WEBSITE PRIVACY POLICY

St. Margaret’s School (“SMS,” as well as “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy (“Privacy Policy”), in connection with our website Terms of Service (together, “Terms”), describes how SMS may collect, use, and disclose information when visitors (“visitor(s),” “you,” or “your”) access or use the SMS website https://www.sms.org/ (as well as other third party social media sites of SMS) (“Sites”) and services made available through the same (collectively “Services”) using a personal computer, mobile device, or any other means, including but not limited to the SMS Intranet, online Inquiry and Application forms, any online SMS event RSVP forms, and PCR where student grades and comments are available.

Together with our Terms, this Privacy Policy is a legally binding agreement between you and SMS. By accessing or using the Sites or by registering for an Account (as defined below), you consent to the Terms and the Privacy Policy, including our collection, use, and disclosure of your PII (as defined below) as described herein. Please read this Privacy Policy carefully. SMS reserves the right to change or modify this Privacy Policy as it deems necessary or appropriate due to changes in our practices or changes in the law.

Information SMS Collects

Personal Identifiable Information. SMS may collect personally identifiable information (“Personally Identifiable Information” or “PII”) you voluntarily provide when you register, access, set up an account, submit online PII relating to enrollment or other business with SMS, or otherwise use the Sites or Services. PII includes your first and last name, your email address, your home or other physical address, including a street name and name of a city or town, your telephone number, your social security number, any payment or financial information, or any other identifier that permits us to contact or identify a natural human person, like you, and/or any information that we maintain that could be used to identify you in combination with any of the identifying information described above. The restrictions of this Privacy Policy apply only to PII. The Privacy Policy restrictions do not cover data we collect that cannot be used to identify an individual or to pseudonymous data. Nor are such restrictions applicable to encoded or anonymized information or aggregated data which we collect or create about a group or category of services, features, or users not containing personally identifying information. We reserve the right to share aggregate data, to encode, or to anonymize information with potential partners or other third parties without restriction. We collect, store, and use PII you choose to provide to us in accordance with this Privacy Policy. This Policy also applies to information, including PII, that we may obtain from third-party vendors, such as search engines or social media sites, and such is also collected, stored, and used by us in accordance with this Privacy Policy.

Direct Collection. We collect information, including PII, that you provide to us when you register for an account with us for Services or via the Sites (“Account”), send us an email, sign up to receive email or messages, fill out a form, make a purchase or donation, communicate with us through third-party social feeds, request information, participate in active forums, or take other actions on the Sites. You may choose not to provide such PII, in which case you may not be able to access or use portions of the Sites or some features of such or our Services. We may also obtain information from outside sources and combine it with the information we collect directly from you or through the Sites. SMS may, but is not obligated to, retain the content of any electronic communication you send or PII you provide by any means.

Aggregate and Similar Information. We may automatically collect information when you visit the Sites such as the Internet Protocol (IP) address, the browser and operating system you use, the name of the domain and host from which you access the Internet, the address of the website from which you linked to the Sites, device identifiers, mobile and network information, and your actions on the Sites. This information (or portions thereof) will be treated as PII if appropriate and handled pursuant to our Privacy Policy. Otherwise, this information constitutes aggregate information. We may also collect “log data.” Log data provides aggregate information about the number of visits to different pages on the Sites. We use log data for troubleshooting purposes and to track which pages people visit in order to improve the Sites. We do not link log data collected to PII. Third-party vendors may also collect aggregate log data independently from us. However, we are not responsible for the content or privacy policies of these third-party vendors. We encourage you to read the privacy policies and review the practices of all websites you visit. We may communicate with third-party vendors and place online advertising, which may be displayed on other websites on the Internet. In some cases, those third-party vendors may decide which ads to show you based on your prior visits to the Sites. At no time will you be personally identified by us to those third-party vendors, nor will any of the PII you share with us be shared with those third-party vendors. We may also use third-party services, such as Google Analytics, which help us understand traffic patterns and know if there are problems with the Sites. We may also use embedded images in emails to track open rates for our mailings, so that we can tell which mailings appeal most to our visitors.

Minors. The Sites and Services are not directed at children and SMS does not knowingly collect PII (including information concerning a child or that child's parents/guardians, any screen or user name that functions as online contact information for a child, any photograph, video, or audio file containing a child’s image or voice) directly from users under the age of thirteen (13) or from other web sites or services directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1988 (“COPPA”), SMS will not knowingly request or collect PII from any child under the age of thirteen (13) in the United States without obtaining the required consent from the appropriate parent/guardian. Children may access and browse the Sites/Services without disclosing any PII.

