Effective Date June 10, 2013
Gathering of Information
On various pages, WSHU.ORG collects personally-identifying information (such as your name, e-mail address, address, telephone number and/or credit card information) only if you choose to provide that information to us.
We ask visitors only for the information to conduct contests, verify compliance with contests rules and to maintain accurate donor, subscriber and listener comment databases.
Like all other Web servers, WSHU.ORG’s Web server automatically creates log files for each visitor who accesses our site. These "access logs" allow us to make our site more useful to our visitors. The access logs do NOT record a visitor's name, address, phone number, credit card numbers, or any other personally-identifying information. Rather, they contain some or all of the following information:
- The Internet Protocol Address (IP Address) of the machine which accessed our Web site.
- The date of the visit.
- The time of the visit.
- The path taken through our Web site.
- The browser being used.
If listening to streamed programming, WSHU.ORG captures:
- The Internet Protocol Address (IP Address) of the machine which accessed our Web site.
- The date of the visit.
- The time of the visit.
- The path taken to our Streaming site.
- What streams were listened to.
- Length of time spent listening to our streams.
- What pieces of Music were listened to (by comparing stream, time, and length of time).
This information is provided to Sound Exchange and other Royalty Rights groups to order to satisfy requirements on internet streaming and determine royalties due to Performers and Copyright Holders.
WSHU.ORG also uses 'cookies' to collect information. A cookie is a string of characters that can be written to a file on the user's hard drive when the user visits a Web site. Only the Web site that set the cookie can read it, and it can only be used as a record keeping device to store information that the site already has. It cannot, for example, be used to read other information from the user's hard drive.
WSHU does not share donor information you provide to any third parties other than for reporting royalities and providing analytical data about the use of our Website and Streaming. Other personally-identifying information collected by WSHU is not provided to outside parties, except when required as part of a transaction (Examples: Contest winner information is provided to the organization providing the tickets or CDs; Ticket purchase information is provided to the performance venue; complaints about NPR programming may be forwarded to NPR.) We do not share or sell mailing list, e-mail lists, or any donor information, other than provide statistical data to NPR, CPB and foundations in grant applications or reports.
WSHU does use email to respond to your e-mailed comments, to notify you of events to which WSHU is a party and in which we believe you might be interested, and for other fundraising purposes. WSHU maintains a data base of user preferences. At your request will suspend any and all e-mails or USPS mail to you.
WSHU.ORG has in place what we believe to be appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. Credit card information provided to WSHU.ORG is protected against unauthorized use by 128-bit encryption and Secure Sockets Layer (SSL) security features, which scramble your personal information so that only your web browser and our Web site's server can decipher it. As part of on-line transactions information you provide (name, address, credit card number, expire date, and email) is simultaneously transmitted to our Merchant Account Processor (Authorize.Net) via a 128-bit encryption and Secure Sockets Layer (SSL) connection. Once the transaction is confirmed WSHU.ORG deletes the Credit Card Number, retaining only the last 4 digits.
WSHU.ORG reserves the right to change this policy. Any changes to this policy will be posted to this page before they become effective. Use of the WSHU.ORG Web site constitutes consent to any policy then in effect.
WSHU Public Radio, Sacred Heart University, 5151 Park Avenue Fairfield, CT 06825
Some of the links on the WSHU.ORG site are pointed to servers outside of WSHU’s control. WSHU.ORG is not responsible for the privacy practices or any information or materials on these other sites. Please review the privacy policies of these sites.
1. General Information on Data Processing
We only process the users’ personal data in accordance with the relevant data protection provisions. That means that the users’ data will only be processed in the case of a statutory permission.
2. Purposes of Use of Processing
We retain, process and use collected personal data, registration data, as well as the posted contributions and contents for the operation of our community to be as comprehensive and smooth as possible, including the maintenance of your membership.
3. Security Measures
We undertake organizational, contractual and technical security measures in accordance with the state of technology in order to ensure that the provisions of the data protection laws are complied with and in order to protect the data processed by us from accidental or willful manipulations, loss, and destruction or from access by unauthorized persons. In particular, the security measures include the encrypted transfer of data between your browser and our server.
