve its tools; To maintain an audit trail of access to data; Troubleshooting; Data analysis; System maintenance||Historical Transaction Data; System Data; Audit Logs; Location Data||Legitimate Interest||To manage and protect access to BGR affiliated websites; To ensure that BGR’s services operate effectively and to track who is accessing user’s data|
|To respond to complaints and requests||Identify Data; Contact Information; Historical Transaction Data; Application Data||Legal Obligation; Legitimate Interest||To ensure that user’s concerns are addressed|
|To apply or participate as a volunteer||Identity Data; Contact Information; Application Data; Self-identified Health Information||Contract||In the application process, user must provide certain personal information to assess user’s suitability to serve as a volunteer|
|To apply for Employment with BGR through a job application||Identity Data; Contact Information; Application Data; Information about user’s Personal Beliefs; Requests and Preferences; Security Credentials, Demographics; Employment Information; Self-identified Health Information||Contract; Legal Obligations||In the application process, users must provide certain personal information to facilitate employment|
Types of Data and How We Collect It
To carry out the legitimate interests discussed above, BGR may collect, store, process and transfer different kinds of personal data about users, which BGR has grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from user and other details of products and services user have purchased from BGR.
- Technical Data includes internet protocol (IP) address, user’s login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices users use to access BGR’s network.
- Profile Data includes user’s username and password, user’s interests, preferences, feedback and survey responses.
- Usage Data includes information about how user uses BGR’s website, and information technology products and services.
Special Categories of Data: BGR may also collect, store, process and transfer the following types of data that GDPR defines as “special categories” of more sensitive personal information:
- Information about user’s race or ethnicity, religious beliefs, gender, and marital status.
- Information about user’s health, including any medical condition, health and sickness records.
- Information about criminal convictions and offenses only where the law allows BGR to do so.
How We Collect This Information:
- Directly from user when he/she provides it to us including, but not limited to, filling out forms on our website, at an event, or printed materials; records of correspondence (including email addresses), if user contacts us; response to surveys;
- From third parties, for example, our business partners.
Government and Legal Requests
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside a user’s country of residence − for BGR to disclose PII. BGR may share PII if BGR has a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms of service, including investigations of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of BGR, its users or the public as required or permitted by law.
Users may provide information to be published or displayed (hereinafter, “posted”) on public areas of BGR’s website, or transmitted to other users of the website or third parties (collectively, “User Contributions”). User Contributions are posted on and transmitted to others at user’s own risk. Although BGR limits access to certain pages, users must be aware that no security measures are perfect or impenetrable. Additionally, BGR cannot control the actions of other users of BGR’s website with whom a user chooses to share his/her User Contributions. Therefore, BGR cannot and does not guarantee that User Contributions will not be viewed by unauthorized persons.
BGR’s website uses IP addresses to help BGR analyze trends, administer BGR’s website, track user movement, and gather broad demographic information for aggregate use. IP addresses do not contain PII.
BGR’s website uses “cookies”. A “cookie” is a piece of data stored on a user’s hard drive that contains information about the user. A cookie does not contain and is not linked to PII while a user is on BGR’s website. For instance, by setting a cookie on BGR’s website, a user would not have to log in a password more than once, thereby saving time while on BGR’s website. If a user rejects the cookie, the user may still use BGR’s website, but would be limited in some areas of BGR’s website. Cookies can also enable BGR to track and target the interests of users to enhance their experience on BGR’s website.
In order to receive certain updates or use certain features on BGR’s website, a user may have to complete a registration form. During registration a user may be required to provide PII, such as the user’s name and/or an e-mail address. If requested, it is optional for a user to provide demographic information (such as income level and gender) and unique identifiers which enable BGR to provide a more personalized experience on BGR’s website.
A user may subscribe to BGR’s newsletters or other publications on BGR’s website. In that case, BGR will request PII, such as the user’s name, mailing address, and/or an e-mail address. PII may be used to send such newsletters and may be used to contact the user about BGR, the goods and services available on BGR’s website, and to provide information about other topics and discussion groups.
