NOTICE TO GEORGIA RESIDENTS – Data Breach Requirements in Georgia
In the state of Georgia, any business that suffers a data breach involving personally identifiable information must notify affected Georgia residents as soon as possible through mail, telephone, or electronic means. If the security breach affects more than 100,000 people, or the cost of notification exceeds $50,000, other means of notification can be used (e.g., public service announcements). Additionally, a breach affecting more than 10,000 people needs to be reported to all credit reporting agencies.
Name of Law / Statute
Georgia Personal Identity Protection Act
Definition of Protected Information
Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes.
The Site is not designed or intended for children under the age of 13, and OT does not knowingly collect personal information from children under the age of 13. We urge parents and guardians to spend time online with their children and to participate in and monitor the online activities of their children.
CHANGES AND UPDATES
COLLECTION AND USE OF INFORMATION ABOUT YOU
1. Personal Information. This refers to a user’s personally identifiable information, such as first and last name, telephone number, email address, mailing address, birth date, and credit card information. Although you may use and access most areas on the Site without having to disclose any personal information, in limited circumstances (described below) we do ask you to provide your personal information. To the extent you disclose your personal information to us, we will only use such information for the purposes for which it was disclosed by you.
(1) Online Donation: If you wish to make a donation to OT on the Site, you will be asked to disclose your full name, mailing address, email address, and credit card information, and we will use such information to process your donation and communicate with you regarding your donation (e.g., sending you confirmation and receipt via mail or email, informing you via mail or email about projects and programs funded with your donation, etc.). By making a donation on the Site, you authorize us to store and maintain your personal information as disclosed by you (except for your credit card information, which will be retained for 30 days after the processing of the transaction is complete, at which point all credit card information is purged permanently) as part of our donor records. By making a donation you will not be automatically added to our electronic mailing list, you will need to separately opt-in to be added to that list.
(2) Electronic Mailing Lists: If you wish to join our electronic mailing lists, you will be asked to provide your email address, and we will use such email to send you electronic newsletters, publications, announcements, notices, and other communications from OT (subject to your right to opt out as described below).
(3) Email Contacts: If you make an inquiry or request to us via email, we will collect and use your email address to communicate with you regarding your inquiry or request. Also, by contacting us via email, you will automatically be entered onto our electronic mailing lists (subject to your right to opt out as described below).
2. Log File Data and Cookie Session Information. Our web server automatically generates log files that may contain data linked to individual users, such as IP addresses, ISP domain names, browser types, operating systems, referring/exit pages, date/time stamps, clickstream data, etc. Also, to the extent a visitor has enabled “cookies” in his/her browser, we may use “cookies” to collect session information about users’ visits to the Site, including tracking their path through the Site and where they came from (for example, if they arrive via a search engine). We use log file data and cookie session information internally for the operation of the Site as well as to generate and analyze aggregate data about our users as a group. If we report information about the Site to third parties, we only report aggregate data (see the next paragraph) and do not knowingly report log file data or cookie session information that is linked to individual users.
3. Aggregate Data. This is any information collected or compiled in aggregate form, without identifying any user individually. For example, we may collect aggregate tracking information derived mainly from tallying page views throughout the Site. Also, we may gather or compile demographic and/or other aggregate data about our users as a group. We use aggregate data to administer and monitor the Site, to analyze Site traffic and usage patterns and trends, to improve the functionality of the Site, and to enable us to personalize and better user experiences on the Site. We may report aggregate data about the Site to our partners, sponsors and service vendors.
SHARING OF INFORMATION ABOUT YOU WITH THIRD PARTIES
As a general matter, we do not share your personal information with others, except in the following limited circumstances.
(1) We may employ outside contractors, vendors and service providers to perform services for us or for the Site, and may share your personal information with such contractors, vendors and service providers to the extent necessary for them to perform such services. For example, if you make a donation to us using your credit card, our credit card processing vendors will be given access to your credit card and other personal information for purposes of processing your donation. As another example, our IT service providers may be given access to your personal information as necessary to perform support or maintenance for the operation of the Site, such as data backup and storage. We require that our contractors, vendors and service providers limit their use of our users’ personal information solely to the purposes for which it was disclosed by us, and that they maintain the confidentiality, security and integrity of such information and not make any further disclosure to others.
USER CHOICES AND OPT-OUT
2. Electronic Mailings. If you are on our electronic mailing lists, you may opt out of such lists at any time by emailing us at email@example.com, or by using the “opt out” or “unsubscribe” means provided in the electronic mailings you receive from us. We will endeavor to process your request as soon as practicable after our receipt thereof. Once you opt out, we will not reuse your email address unless you rejoin our mailing lists or otherwise opt in to receive electronic communications from us.
INFORMATION COLLECTED OFF LINE
LINKS TO THIRD PARTY WEBSITES
The Site may contain links to third-party websites. OT does not own, control, operate or maintain such linked sites, and is not responsible for the privacy policies or practices of such linked sites. Privacy policies and practices of such linked sites may differ from our policies and practices. You access and use such linked sites entirely and solely at your own risk. We urge you to read the privacy policies of such linked sites before disclosing your personal information on such sites.
Everyone within OT understands the importance of protecting the security and integrity of personal information that our users have shared with us. Unfortunately, no data transmission over the Internet and no data storage can be 100% secure. Consequently, while we will endeavor to reasonably safeguard your personal information against unauthorized access and disclosure, we do not warrant or guarantee the security of any information you transmit to, from or on the Site. All credit card information provided by you in connection with a donation or purchase made on the Site will be protected by encryption using the industry-standard Secure Sockets Layer (SSL) protocol, and we retain your credit card information for 30 days after the processing of your donation/purchase is complete, at which point all credit card information is purged permanently.
Information received by us through the Site is stored and processed on secured servers and computers our IT and web services teams control in the U.S. We use (and our service providers use) reasonable technical and administrative security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls, data encryption, physical access controls to data centers, and information access authorization controls.
While we have implemented reasonable security measures please keep in mind that "perfect security" does not exist, and no transmission of information is guaranteed to be completely secure. Unauthorized entry or use, hardware or software failure, and other factors may compromise data security. You acknowledge and agree to assume this risk when communicating with us and utilizing the Site.
804 Ocean Forest Lane, Ste 321 Augusta, GA 30907 United States of America