4. Deletion, or, as the case may be, Blocking of Data
We follow the principles of data avoidance and data economy. Thus, we only retain your personal data as long it is necessary to reach the purposes stated herein or as specified by the legislator in the numerous retention terms. Upon cessation of the respective purpose, or, as the case may be, expiration of these terms, the respective data is routinely blocked or deleted according to the statutory provisions.
5. Passing on Data to Third Parties or Third Party Providers
Passing on data to third parties only occurs in the scope of the statutory requirements. We only pass on the users’ data to third parties if this is necessary in order to fulfill the purposes of the agreement or on the basis of justified interests. We utilize service providers to provide our services. In regards to this we employ the appropriate legal precautions, as well as the respective technical and organizational measures in order to ensure the protection of your data pursuant to the relevant statutory provisions. In order to ensure the usage of our community, we may transfer your data to the following partners:
- Software hosting provider: IONOS GmbH, Greifswalder Strasse 207,10450 Berlin, Germany
- Software development service provider: NFQ ASIA PTE. LTD., 167 Jalan Bukit Merah #05-012, Connection One, Tower 4, Singapore 150167
- Software development server provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
6. Collection of Access Data and Log Files
We collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of the access, transferred data amount, report on successful access, browser type plus version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is retained for security reasons (e.g. to clarify abusive or fraudulent actions) for the duration of no more than 30 days, and then deleted. Data, the further retention of which is necessary for evidentiary purposes, is exempt from the deletion until the final clarification of the respective incident. Processing will occur pursuant to Art. 6 Subsec. 1 lit. f General Data Protection Regulation (“GDPR”) on the basis of our justified interests to improve the stability and functionality of our website. Passing on or a different use of the data will not occur. However, we retain the right to review the server log file subsequently if there are specific clues in regards to unlawful usage.
7. User Account
We process the username and email address, which are necessary to create an account. Furthermore, data which is entered independently by the user, but merely retained by us in order to be able to present the offers of the website, this includes all posts by the users, an avatar and header pictures, as well as address information or other information which the user provides voluntarily for the purpose of the fulfillment of our contractual obligations and services. We retain the IP address and the time of the respective user’s actions in the course of the registration, new logins, as well as the usage of our online services. The retention occurs on the basis of our justified interests, as well as of the users due to protection from abuse and other unauthorized usage. Passing on this data to third parties will generally not occur, unless it is necessary to pursue our claims or there is a statutory obligation in this regard pursuant to Art. 6 Abs. 1 lit. c GDPR. The following data may be processed by us under certain circumstances if you register as a user in our community:
The following data is processed:
- user name
- email address
- address data:
- building number
- postal code
- photo, avatar, profile header picture
- first name
- last name
- interests (user profile)
- third party service providers information
- provider name (e.g. social login, SSO)
- provider-specific identifier
- account URL
- provider-specific information
- member number / customer number
- password (Hash)
- company information (if applicable)
- company name
- contact address (street, postal code, city, country)
- language / language setting
8. Comments and Posts
If users leave comments or other posts then this is only possible with an account, the data is all linked to the user profile and is presented publicly viewable for all on the website. If a post shall be deleted then the user may contact us at any time at: email@example.com, the post will then be deleted as quickly as possible if no legal reasons preclude this. After termination of the membership, your user name and, so long as this is technically possible, all data which could lead to an inference to your person will be deleted from the entry, unless the further processing is necessary for the fulfillment of a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. In order to delete his/her account, the user clicks on the Delete the Account-button in the profile. Subsequently, the user will receive an email with a confirmation link (or code). After confirmation by clicking on the link (entry of the code), the account will be marked as deleted, the avatar and the header picture will be removed and all personal data will be pseudonymized, or as far as technically possible, deleted. The user name and the email address will be pseudonymized. A hash procedure will be employed in order to pseudonymize the username and the email. Furthermore, all contents saved as drafts will be deleted. The deletion of the account, or, as the case may be, the pseudonymization is in regards to all services provided by us in connection with the platform operation.