SMS will apply material changes to this Privacy Policy to conform to applicable law, including any applicable provisions of COPPA that require parental consent. If you need further assistance, please contact SMS with your questions or comments by mail, email, or phone at: St. Margaret’s School, PO Box 158, Tappahannock, VA 22560; outreach@sms.org; 804. 443.3357.

NOTICE: Please visit http://www.ftc.gov/privacy/privacyinitiatives/chil... for information from the Federal Trade Commission about protecting children’s privacy online. If you are a parent or legal guardian and submit information regarding your child to SMS, you agree that SMS may collect, store, use, and process your child’s PII for the purposes described herein and in accordance with this Privacy Policy. If SMS learns that a user under 13 years of age has submitted PII through or using one of the Sites without that child’s parent or legal guardian’s consent, SMS will take reasonable measures to obtain consent by contacting the child’s parent or legal guardian if possible and shall, if consent cannot be or is not obtained, take reasonable measures to delete such information from its databases and not use such information for any purpose (except where necessary to protect the safety of the child or others as required by law). If SMS obtains the required consent from the parent or guardian of a child under 13, we will only ask for PII that is reasonably necessary to perform the relevant Services and will store such PII for only so long as reasonably necessary to fulfill these purposes.

The parent or legal guardian who has consented to a child providing PII to one or more of the Sites may later review the child’s PII and request correction or removal the information, in whole or in part; instruct SMS to discontinue all use of the child’s PII and/or not to communicate further with the child; or revoke or modify the consent by sending written communication to St. Margaret’s School, PO Box 158, Tappahannock, VA 22560; outreach@sms.org. If you have any reservations, questions, or concerns about your child’s access to the Sites or how information that your child provides is used by us, please contact us by sending written communication to St. Margaret’s School, PO Box 158, Tappahannock, VA 22560; outreach@sms.org.

International Visitors. At this time, the Sites and Services are fundamentally designed for and targeted to U.S. residents and audiences and are governed by and operated in accordance with the laws of the U.S. SMS makes no representation that the Sites and/or Services are operated in accordance with the laws or regulations of, or governed by, other nations. If you accessing and using Sites or Services from outside of the U.S., including the European Union and/or European Economic Area (together “EU”), Canada, Switzerland, or other regions having differing data protection laws, you use such at your own risk and initiative and you are responsible for your own compliance with any applicable local and national laws. Please be aware that any PII and other information you provide to SMS as a result of your use of the Sites or Services shall be collected in the U.S. and/or transferred to the U.S. and subject to U.S. law. By providing your data to SMS, you consent to the transfer of such to the United States and the use of your data in accordance with this Privacy Policy.

Cookies and Related Technology. Some of the PII and/or aggregate information noted above may be received and stored when you visit the Sites through the use of cookies, web beacons, or similar programs. “Cookies” are small text files stored locally on your computer that help store user preferences. “Web beacons” are small pieces of code placed on websites used to collect advertising metrics, such as counting page views, promotion views, or advertising responses. We may use cookies or web beacons to measure aggregate web statistics, including the number of monthly visitors, number of repeat visitors, most frequently visited webpages, and other information. We may also use cookies to facilitate your online visit by maintaining data that you provide so that you will not need to resubmit certain information.

Credit Card Information. We may require your credit card information in order to process purchases or donations. This includes your name, credit card number, expiration date, billing address, and authentication codes or related information as needed to authorize the charge and complete the transaction. Credit card data is transferred over a Secure Sockets Layer (“SSL”) line if you are using an SSL enabled browser, such as Microsoft Internet Explorer, Firefox, Safari, or Google Chrome. SSL is enabled for those pages of the Sites where you enter PII. This would ensure that your PII is encrypted as it travels over the Internet. You will know you are in secure mode when the padlock or key icon in the lower right-hand or left-hand corner of the computer screen appears in the locked position. In addition, when accessing a secure server, the first characters of the site address will change from “http” to “https”. After information reaches us, it may be temporarily stored during the relevant purchasing process on a secure server that resides behind firewalls designed to block unauthorized access. We otherwise do not store credit card information.

Purchases. If you purchase or pay for products or services, or make donations via the Sites, the transaction may be handled by our service vendor(s) responsible for processing your payment (and its affiliates or agents) (“Payment Processor”). These entities have their own privacy policies and those terms will apply to you. Please be sure to review them at the links provided during payment processing. If you use another website to purchase our products or services, you do so at your own risk and you should carefully review the privacy policy and terms of any such websites.

