WHO WE ARE

Church of the Open Door, a  Minnesota Nonprofit corporation, tax-exempt under section 501(c)(3) of the Internal Revenue Code, (hereinafter “The Church”) respects your privacy as a visitor to its website (the “Website”) and has developed the following privacy policy (“Online Privacy Policy” or “Policy”) to inform you how The Church handles your Personal Information, defined below, after receiving it.

By accessing or using this Website, you agree to this Policy, so please read it carefully. This Policy may change from time to time. Your continued use of this Website after The Church makes changes is deemed to be an acceptance of those changes, so please check the Policy periodically for updates.

INFORMATION THE CHURCH COLLECTS & WHY

1.1 Who collects your info

The Church is the data controller of the information The Church collects from your use of our website. The Church utilizes a Data Protection Officer (“DPO”). This person is responsible for evaluating The Church’s data protection policies and the implementation of those policies. If you feel something is not addressed in this Privacy Policy or have further questions, our DPO can be reached by using the contact information contained in section 7. Additionally, and to the extent that The Church operates in the People’s Republic of China, The Church may designate a legal representative within China that coordinates data privacy compliance for The Church with The Church’s DPO in that country.

1.2 Consent to Collect Your Information

We process Personal Information based on consent according to Art. 6(1)(a) GDPR, which you are free to give or refuse. You’ll see consent options when you visit our website for the first time. When we change the purposes for which we use your Personal Information, or when there are new purposes, we will notify you of such changes and may need to obtain your consent for the changes or new purposes. You can change your decisions at any time by clicking the button below. If you change your decision, it will not affect the lawfulness of processing based on consent before its withdrawal.

1.3  What Information The Church Collects

Depending on the way you use the Website and The Church services, The Church may gather Personal Information from you in the following categories.

1.3.1  Personal Information

“Personal Information” means data or information that can be used to identify an individual directly or indirectly and includes: your name, address, IP address, email address, telephone number, professional information, trade union memberships, biometric data, such as fingerprint or facial recognition, or other similar personally identifying data collected from you by The Church or its authorized agents and also includes Financial Information, Analytics Information, and Cookies defined further below.

1.3.2  Financial Information

“Financial Information” means credit card numbers, debit card numbers, bank account numbers, and other similar sensitive payment-related information.

1.3.3  Analytics Information

In an effort to improve visitors’ experiences on the Website, The Church gathers certain information related to individuals’ website visits, collectively “Analytics Information”. Analytics Information does not correlate to you individually and is used solely to measure and improve The Church’s Website and to better serve The Church’s Website visitors. The Church uses aggregate statistical data to compile reports. Analytics Information is likely to include the following:

Device- and Network-Specific Information: Device- and network-specific information includes your unique device identifier, operating system and version, the browser you use, your internet service provider (ISP), and your internet protocol (IP) address.

Geographical Information: Geographical information includes your language, zip code, area code, general location, and local time zone.

Website Visit Information: Website visit information includes data such as the domain from which you came to the Website, details of how you use the Website, what webpages you visit on The Church’s Website, and the duration of your visit.

Third Parties and Analytics: The Church may employ third-party data analytics firms to track and analyze traffic on the Website; to analyze visitor trends, browser types, and usage trends; and to present targeted ads based on anonymous information collected through tracking.

Third parties that are referenced on the Website may have content embedded that uses cookies on your browser or tracks certain analytics information, such as your IP address. Third parties may not collect your Personal Information from the Website unless you provide it to such third parties.

1.3.4 Cookies

Use of Cookies: The Church may use cookies on your computer. A cookie is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity.

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

Do Not Track Signals: The Church does not respond to browser Do Not Track (“DNT”) signals. The Website may utilize page tags or web beacons to track information related to user visits as a part of The Church’s data analytics described below. Page tags, also known as web beacons, pixel tags, or tracking pixels, are small, transparent images or snippets of code that are embedded in websites, emails, or other digital content. They are used to track user behavior, monitor website performance, and gather analytics data.

1.4 Why The Church Collects Your Information

When you sign up to receive a publication of The Church, make a donation to The Church, or otherwise use the Website, The Church may gather Personal Information. Specifically, The Church gathers your Personal Information to accomplish the following objectives.

