CM@GVSU Privacy Policy

December 31, 2018

Your privacy is critically important to us. At Campus Ministry @ GVSU (“CM@GVSU” “we”, “us”, “our”), we have a few fundamental principles:

We don’t ask you for personal information unless we truly need it. (We can’t stand services that ask you for things like your gender or income level for no apparent reason.)

We don’t share your personal information with anyone except to comply with the law, develop or operate our products or services, or protect our rights.

We don’t store personal information on our servers or the offsite servers of the third-party service providers we use to provide our core services unless required for the on-going operation of one of our services.

In our social networking and mobile application products, we aim to make it as simple as possible for you to control what is visible to the public, seen by search engines, kept private, and permanently deleted.

Below is our privacy policy (“Privacy Policy”) which incorporates these goals:

CM@GVSU operates a mobile application (the “Application”). It is CM@GVSU’s policy to respect the privacy of the Application’s users (“you”, “your”) regarding any information collected through the Application.

Non-Personally-Identifying Information

CM@GVSU collects, or may have a third-party service providers collect, non-personally-identifying information of the sort that mobile applications typically make available, such as the type of device using the Application, the operating system, location information, and aggregated user statistics. For instance, CM@GVSU may monitor the most popular features of the Application. CM@GVSU’s purpose in collecting non-personally-identifying information is to better understand how users utilize the Application. From time to time, CM@GVSU may release non-personally-identifying information in the aggregate, e.g., by publishing or disclosing to third parties a report on trends in the usage of the Application or of mobile applications including the Application.

Personally-Identifying Information

Certain users of the Application choose to interact with CM@GVSU in ways that require CM@GVSU to gather personally-identifying information. The amount and type of information that CM@GVSU gathers depends on the nature of the interaction. For example, we ask users who log in to a social network through the Application to provide a username and an email address. Those who engage in transactions with CM@GVSU are asked to provide additional personally-identifying information, including, as necessary, their first and last name, physical address, telephone number, and additional data such as financial information required to process those transactions. In each case, CM@GVSU collects such information only insofar as is necessary or appropriate to fulfill the purpose of the user interaction with CM@GVSU does not share personally-identifying information other than as described below. Users can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain Application-related activities.

Sharing of Personally-Identifying Information

CM@GVSU shares personally-identifying information only with those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on CM@GVSUs behalf or to provide services available through the Application, and (ii) that have agreed not to disclose it to others. For instance, CM@GVSU uses third-party vendors and hosting partners to provide the necessary hardware, software, networking, data storage, and related technology required to run the services available through the Application. Some of those employees, contractors and affiliated organizations may be located outside of your home country. CM@GVSU will not rent or sell personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, CM@GVSU discloses personally-identifying information only when required to do so by law, or when CM@GVSU believes in good faith that disclosure is reasonably necessary to protect the property or rights of CM@GVSU, third parties or the public at large.

Use of Email Addresses and Push Notifications

If you have supplied your email address as part of your use of the Application, CM@GVSU may, subject to the applicable law, occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what is going on with CM@GVSU and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum.

With your consent, CM@GVSU may also send push notifications or alerts to the device you use to access the Application. Such notifications can reach you even when you are not logged in to the Application or the Application is not running on your device. CM@GVSU uses push notifications to send you messages related to the services provided through the Application or to make available to you general information regarding CM@GVSU and its products. You can deactivate push notifications in the settings of the Application or of your device at any time.

Your email address is uploaded to a third party API to track user engagement: http://analytics.lb.mobileapphelper.com/api/record/record_action.php. This helps us improve application experience and keep you up to date with the features that you may enjoy.

Protection of Information

CM@GVSU takes all measures reasonably necessary to protect your personally identifiable information against unauthorized access, use, alteration, loss, or destruction.

Cookies

A cookie is a string of information that a web server stores on a user’s computer or other device, and that the user’s device provides back to the web server each time the user returns. CM@GVSU uses cookies as part of the Application to remember your user preferences and make available to you the services provided through the Application.

Do-Not-Track Disclosures

Neither CM@GVSU nor any third party engages in the collection of personally-identifiable information about your online activities over time and across third-party websites or online services when you are accessing or using the Application. For this reason, the Application does not respond to “Do Not Track” signals or other mechanisms providing you the ability to exercise choice regarding the collection of such information.

Age Limitation

The Application is not directed and should not be available to children under 13 years of age. We do not knowingly collect any kind of personal information from children under 13 years of age. If you are under the age of 13, do not use the Application or otherwise provide us with personal information. If we become aware that such information has been collected, we will immediately delete such information. If any parent or guardian learns or otherwise becomes aware of a child under 13 years of age using the Application or otherwise providing personal information to us, please contact us.

Review of and Changes to Personally-Identifying Information

Email us at campusministry@gvsu.edu to find out what personally-identifying information we have collected about you and request any necessary changes.