BGR’s website includes an online gift catalog for constituents to order goods and services related to BGR’s ministry, and contact forms for constituents to request information and services. In such instances, BGR collects constituent PII, such as a name, an e-mail address, a mailing address, an account number and/or credit card number.
Online Surveys and Discussion Groups
BGR may conduct online surveys, which may request PII, such as a name, an e-mail address, and/or a mailing address.
Information collected by BGR’s online surveys may be used to help BGR understand the interests and concerns of BGR’s supporters and website users, and how they perceive BGR and BGR’s mission.
BGR may provide opportunities for e-mail discussion groups. Information collected by BGR from such discussion groups may be used to contact users about BGR, the goods and services available on BGR’s website, and to provide information about other topics and discussion groups.
Third Party Contractors
BGR may contract with third parties to provide services to BGR, including services relating to the internal operations of BGR’s website, the storage and retrieval of information, including PII, and other services. PII, on-line survey information, discussion group information, and aggregate demographic information may be maintained on BGR’s servers or on BGR’s third party contractor’s servers. BGR may use a third party contractor to facilitate the serving of targeted content and may transmit data to the third party to facilitate this service. Except as may be required by law, BGR is not responsible for the acts of any such third parties with regard to their handling and treatment of PII.
Use of Shipping Companies and Credit Card Processing Companies
BGR may use shipping companies to ship orders and credit card processing companies to process and bill constituents for goods and services related to BGR’s ministry. BGR may affiliate with other organizations to provide goods and services related to BGR’s ministry. When a user or constituent signs up for or orders goods or services, BGR may share PII as necessary to provide such goods and services, and to provide information about BGR, the goods and services available on BGR’s website, and information about other topics and discussion groups. Except as may be required by law, BGR is not responsible for the acts of any of the entities discussed in this section with regard to their handling and treatment of PII.
BGR’s website has security measures in place to attempt to protect against the loss, misuse, and alteration of information, including PII, that is under BGR’s control.
However, because of the nature of the threats to the security of information, BGR cannot guarantee that it can prevent security breaches that could compromise information, including PII, which is under BGR’s control.
The safety and security of PII also depends on the actions of the user. Where the user has been given (or where user has been chosen) a password for access to certain parts of BGR’s website, the user is responsible for keeping this password confidential. BGR urges users to be careful about giving information in public areas of the website, such as message boards. The information users share in public areas may be viewed by any user of the website.
Protection of Children
BGR is committed to the protection of children. BGR works to voluntarily comply with applicable provisions of the Children’s Online Privacy Protection Act of 1998 (COPPA) and its accompanying Federal Trade Commission regulations, which establish United States Federal law that protects the privacy of children using the Internet.
BGR develops materials for children, including pre-teens. At times, we maintain Web pages that are specially geared to the interests of younger children, and publish electronic newsletters and prayer letters in an effort to inform and develop their interest in all that God is doing around the world, including through the prayers and ministries of young children. We intend to have many activities on the BGR site that children can participate in and enjoy without having to share personally identifiable information.
For those activities that require PII, such as newsletters or other resources, in compliance with the Federal Trade Commission’s Online Privacy Protection Act, BGR will require verifiable parental consent before collecting or using PII from children under the age of 13. With these activities, BGR will notify the respective parent of our Privacy Statement and obtain verifiable parental consent before collecting PII from the child, unless we collect only the child’s name and online contact information to (1) obtain parental consent or provide parents with notice; (2) respond directly on a one-time basis to a child’s specific request; (3) respond more than once to a child’s specific request along with providing parental notice of such use; (4) protect the safety of a child; or (5) comply with legal requirements. When we provide parents with notice and/or seek consent, we also give parents the ability to let us know if they do not want any further use made of the personally identifiable information we have collected from their child. Parents can request to review or have deleted their child’s PII from BGR’s records, and refuse to permit further use of a child’s PII by writing to us at: Constituent Information, BGR, 402 BNA Drive Ste 411, Nashville, TN 37217.
The BGR will not condition a child’s participation in an activity on that child disclosing more PII than is reasonably necessary to administer the activity.
The BGR does not share PII from children under the age of 13 with any third party.