1.4.1 To Provide Services

The Church may use your Personal Information to provide services to you upon your request. Such services may include sending you newsletters and publications, responding to your questions and comments, communicating with you concerning your financial transactions conducted on the Website, emailing you updates concerning The Church’s products and services, and personalizing your visits to the Website.

For example, if you obtain a user ID, membership, educational materials, or otherwise request goods or services provided by The Church, you will receive information about The Church’s products, services, marketing information, and related offerings unless you choose to opt out. If you have questions about such communications or no longer wish to receive such offers, please contact The Church using the contact information provided below at section 7 below. 

The Church may use your email address, usage data, or other Personal Information to provide you with technical support, to send you detailed summary emails regarding your transaction history with The Church, to provide you with important tax information, or to send you notices about the Website or other promotional offers you have elected to receive.In connection with these services, The Church may also share your Personal Information with other The Church offices or with The Church’s subsidiaries and affiliates in the country in which you reside and in other countries.

1.4.2 To Fulfill The Church’s Contractual Obligations

The Church may collect Personal Information to fulfill The Church obligations under an agreement with you or other third parties. This may include collecting information such as names, addresses, and contact details for the purpose of providing products or services as outlined in our agreements. The Church may also use this information to communicate about updates, changes, or issues related to our agreement.

1.4.3 To Improve Your Experience on the Website

We may use your Personal Information to improve your experience on the Website. By collecting your Personal Information, The Church is better able to personalize your experience by storing your preferences and enabling us to show you relevant content tailored to your interests. Additionally, cookies can remember your login credentials, shopping cart contents, or language preferences. Your Personal Information also helps The Church understand how you interact with The Church’s website, such as which pages you visit and how long you spend on each page, allowing The Church to optimize the website’s layout and user experience.

SECURITY & COMPLIANCE

2.1 Security

The Church takes the security of your Personal information very seriously. When your Personal Information is stored by The Church, The Church uses limited-access, protected servers. Personal Information is stored on these servers in encrypted form. The Church retains your Personal Information only for as long as reasonably necessary for the purpose for which it was collected. The Church does not collect, store, or transmit user social security numbers, driver’s license numbers, or similar sensitive information.

Unfortunately, data transmission over public networks may not be secure. While The Church will use all reasonable means to protect your Personal Information, The Church cannot guarantee the security of your transmissions of such Personal Information, and you use the Website at your own risk. If you suspect your Personal Information has been compromised, please notify The Church using the contact information provided below.

2.2 Financial Data Precautions

The Church takes the privacy and security of your financial information seriously. In order to provide you with a seamless and secure experience when making transactions or payments, The Church has partnered with trusted third-party Payment Card Industry Data Security Standard (PCI DSS) compliant financial service providers to process your financial information.

Please note that The Church does not directly receive, access, or store your financial information, such as credit card or bank account numbers. Instead, The Church employs a tokenization system, which replaces sensitive financial data with unique, non-sensitive tokens. These tokens allow us to securely and anonymously process transactions without exposing your financial information.

Our third-party financial service providers are required to adhere to stringent security standards, including the PCI DSS.

2.3 Data Breach

If The Church experiences a data breach and Personal Information is exposed, The Church will notify you and the relevant supervisory authority within 72 hours of knowledge. Additionally, The Church will quickly communicate data breaches to you unless the breach is unlikely to put your information at risk (for instance, if the stolen data is encrypted).

2.4 Third Party Precautions 

We carefully select our third-party service providers and partners based on their ability to process Personal Information consistent with in compliance with The Church commitments to data privacy set forth in this Online Privacy Policy. The Church shares your Personal Information with such third parties only when it is necessary to provide our services to you or to improve our service offerings. The Church also ensures that these third parties have appropriate technical and organizational measures in place to protect your Personal Information from unauthorized access or processing.

2.5 Third Party Agreements

Where required, The Church enters into legally binding agreements with third-party data processors. These agreements explicitly outline the terms and conditions governing data processing activities, the scope and purpose of data processing, and the respective roles and responsibilities of each party. These agreements also require our third-party data processors to implement appropriate security measures, provide timely notification in case of data breaches, and assist us in fulfilling our obligations applicable law, such as responding to your data subject access requests.

2.6 International Data Transfers

In some instances, The Church may transfer your Personal Information to third-party recipients located outside the European Economic Area (EEA). When this occurs, The Church ensures that these transfers are subject to adequate safeguards in line with GDPR requirements, such as the use of Standard Contractual Clauses or adherence to Privacy Shield frameworks, where applicable.