Third Parties. The Sites may contain links to third-party websites. Except as expressly stated otherwise by SMS, we do not review the privacy practices of all other websites and recommend that you review their privacy policies before sharing your PII. We do not have control over third-party websites and we are not responsible for their privacy policies or practices, and you use such at your own risk. Any third parties to whom we may disclose any information may have their own privacy policies that describe how they use and disclose PII. Those policies will govern use, handling, and disclosure of PII once we have shared it with those third parties as described in this Privacy Policy. If you want to learn more about third-party privacy practices, we encourage you to visit the websites of those third parties.

The Sites may also include social media features, such as widgets, buttons, or interactive mini-programs that run on the Sites. These features may collect your IP address, which page you are visiting on the Sites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Sites. Your interactions with these features are governed by the privacy policy of the company providing it.

Use of Information

                    Your use of all features requiring the provision of information about you is entirely voluntary and SMS will never require you to use any of the features in order to merely browse the publicly accessible portions of the Sites or Services.

                    Use of PII. SMS may store information we collect via the Sites, including PII, for at least as long as you maintain your Account with us, and may use such for various purposes and sometimes in connection with third parties, including:

                    • Processing your requests and for related purposes, including through newsletters and email notifications, confirmations, technical notices, updates, security alerts, and support and administrative messages that you may request, and fulfilling promises or obligations we may have with you or on your behalf;
                    • Compliance with applicable laws, statutes, or regulations, including those that may concern taxation, accounting, financial reporting, prevention of terrorism or money laundering, or judicial or administrative processes, and to take steps such as to protect our business, institution, users, students, and Sites and enforce our Terms;
                    • In furtherance of our legitimate interests or those of a third party so long as such interests are not overridden by yours or your fundamental rights and freedoms, including sharing with our related or acquiring entity or business(es), sending or making available information to you, tailoring your user experience, coordinating with our service providers and vendors, notifying users of updates or alerts, enforcing our Terms, managing our business, as part of a transfer of our assets, and analyzing trends and to improve performance of the Sites;
                    • Or otherwise, including with your consent, or as described to you at the time of collection.
                    • In the event of a bankruptcy or a sale, merger, or acquisition, we may transfer your PII to a separate entity. That entity will be responsible for ensuring that your PII is used only for authorized purposes and persons in a manner consistent with this Privacy Policy and applicable law.

                    Retention. We generally store PII in the US. However, we may transfer PII from the US to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our business. By providing PII to us, you consent to such transfer, storage, and processing. We will retain your PII as long as you (or those for whom you are parents/guardians) have an active account or current business/enrollment with SMS, as necessary to provide you with the Services, or as otherwise set forth in this Privacy Policy. We will also retain and use PII as necessary for the purposes set out in this Privacy Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and protect SMS’s legal rights. We also collect and maintain aggregated, anonymized, or pseudonymised information, which we may retain indefinitely to protect the safety and security of our Sites, improve our Services, or comply with legal obligations.

                    Information Security

                    Standards. SMS uses reasonable industry-standard security measures to protect against the loss, misuse, theft, unauthorized access, destruction, or alteration of the information under our control. Although we make good faith efforts to store information collected by the Sites in a secure operating environment, we cannot guarantee complete security. We do not authorize third parties to use your PII for purposes beyond those for which our Privacy Policy allows.

                    Mitigation. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse. To mitigate this risk, you should (a) use secure usernames and passwords and carefully protect them from disclosure and (b) implement updated internet security and virus protection on your computer. If you suspect that your computer’s security or your information has been compromised or your password accessed or used by an unauthorized third party, please contact us immediately and change your password. You should also be aware of how you handle and disclose your PII and should avoid sending PII through insecure email. Please refer to the Federal Trade Commission’s website at http://www.business.ftc.gov/privacy-and-security for more information about how to protect yourself against identity theft.

                    Notification. If we become aware of a security systems breach, we may attempt to notify you electronically so you can take appropriate protective steps. We may post a notice through the Sites if a security breach occurs. We may also send an email to you at the email address you have provided. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

                    Opting Out/Cookies /Do Not Track

                    We reserve the right to verify the identity of any person making a request to opt-out or to delete or modify PII; provided, however, we will have no liability of any kind resulting from false or erroneous requests or any change or deletion made by SMS for any reason.

                    Opting Out. You may opt out of receiving future optional information via email by using the unsubscribe procedure specified on the email message. You may also adjust your preferences in your Account settings via the Sites and/or send written communication to St. Margaret’s School, PO Box 158, Tappahannock, VA 22560; outreach@sms.org if you no longer wish to receive communications regarding SMS or the Sites. Opting out of promotional communications does not affect our communications with you via telephone or email related to any business we may have with you or other transactional emails.