BGR opposes the use of unsolicited commercial email and mass posting to inappropriate newsgroups (spam) as a way to promote or advertise. BGR attempts not to send email to persons who are not related to our ministries or who have not otherwise requested contact from us, nor do we post advertisements to unrelated newsgroups. If you receive any unsolicited commercial email that appears to be from BGR or an employee of BGR, please notify us immediately.
BGR will reasonably investigate instances of unsolicited commercial email that appears to originate from BGR. If we find persons or entities using BGR’s name inappropriately, we will contact our lawyers and take reasonable steps, which may include legal action, to stop the unauthorized use of BGR’s name.
BGR has measures in place to attempt to require double opt-in, which means if someone receives a forwarded email or is added to an email list by another person or entity, the receiver of the forwarded email must nonetheless still agree to a subscription for themselves before they become a subscriber to that list.
User’s Rights under the GDPR
Users have the right of access (Art.15 GDPR), rectification (Art.16 GDPR), erasure (Art.17 GDPR), restriction of processing (Art.18 GDPR) and the right to data portability (Art.20 GDPR). In addition, users have the right to object to processing that is based on Art.6 (1)(f) GDPR. Users also have the right to lodge a complaint with the data privacy supervisory authority.
If a user has given BGR his/her consent to process personal data for specific purposes, this consent is the legal basis for processing user’s personal data. Consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The revocation can take place form-free and should be directed if possible to the contact information provided in this policy.
User’s Rights under CCPA
California residents may be entitled to additional rights under the California Consumer Privacy Act (CCPA), including the right to know whether and what personal information is being collected about them, right to request specific categories of information, right to opt out of the sale of personal information, right to request deletion of personal information, and a right to equal service and price if privacy rights are exercised. More information about the CCPA may be found here.
Requests may be sent to email@example.com or using the contact information included in this privacy statement. BGR will verify all requests prior to deleting personal information, per the guidelines set forth in the CCPA.
Correcting Updating, and Removing Personally Identifiable Information
BGR will use reasonable efforts to provide a way for BGR’s website users and constituents to request that BGR correct, update, or remove that respective user’s or constituent’s PII in or from BGR’s database. If a user’s or a constituent’s PII changes, or if a user or constituent no longer desires BGR’s goods or services, such user or constituent may contact BGR as directed in this Privacy Statement and request that BGR correct, update, or remove that respective user’s or constituent’s PII in or from BGR’s database.
Under the GDPR, if a user is located in the EU or EEA, a user may request the following:
- Editing and updating personal information
- Accessing personal information
- Deletion of personal information
- Restriction of processing of personal information
- Objecting to certain types of data processing including automated decision making
- Portability of personal information
- Withdrawing consent – BGR primarily relies on legitimate business interests to process users’ data. Users have the right to withdraw any consent they may have given BGR at any time. BGR will comply with users’ requests promptly. However, the withdrawal of consent will limit BGR’s ability to provide users with BGR’s products and service.
BGR’s website provides users and constituents the opportunity to opt-out of receiving further mailings and e-mailings from BGR at the point where BGR requests information about the user, constituent, survey participant, or discussion group participant.
BGR’s website also provides users, constituents, survey participants, and discussion group participants with the following options (below) for removing their PII from BGR’s database and for notifying BGR that they do not want to receive future communications or services from BGR’s website by contacting BGR as directed in this Privacy Statement.
Users or constituents wishing to contact BGR to update or removing their PII, to opt-out of newsletters or other mailings, to report a suspected breach of this Privacy Statement, or to inquire about any other of BGR’s privacy practices, should contact BGR in either of the following ways:
(a) The user or constituent can contact BGR at firstname.lastname@example.org, or (b) The user or constituent can send BGR a request by United States mail to the following postal Address:
Constituent Information & Data Privacy
Baptist Global Response
402 BNA DR STE 411
Nashville, TN 37217
Changes to BGR’s Privacy Statement
BGR may revise this Privacy Statement at any time without prior notice to users or constituents and will post the revised Privacy Statement on the BGR website under “Privacy Statement”. This statement will be reviewed and updated every twelve (12) months.
Updated and Effective January 16, 2020