Privacy Policy

EFFECTIVE DATE: 3/9/2022

BES is committed to respecting your privacy. The purpose of this Privacy Policy is to inform you on what information we collect from you, how we use your information and the choices that you have regarding our use of your information. By using our website or sharing your information with us, you are accepting and consenting to the practices described in this Privacy Policy.

 

COLLECTING INFORMATION ABOUT YOU

We collect the following categories and types of personal information:

  • Contact Information: we use contact forms to allow you to inquire about volunteering or to generally communicate with us. When you fill out that form, we collect your first and last name, email address, and phone number.
  • Other identifying information: when you visit our website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone. And some of the cookies that are installed on your device. Additionally, as you browse the website we may collect information the individual web pages you view and information about how you interact with the site. We collect this information using “Cookies”,

COOKIES

Cookies are data files placed on your device or computer and often include an anonymous unique identifier. A session cookie expires immediately when you end your session (i.e., close your browser). A persistent cookie stores information on the hard drive so when you end your session and return to the same web site at a later date the cookie information is still available.

We use cookies to improve the quality of our service when you visit our website and for your convenience if you visit the site multiple times. If you would like to opt out of accepting cooking altogether, you can generally set your browser to not accept cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it.

ANALYTICS

We use Google Analytics for tracking visitors and aggregating information about the traffic to our websites. The Google Analytics privacy policy can be found here: https://policies.google.com/privacy. You can learn more about how to opt-out of tracking in Google Analytics here.

WHO WE SHARE YOUR DATA WITH

Your data will not be shared outside of our organization without prior, written or electronic consent.

DATA RETENTION

If you fill in our contact form and/or leave a comment on our website, the comment and its metadata are retained indefinitely.

RIGHTS YOU HAVE ABOUT YOUR DATA 

You may request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

WHERE WE SEND YOUR DATA

Visitor comments may be checked through an automated spam detection service. We may also use some automation tools such as Zapier to move data from our website into other systems we use for marketing and customer satisfaction such as MailChimp or Hubspot CRM.

 

CONTACT US

If you have questions or comments about this policy, you may email us at info@boulderrescue.org

 

HOW WE PROTECT YOUR DATA

The security and reliability of our service is our number one priority. We invest heavily in the training of our staff and our infrastructure to ensure that best practices are followed in everything that we do.

See wordpress.org/about/security for details on the security of the WordPress core itself.

  • Prevention is best when it comes to security, and as a first step, we follow all WordPress Code Standards in the plugins that we build and use.
  • In addition, we have an extensive internal review and Quality Assurance process in place specifically to prevent potential security vulnerabilities in our plugins and services.
  • Every Boulder Emergency Squad employee and contractor goes through background checks and an onboarding process that includes a trial period where access to customer data is provided only when working directly under the supervision of another staff member.
  • All staff only have access to systems that are directly required to complete the functions of their job. We use two-factor authentication for all critical systems and communications services, and automatically log all staff activity using Asana and Google ‘G’ Suite services.
  • All staff (including any contractors) undergo initial training to ensure proper understanding of all security-related processes. Staff regularly attend industry conferences and otherwise stay informed of best practices and relevant trends. Staff review and agree, in writing, to all policies and procedures annually.
  • We only use third-party services that are fully vetted and adhere to the highest levels of privacy and security practices.

 

WHAT DATA BREACH PROCEDURES WE HAVE IN PLACE

Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report such incident to any required data protection authority. We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.