2.7 Retention

2.7.1 Retention Periods

We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, including, but not limited to, providing our services to you, complying with legal obligations, resolving disputes, and enforcing our agreements.

The specific retention periods for different categories of Personal Information may vary based on the nature of the data, the purposes for which it was collected, and any applicable legal or regulatory requirements. Once the retention period for a specific category of Personal Information has expired, The Church will securely delete or anonymize the data, in accordance with our data disposal procedures.

2.7.2 Legal and Regulatory Requirements

In certain cases, The Church may be legally obligated to retain your Personal Information for longer periods, such as for tax, accounting, or other regulatory purposes. In these instances, The Church will retain your Personal Information in accordance with the relevant legal and regulatory requirements.

2.7.3 Data Anonymization

Where possible, The Church may choose to anonymize your Personal Information so that it can no longer be associated with you. Anonymized data is not subject to GDPR requirements and may be retained indefinitely for statistical, research, or other purposes, without any impact on your privacy.

INFORMATION THE CHURCH SHARES AND WITH WHOM

3.1 Aggregated Information Sharing

The Church may share aggregated demographic information with The Church’s partners and third parties. Aggregated demographic information is generally collected from numerous persons and does not correlate to any specific individual. Aggregated information is not linked to your Personal Information and cannot be used to identify you.

3.2 Personal Information Sharing

3.2.1 Information Sharing to Date

The Church does not sell the Personal Information of visitors to the Website and has not done so in the preceding twelve months to date. However, The Church does disclose, and in the preceding twelve months to date has disclosed, Personal Information voluntarily provided by visitors to the Website, including name, address, email address, telephone number, credit card number, debit card number, and bank account number, as necessary to third-party servicers and processors in order to provide services to Website visitors, as more fully discussed below.

3.2.2 Third-Party Services

The Church may partner with third parties to provide specific services to Website visitors. When you sign up for these services, The Church may share your name or other contact information as necessary for the third party to provide these services. These parties are not allowed to use your Personal Information except for the purpose of providing these services. Furthermore, while The Church will never rent or sell your email address to outside parties, The Church may occasionally ask your permission to share your email address with third parties so that you can receive information or communications from those parties.

3.2.3 Donation Transactions

As discussed in section 2.2, all donation transactions originated on the Website are processed by third-party PCI DSS-compliant payment processors. Your Personal Information may be disclosed to such payment processors. The transactions are handled by established third party-banking, processing agents, and distribution institutions. They receive the information needed to verify and authorize your credit card or other payment information and to process your donation. These companies are authorized to use your Personal Information only as necessary to provide their services to you and to comply with their legal obligations, such as to provide The Church with your Personal Information, including your name, address, phone number, email address, and amount donated for tax or other reporting purposes.

3.3 Other Possible Disclosures

In addition to the other disclosures stated herein, The Church may share your Personal Information for the following purposes and with the following parties, as applicable:

a. To comply with applicable laws, regulations, legal processes, government-enforced orders, or data security assessments.
b. To enforce applicable terms of service, protect The Church’s legal rights, or defend against legal claims.
c. To prevent, defend against, and otherwise address technical or security issues, including suspected or potential fraud.
d. To guard against harm (whether actual or potential) to the legal rights, property, or safety of The Church, visitors to the Website, or the general public as required or permitted by law.
e. To facilitate communications with social media platforms. These social media platforms may have their own data collection, use, and sharing practices that may also be applicable to your Personal Information. You should review their applicable privacy policies and methods for changing the privacy or sharing settings on such services.
f. To effectuate a merger, divestiture, restructuring, reorganization, dissolution or other transfer of some or all of The Church’s assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which users’ Personal Information held by The Church is among the assets transferred.
g. To fulfill the purpose for which you provide it. For example, if you provide The Church with an email address for the purpose of The Church sending you a regular newsletter, The Church may use it to regularly send you newsletters.
h. To achieve any other purpose to which you expressly consent.

YOUR PRIVACY RIGHTS 

Subject to the limitations set forth in Sections 4.9 and 4.10 you have the following rights with respect to your Personal Information.

4.1 Your Right to Opt Out

You may have the right to opt out of The Church’s data collection for certain purposes. If you would prefer that The Church not collect Personal Information about your Website visits, you may opt out by contacting us by using the information provided in section 7.