We use so-called cookies on various pages in order to make the visit of our website attractive and to enable the usage of certain functions. These are small text files which are archived on your device. Some of the cookies we use are deleted again at the end of a browsing session, thus, upon closing your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (cookies from third party service providers) to recognize your browser at your next visit (persistent cookies). If cookies are placed, then in an individual scope they collect and process certain user information, such as browser and location data, as well as IP address values. Persistent cookies are deleted in an automated manner after a set time, which can vary from cookie to cookie. In part, cookies serve the purpose of simplifying the order process by way of retaining settings (e.g. remembering contents of a virtual shopping basket for a later visit on the web page). If personal data is also processed by individual cookies implemented by us, then the processing will occur pursuant to Art. 6 Subsec. 1 lit. b GDPR either for the execution of the agreement or pursuant to Art. 6 Subsec. 1 lit. f GDPR to preserve our justified interests in the best possible functionality of the website, as well as a customer-friendly and effective set-up of the visit to the site.
9.1. Session Cookies
We use “session cookies” which are only stored for the term of the current visit of our online presence (e.g. for the retention of your login status and, thus, to even make the use of our online offer possible). In a session cookie, a randomly generated distinct identification number is stored, a so-called Session-ID. Furthermore, a cookie contains the information on its origin and the term of retention. These cookies cannot retain other data. Session cookies are deleted if you have terminated the usage of our online offer and, for example, have logged out or in accordance with the browser settings.
9.2. Cookies to Measure Reach and Website Improvement
Data is collected and retained on this website by New Relic, a web analysis service of the provider New Relic Inc., from which user profiles are created while using pseudonyms. These profiles serve the purpose of the adherence to the technical service level agreement between the provider of the platform and the technical service provider, in particular, the applications monitoring and alerting necessary for it. Additionally, these also aid in the analysis of visitor behavior and are assessed for the improvement and adequate design of our offer. Cookies can be used for this. The pseudonymized usage profiles are not merged with personal data of the bearer of the pseudonym without the affected person granting a separate explicit consent. You can object to the collection and retention of data for the purpose of web analysis at any time with effect for the future by deactivating the cookies in your browser settings. You can get additional information on the possibility of an opt-out here: https://newrelic.com/privacy You do not want to participate in measuring reach and analyses? You can object to the usage of cookies which serve the purpose of measuring reach and for advertisement purposes, furthermore, via the deactivation site of the network advertisement initiative (http://optout.networkadvertising.org/), and, additionally, the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).> Here: https://metric.der.com/optout.html?locale=en_US&popup=true https://metrics.der.com/optout.html?locale=en_US&popup=true You can also prevent the retention of the cookies used for the establishment of the profiles by way of a respective setting in your browser software. You can find information on this in the help function of your browser.
9.3. Advertisement Cookies
10. Protection from Abuse
Google reCAPTCHA We also use the reCAPTCHA function from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function primarily serves the purpose of differentiating whether an entry is under-taken by a natural person or improperly by machines and automated processing. We employ the service based on our justified interests pursuant to Art. 6 Abs. 1 lit. f. GDPR in security and preventing abuse of our offers. The service includes the sending of the IP address and, possibly, further data necessary for the reCAPTCHA service to Google and occurs pursuant to Art. 6 Abs. 1 lit. f GDPR on the basis of our justified interests in determining the individual intention of actions on the Internet and the avoidance of abuse and spam. Google LLC with seat in USA is certified for the US-European data protection agreement “Privacy Shield”, which ensures the adherence to the data protection level applicable in the EU. Further information on Google reCAPTCHA, as well as Google’s data protection declaration can be viewed at: https://www.google.com/intl/de/policies/privacy/