Privacy Policy Changes

Although most changes are likely to be minor, CM@GVSU may change this Privacy Policy from time to time, and in CM@GVSU’s sole discretion. Changes to the Privacy Policy will be effective as of the date we post the revised version on this page or make it otherwise accessible through the Application as a notification and will apply only to our collection, use and sharing of information after such date. CM@GVSU encourages users to frequently check this page for any changes to its Privacy Policy. If you have a CM@GVSU account, you should also check your social network dashboard for alerts to these changes.

Your Acknowledgement

By using the Application, you acknowledge the information provided to you about our collection, use, and sharing of any information pertaining to you as described in this Privacy Policy.

Effective Date

The effective date of this Privacy Policy is displayed at the top of its first page.

Back to top

EEA Supplemental Privacy Statement

Scope of This Supplemental Statement

CM@GVSU provides to users located in the European Economic Area this Supplemental Privacy Statement (“Supplemental Statement”), which contains additional information for such users to supplement the above Privacy Policy. If you are not located in the European Economic Area, this Supplemental Statement does not apply to you.

Unless defined specifically in this Supplemental Statement, capitalized terms shall have the meaning set forth in the Privacy Policy.

Controller and EU Representative

Campus Ministry @ GVSU, [complete address], operates the Application and is the controller of any personal data collected or otherwise processed on or through the Application.

Purposes and Legal bases for processing

We process your personal data on several different legal bases, as follows:

1. Based on necessity to enter into or perform a contract with you – we need to process your personal data to enter into an agreement with you to perform contractual obligations, to respond to related questions and requests from you, or provide customer support.

2. Based on legitimate interests – we process personal data from you

to let you post contributions to blogs or forums accessible through the Application;

for the security and safety of the Application, our IT connected to the Application and the users of the Application;

to detect and prevent fraud; or

to protect and defend the rights or property of others, or our own rights and interests.

3. Based on compliance with legal obligations – we may need to process your personal data to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process;

4. Based on your prior consent – we process personal data from you

to track and analyze your activities in the Application. Detailed information about the analytics solutions used in the Application can be found immediately below:

Name and Provider of Solution Personal Data Processed by Solution Purpose of Solution Retention Period Applicable to Personal Data  Your Choice Regarding the Solution

BiznessApps.com Information on your use of the Application, including, without limitation, your IP address, when you started and stopped using it, your location, the app used, your device information, and which app “tabs” you used. Evaluating your use of the Application, compiling reports on user activity for us and providing other services relating to user activity and Application usage to us Until your consent is withdrawn. You are free to withdraw your consent at any time with future effect. You can prevent future analysis of your use of the Application by deactivating the solution in the Application’s settings page.

for placing cookies on your device (subject to certain exceptions) or sending marketing communications to you. Detailed information on our use of cookies and our marketing communications to you are set forth immediately below.

Cookies Used in the Application 

The Application makes use of cookies. Cookies are small text files downloaded by the Application and stored on the device the Application is installed on (e.g., your tablet or smartphone). Depending on their purpose, cookies log specific user-related information such as your user preferences, authentication information, security parameters, data concerning the device the Application is installed on and statistical information regarding your use of the Application. Where necessary during your use of the Application or when using the Application again after initially closing it, the Application transmits the cookies including the contained information back to the servers they were initially downloaded from. The analysis and processing of such information allows us to ensure the functionality of the Application, improve your online experience and optimize the structure and content of the Application.

The cookies we use can be categorized as follows:

Strictly Necessary Cookies These are cookies that are required for the operation of the Application or of certain parts thereof. They either serve the sole purpose of carrying out network transmissions or are strictly necessary in order for us to provide an online service explicitly requested by you.

Analytics/Performance Cookies These cookies allow us to carry out analytics or other forms of audience measuring such as seeing how users move around the Application. This helps us to improve the way the Application works, for example, by ensuring that users are easily finding what they are looking for.

The following cookies are used in the Application:

Cookie Name

Who Places the Cookie?

Cookie Category

When Is Cookie Enabled/Does It Expire?

Purpose

PHPSESSID

Bizness Apps

Strictly Necessary

When session begins; 24 hours later

Linking PWA user to his/her app and data.

[app_code]_m

Bizness Apps

Strictly Necessary

When session begins; 24 hours later

Stores data in-between pages, e.g. partial food ordering

[app_code]_m_history

Bizness Apps

Strictly Necessary

When session begins; 24 hours later

Enable “back” button functionality

device_user_id  duih

Bizness Apps

Strictly Necessary, and Analytics

When session begins; 48 hours later

Identify user anonymously/uniquely, for e.g. keeping track of a food order on the server side. (duih is a hash of device_user_id). Also used to track usage for custom analytics.

local_timezone

Bizness Apps

Strictly Necessary

When session begins ; never

Show the correct device-local time of events, food ordering times, etc

syncUserIds

Bizness Apps

Analytics

When session begins; never

(PWA) Used to store the device_user_id/duih on the device’s local storage, so that the device can continue to be identified as the same each time the app opens.