4.2 Your Right of Confirmation and Access

You may have the right to confirm whether The Church is processing your Personal Information and to access your Personal Information, subject to certain limitations. You may also have the right to request additional information related to the categories of information collected, sources of information collected, purpose for information collection, categories of third parties to whom Personal Information is disclosed, and the specific pieces of information collected. You may request such confirmation, access, or additional information by contacting us using the information provided in section 7.

4.3 Your Right to Correction

You may have the right to correct inaccuracies in your Personal Information, subject to certain limitations. To request changes to the content of your Personal Information, you may contact us by using the information provided in section 7. Please note that The Church is not responsible for updating information shared with third parties.

4.4 Your Right to Data Deletion

You may have the right to have your Personal Information you may have provided to The Church deleted, subject to certain limitations. You may request that The Church delete your Personal Information by contacting us by using the information provided in section 7.

4.5 Your Right to Data Portability

You may have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format, to allow you to transmit your Personal Information to another controller without impediment, subject to certain limitations. You may request your Personal Information in such a format by contacting us by using the information provided in section 7.

4.6 Your Right to Limit Use and Disclosure of Sensitive Information 

You may have the right to request that the use and disclosure of sensitive information, if any, be limited to those uses which are necessary to perform the services or provide the goods for which the information was provided and other authorized uses. You may request such limitations on use and disclosure by contacting us by using the information provided in section 7.

4.7 Your Rights Related to Automated Decision-Making and Profiling

You have a right not to be subject to a decision based solely on automated processing, including profiling, which produce legal effects concerning you and similarly significantly affects you. You can object to your Personal Information being used in this way. The Church is permitted to use automated decision-making and profiling if the decision:

a. is necessary for entering into, or performance of, a contract between you and us;
b. is authorized by EU or a member state law to which The Church is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c. is based on your explicit consent.

Where The Church engages in automatic decision-making or profiling in connection with a contract between us or to further to your explicit consent, The Church implements suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention from us in the course of decision-making process, and the opportunity to express your point of view and to contest the decision.

4.8 Limitations on Access

We may restrict your right to access your Personal Information in the following situations.

4.8.1 The request is manifestly unfounded or excessive.

If your access request is repetitive or clearly intended to cause inconvenience or disruption, or if the request is overbroad or too generalized, The Church may refuse to comply or charge a reasonable fee to cover our administrative costs.

4.8.2 The request would adversely affect the rights and freedoms of others.

If providing access to your Personal Information would negatively impact the privacy rights, trade secrets, or intellectual property of others, The Church may limit or deny your request.

4.8.3 The request conflicts with our legal obligations.

If The Church is legally required to withhold your Personal Information, such as in cases of ongoing legal proceedings or regulatory investigations, or if disclosure would violate our contractual obligations, The Church may limit or refuse your access request.

4.8.4 Prevention, investigation, or prosecution of criminal offenses.

We may limit your access to Personal Information data if doing so is necessary for the prevention, investigation, or prosecution of criminal offenses or the execution of criminal penalties.

4.8.5 Regulatory supervision and enforcement.

If providing access to your Personal Information would hinder the performance of tasks aimed at ensuring regulatory compliance or enforcement, The Church may limit your access request.

4.9 Limitations on Deletion and Modification

There are certain circumstances in which The Church may be legally required or permitted to refuse or limit your request to delete or modify your Personal Information. This section outlines the legitimate reasons for not honoring your data erasure and modification requests, including contractual obligations and other legitimate grounds.

4.9.1 Contractual Obligations

If your Personal Information is necessary for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract, The Church may be unable to delete or modify your data.

4.9.2 Legal Compliance 

If The Church is legally obligated to retain your Personal Information for purposes such as tax, accounting, or other regulatory requirements, The Church may refuse or limit your erasure or modification request.

4.9.3 Assertion, Exercise, or Defense of Legal Claims 

We may refuse or limit your erasure or modification request if your Personal Information is necessary for the establishment, exercise, or defense of legal claims.

4.9.4 Other Legitimate Interests 

If the retention of your Personal Information is in furtherance of archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; public health reasons consistent with the exceptions for processing special categories of Personal Information such as health information; exercising official authority vested in us; performing a task carried out in the public interest; exercising the right of freedom of expression and information; or otherwise in The Church legitimate interests under the law, The Church may refuse or limit your erasure or modification request of your Personal Information.

