What Information We Collect
We collect several types of information:
Information you give us. Many of our services require you to provide information, such as a name, email, address, or billing information. Additionally, some services require you to sign up for or log in with a srnd.org account, which requires similar information.
Public information. For example, we collect information on your contributions to open-source software.
- Information we get when you use our services. This information includes:
- Device information. When you use one of srnd.org's electronic services, we collect information which can be used to uniquely identify your device.
- Location information. When you use our electronic or physical services, we collect information about which city you live in. We request explicit permission before collecting location data more precise than your city.
- Log information. When you use our electronic or physical services, we automatically collect certain information and store it as logs. This includes details of how you used the service (such as how many tickets you bought for CodeDay).
We may collect and store this information in a country outside the one where you live.
How We Use Your Information
We use your information internally for the following purposes:
To provide services. We use the information we collect to continue to provide existing services, to improve them, and to develop new ones.
For safety and security. We use the information we collect to protect ourselves and our users. For example, we maintain a list of people who are no longer allowed to attend our events for security reasons.
- To keep you updated. We use information we collect to provide updates on existing and new services, and to occasionally let you know about donation or volunteer opportunities.
When We Share Information
We never sell your data, and try to minimize the need to share information with third-party providers. That said, we sometimes provide information to third-parties for the following purposes:
To process it. We provide some information to trusted partners to process it for us. For example, we provide your payment information to our payment processing provider and your bank.
These providers are contractually required to keep your data safe by taking reasonable security measures, not disclosing it, and not using it for other than the contracted purpose. When possible we keep this data encrypted so that only we can read it.
To measure and demonstrate results. We share aggregated and anonymized, non-personally-identifying information with our partners or publicly to show the effects of our programs.
When you choose to share it. When using our services, you have the option of sharing some information publicly, such as sharing a project you create at CodeDay.
With your school. If you're a student, we sometimes share information with your school to enable operability and functionality within your school.
In very limited circumstances, for marketing. If you use services which are intended primarially for schools, parents, sponsors, or partners, we may share anonymized information about your use of the service with third-parties to help them remarket our ads. This does not apply to the use of our services intended for students.
- For safety and security. We provide information to third-parties if we have a good-faith belief that doing so is necessary to:
- Meet an applicable law, regulation, legal process or enforceable governmental request.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to property or safety.
Where possible we ensure shared information which is personally-identifying is encrypted both in transit and at rest.
We use industry-standard measures to protect our data from unauthorized alteration or disclosure. In particular:
- We encrypt many of our services using HTTPS/TLS.
- We store passwords and other sensitive data using industry-standard cryptography.
- We restrict access to personal information to employees, contractors, and volunteers who have a need to know it.
- We review security and processing practices of third-parties with whom we share information.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- Our production infrastructure complies with FIPS 140-2, ISO 27001, PCI-DSS level 1, and other industry standards.
Controlling Your Information
Request a Copy of Your Data
At any time you may request a copy of the information we collect about you, and may request that we make corrections or delete it. Requests should be emailed to email@example.com.
Web Behavior Tracking Opt-Out
You may choose not to have a unique cookie assigned to your computer to avoid the aggregation and analysis of data collected when you use our websites. (This choice must be made individually on each device you use.)