Marketing Communications to You 

When creating a user account or when using the notification functionality of the Application, you can register to receive newsletters or similar information on our products or services or the products or services of our affiliated companies. As part of the registration process, we ask you to provide us with certain information. Such information may include your first and last name, your email address, your birthday, your zip/postal code and/or your phone number. Providing any information other than your email address is optional to you when registering to receive newsletters.

When receiving a registration, we log and store the date/time of registration and a unique identifier such as the IP address the registration was received from. This solely serves evidentiary purposes in case your contact detailed are used by an unauthorized party.

When registering to receive newsletters or similar information in the Application, you need to explicitly declare your consent in our processing of your personal data for this purpose. You are under no obligation to provide such consent and, if you choose to do so nonetheless, you may withdraw your consent at any time with future effect for any or no reason by following the unsubscribe link contained in any email communication to you or by sending us an email at campusministry@gvsu.edu.

Recipients of Your Personal Data

In the following circumstances, we disclose your personal data to the following third parties, as required or permitted by applicable law:

Who Is your Personal Data Disclosed To? What Is the Purpose Underlying the Disclosure?

http://analytics.lb.mobileapphelper.com/api/record/record_action.php

To track member engagement and improve experience of the application.

Third-party suppliers and service providers including:

Bizness Apps, Inc., 7590 Fay Avenue, La Jolla, CA 92037, USA;

Amazon Web Services

Go Church Brands LLC

To assist us in the operation or improvement of the Application and to enhance our products and services.

To other third parties in line with applicable legal requirements (where applicable) To comply with legal obligations that we are subject to.

Data Transfers to Recipients Outside of the EU/EEA

[Note: Statements to be adjusted as necessary in light of where the controller and its affiliates and third-party service providers with access to Application data are located.]

Certain of our affiliated companies and third-party service providers are located outside the EU/EEA in jurisdictions that are not subject to an unqualified adequacy decision by the EU Commission finding them to provide an adequate level of protection of personal data, i.e. a level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the EU.

However, to ensure an adequate level of protection of your personal data, we enter into data processing and data transfer agreements with our affiliated companies and third-party service providers outside of the EU/EEA that incorporate the provisions of the Standard Contractual Clauses approved by the EU Commission or implement other appropriate safeguards with them. You can ask for a copy of such appropriate safeguards by contacting Ben at campusministry@gvsu.edu.

How Long We Keep Your Personal Data

[Note: To be confirmed by the controller whether the statements contained in this paragraph are correct and complete.]

We have implemented appropriate retention periods for your personal data collected or otherwise processed on or through the Application as set forth in our records management policy. Personal data processed in the context of a contract with you will be retained by us for the term of the contract and for a reasonable time afterwards as might be required to determine and settle any related claims. Where our processing of your personal data is based on legitimate interests or the compliance with legal obligations, it will be deleted as soon as the underlying purpose has expired. Personal data processed based on your consent will be deleted if and when you withdraw such consent.

Your Rights Regarding the Processing of Your Personal Data

Subject to the conditions set out in the applicable law, you have, without limitation, the rights to (i) inquire whether and what kind of personal data we hold about you and how it is processed, and to access or request copies of such personal data, (ii) request the correction or supplementation of personal data about you that is inaccurate, incomplete or out-of-date in light of the purposes underlying the processing, or to (iii) obtain the erasure of personal data no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, processed for legitimate interests that, in the context of your objection, do not prove to be compelling, or processed in non-compliance with applicable legal requirements. In addition, you have, subject to the conditions set out in the applicable law and without limitation, the rights to (iv) request us to restrict the processing of personal data in certain situations where you feel its processing is inappropriate, (v) object, in certain circumstances, to the processing of personal data for legitimate interests, and to (vi) request portability of personal data that you have actively or passively provided to us (which does not include data derived or inferred from the collected data), where the processing of such personal Data is based on consent or a contract with you and is carried out by automated means. In case of concerns, you also have the right to lodge a complaint with the competent local data protection authority.

You may exercise the above mentioned rights of access, rectification, erasure, restriction, objection and data portability by contacting us under campusministry@gvsu.edu, even to the extent that such claims relate to the processing of personal data by one or more of the data recipients identified in this privacy statement.

Your Provision of Personal Data to Us

Your use of the Application and your provision of personal data to us in the process is purely voluntary on your part. Subject to your sole discretion, you can, at any point, stop to use the Application or, where applicable, opt out of certain data processing operations while using the Application as described in this Supplemental Statement. An exception applies if an to the extent that you want to enter into or perform a contract with us on or through the Application. In this event, providing us with your related personal information is necessary for us to be able to enter into the contract with or provide any contractual services to you.

Effective Date and Changes

This Supplemental Statement is effective 9/26/18. We may make changes, including material changes, to this Supplemental Statement from time to time and subject to our sole discretion. You should review the Supplemental Statement each time you use the Application to learn of any changes.

If you have questions about this Supplemental Statement, please contact us at campusministry@gvsu.edu.