ADDITIONAL NOTICES

5.1 Changes to Online Privacy Policy 

In the event of any change to The Church’s Online Privacy Policy, notice of such changes will be posted on the Website. Any changes to this Online Privacy Policy will become effective when The Church posts the revised Online Privacy Policy on the Website. Your use of the Website following these changes means that you accept the revised Online Privacy Policy.

5.2 Third-Party Websites’ Privacy Policies 

When you click on links on the Website that take you to third-party websites, you will be subject to these third parties’ privacy policies. The Church cannot be responsible for the actions of any third-party websites and encourages you to read the posted privacy policies of each website you visit, whether you are linking from the Website or browsing on your own.

5.3 Children Under Sixteen 

The Website is not intended for children under sixteen (16) years of age. No one under sixteen years of age is permitted to provide any information to or on the Website, and The Church does not knowingly collect Personal Information from children under sixteen years of age. If you are under sixteen years of age, do not use or provide any information to the Website, register on the Website, make any purchases or donations through the Website, use any features of the Website including any interactive or public comment features, or provide any information about yourself to The Church, including your name, address, telephone number, email address, or any screen name or user name you may use. If The Church learns it has collected or received Personal Information from a child sixteen years of age without verification of parental consent, The Church will delete that information. If you believe The Church might have any information from or about a child sixteen years of age, please contact us by using the information provided in section 7. 

STATE PRIVACY RIGHTS

6.1 California Shine the Light Law 

To learn more about California residents’ privacy rights, visit https://oag.ca.gov/privacy/ccpa. California’s “Shine the Light” law (Civil Code section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us by using the information provided in section 7.

6.2  U.S. State Privacy Rights

Residents of various U.S. states, including but not limited to California, Colorado, Connecticut, Virginia, Utah, Iowa, Indiana, Tennessee, Texas, Florida, Montana, Delaware, New Hampshire, New Jersey, Kentucky, Nebraska, and Oregon, have specific privacy rights. Depending on your state of residence, you may have the right to:

a. Confirm whether Avenue Women’s Center processes your Personal Information.
b. Access and delete certain Personal Information.
c. Exercise data portability to receive a copy of your Personal Information in a usable format.
d. Opt-out of the processing of your Personal Information for targeted advertising and sales purposes.
e. Correct inaccuracies in your Personal Information, considering the nature of the information and the purpose of its processing.
f. Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
g. Restrict or limit the processing of your Personal Information.
h. Receive clear and accessible information about how your Personal Information is being used (right to transparency).
i. Not be discriminated against for exercising any of your privacy rights (right to non-discrimination).
j. Appeal a decision made by a business regarding your privacy rights request.
k. Provide or withdraw consent for the collection and processing of your sensitive Personal Information (right to consent).
l. Object to the processing of your Personal Information for certain purposes.
m. Ensure that only the minimum necessary data is collected and processed (right to data minimization).
n. Ensure your Personal Information is only used for specified, explicit, and legitimate purposes (right to purpose limitation).
o. Ensure the accuracy, integrity, and security of your Personal Information (right to data integrity and security).
p. Be informed if your data is breached and your personal data security is compromised (right to be informed).

Additional Rights for California Residents:

In addition to the rights above, California residents may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), such as:

a. The right to know the categories of Personal Information collected, the sources from which Personal Information is collected, the purpose for collecting Personal Information, and the categories of third parties with whom we share Personal Information.
b. The right to non-discrimination for exercising any of your privacy rights.

Other States:

Residents of other states with privacy laws not specifically listed above may have similar rights. We are committed to respecting and protecting your privacy rights as required by applicable state laws.To exercise any of these rights, please contact us by using the information provided in section 7. 

6.3 Nevada

Nevada provides its residents with a limited right to opt-out of certain Personal Information sales. Residents who wish to exercise these sale opt-out rights may contact us by using the information provided in section 7. However, please know The Church does not currently sell data triggering that statute’s opt-out requirements.

CONTACT THE CHURCH

To obtain further information concerning the terms of this Online Privacy Policy, to exercise your privacy rights as detailed herein, or to appeal a decision The Church makes in response to a submitted request, please contact:
Doug Stewart, dstewart@thedoor.org
info@thedoor.org
(763) 416-5887