                    Do Not Track. Most web browsers are set to accept cookies by default. Cookies do not contain any PII and we do not track your Internet usage outside of the Sites. In many web browsers, you can choose to delete, disable, turn off, or reject most cookies and web beacons through the “Internet Options” sub-option of the “Tools” menu of your web browser or otherwise as directed by your web browser’s support feature. Doing so in connection with the Sites may prohibit or limit functionality of your use of the areas of the Sites requiring you to log in. Please consult the “Help” section of your web browser for more information, and refer to the additional information below on how to reject cookies. If you prefer to opt out of the use of any third-party cookies on the Sites, you can do so by visiting the Network Advertising opt out page: www.networkadvertising.org.

                    Please note that under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any request that is not sent to the email or mailing address designated above.

                    Additional Information for International Visitors

                    The Sites are hosted in and provided from the United States. While we do not direct our services to residents of the EU, it is possible that EU residents may access and use the Sites. If you use the Sites and/or reside in the EU, Canada, or other regions with laws governing data collection and use that may differ from U.S. law, please note that you may be transferring data, including PII, to the United States. The United States may not have the same data protection laws as the EU, Canada, and some other regions. By providing PII to SMS and/or via the Sites, you consent to the transfer of your PII to the United States and the use of your PII, in accordance with this Privacy Policy. If we collect PII from EU residents in a manner subject to the General Data Protection Regulation (“GDPR”) then, in addition to the above, the following terms shall also apply to our collection, use and retention of that information:

                    Privacy Shield Principles. When handling PII from residents of the EU Member Countries, though not registered under the Privacy Shield, we make every effort to comply with the EU-U.S. Privacy Shield Framework principles (Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability) regarding the collection, use and retention of PII from EU Member Countries. However, our compliance with these principles may be limited (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements; or (b) by statute, governmental regulation, or case law. If there is a conflict between the policies set forth below and the Privacy Shield Principles, the Privacy Shield Principles shall govern. The Federal Trade Commission has jurisdiction over our compliance with this Privacy Policy and the EU-US Privacy Shield Framework. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.

                    Your Rights. Your rights include: (a) a right to withdraw your consent to the processing of PII about you to which you have previously given consent; (b) a right to object to processing of PII about you for the purpose of direct marketing; and (c) a right to have any incorrect part of the PII about you corrected or removed. If you request to have incorrect PII removed, we may retain some of your PII as necessary for the purposes of our legitimate business interests or in furtherance of public interests in accordance with the Privacy Shield Principles. Any PII you have shared publicly with others may continue to be publicly visible on the Sites. You also have the right to obtain a copy of the PII we have about you, although we reserve the right to charge a fee for this. Please be aware that we will disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We are not liable for appropriate onward transfers of PII to third parties.

                    Questions and Complaints. If you have questions or complaints regarding this Privacy Policy or our handing of PII about you, written communication can be sent to St. Margaret’s School, PO Box 158, Tappahannock, VA 22560; outreach@sms.org. We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Privacy Policy.

                    Updates

                    If you want to view your PII, delete your PII, or modify your PII that is inaccurate, you may do so via the options available through your Account (if any), and/or by sending written communication to St. Margaret’s School, PO Box 158, Tappahannock, VA 22560; outreach@sms.org regarding your request(s). In making modifications, you must provide only truthful, complete, and accurate information. We may limit your right to access or make changes to PII where the burden or expense of verifying the legitimacy of the request or providing access would be disproportionate to the risks to your privacy or where the legitimate interests of other persons may be violated.

                    Please note that notwithstanding your request to change or delete information, we may be required to keep this information and not modify or delete it or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements. When we delete any information, it will be deleted from the active database, but may remain in our archives, and/or may be anonymized, for example should such information need to be retained in certain files for a period of time in order to troubleshoot problems. In addition, some types of information may be stored indefinitely on back-up systems or within log files due to technical constraints or financial or legal requirements. Therefore, you should not expect that all of your PII will always be completely removed or immediately from our databases in response to your request.

                    Should you so choose, you have the right to lodge a formal complaint regarding our use of PII about you with the Federal Trade Commission, the supervisory authority for the United States, using the following contact information:Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580, 202.326. 2222.

                    Please note that alternate methods of compliance apply to EU residents, as provided herein.

                    SMS may update this Privacy Policy from time to time, so we encourage you to check this page when revisiting the Sites to make sure that you are informed of how your PII will be used. When SMS does so, SMS will post the new Privacy Policy to its Sites, and your continued use of the Sites and/or Services is deemed to be acceptance of such updates or changes. SMS encourages you to check the date of our Privacy Policy when you access and use the Sites or Services for any updates or changes.

                    Contact Information

                    SMS welcomes your questions, comments, and concerns about privacy and can be reached at: St. Margaret’s School, PO Box 158, Tappahannock, VA 22560; outreach@sms.org; 804. 443.3357.

                    Last Updated: 1.28.19