On our website we offer you the possibility of using so-called “social-media-buttons”. We employ the “Shariff” solution in order to protect your data. In so doing, the buttons on the website are merely included as graphics, which is linked to the corresponding website of the button provider. By clicking on the graphic, you are thus re-routed to the services of the respective provider. Only then will your data be sent to the respective provider. If you do not click on the graphic, there is no exchange between yourself and the providers of the social media buttons. Information on the gathering and usage of your data in the social networks can be found in the respective terms of service of the respective providers. Additional information on the Shariff solution can be found here: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html We have included social media buttons from the following companies on our website:
Facebook Inc. (1601 S. California Ave - Palo Alto - CA 94304 - USA)
Twitter Inc. (795 Folsom St. - Suite 600 - San Francisco - CA 94107 - USA)
Google Plus/Google Inc. (1600 Amphitheatre Parkway - Mountain View - CA 94043 - USA)
WhatsApp Ireland Limited (4 Grand Canal Square- Grand Canal Harbour - Dublin 2 – Ireland)
Pinterest Europe Ltd. (Palmerston House - 2nd Floor - Fenian Street - Dublin 2 – Ireland)
LinkedIn Corporation (2029 Stierlin Court - Mountain View - CA 94043 - USA)
Tumblr Inc. (770 Broadway - New York - NY 10003 – USA)
Reddit (520 - 3rd Street - San Francisco - CA 94107- USA)
StumbleUpon, Inc. (660 4th Street - #558 - San Francisco - CA 94107 – USA)
12. Social Login
The community uses a tool from Janrain Inc. (hereinafter referred to as “Janrain”), so you can log into the community with your Facebook login and Google+ login, as well as with other possible other social logins. If you have a Janrain account, then you can register in the community with it. In so doing you permit us to access your Janrain data in order to register you in the community. A use of Janrain is voluntary and not compulsory for the registration in the community. The purpose and scope of the data collection, and the further processing and usage of the data by Janrain, as well as your rights in this regard and possible settings for the protection of your privacy can be found in Jan-rain’s data protection notes: http://trust.janrain.com/
12.2. Facebook Account
With the following notes we will inform you of the contents of our newsletter, as well as the sign-in, sending and statistical assessment procedure, as well as your rights to object. Content of the newsletter: We only send newsletters, emails and further electronic notifications with advertisement information (hereinafter “newsletter”) with the recipients’ consent. Double-Opt-In and Logging: The registration for our newsletter occurs via a so-called double-opt-in procedure. I.e. you will receive an email after registration in which you are asked to confirm your registration. This confirmation is necessary so no one can register with others’ email addresses. The registrations for the newsletter are logged in order to prove the registration procedure according to the legal requirements. This includes the retention of the time of registration and confirmation, as well as the IP address.
Sending the Email Newsletter to Existing Customers. If you have provided us with your email address at the time of purchase of goods, or, as the case may be, services, then we receive the right to regularly provide you with offers via email from our stock for similar goods, or, as the case may be, services, as those already purchased. Pursuant to Sec. 7 Subsec. 3 Act against Unfair Competition), we do not need to obtain a separate consent for this. The processing of data will thus solely occur on the basis of our justified interests in personalized direct advertisement pursuant to Art. 6 Abs. 1 lit. f DGDPR. If you have objected to the use of your email address for this purpose at the beginning, we will not send out emails. You are authorized to object to the use of your email address for the aforementioned advertisement purposes with effect for the future by way of notification to the person responsible mentioned at the beginning. For this you will only bear transmitting costs pursuant to the base rate. The use of your email address for advertisement purposes will be discontinued immediately upon receipt of the objection.
Shipping Service Provider
Objection / Termination of the Newsletter. You can terminate the receipt of our newsletter at any time, i.e. revoke your consent. By so doing your consent for the sending-out by the shipping service provider, and the statistical analyses also expires. Unfortunately, a separate revocation of the shipping by the shipping service provider or the statistical analysis is not possible. You will find a link for the termination of the newsletter at the end of every newsletter. Furthermore, you can view the notifications in your profile settings and accordingly also de-register from the newsletter here.
14. Inclusion of Services and Contents of Third Parties
When using Google Maps, data on the use of the map functions by the visitor are collected, processed and used by Google. Further information on the processing of data by Google can be found in Google’s data protection notices (https://policies.google.com/privacy?hl=de). You can also change your personal data protection settings in the data protection center there.
Our websites have imbedded plugins from the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Upon every viewing of a page which offers one or more Vimeo video clips, a direct connection between your browser and a server of Vimeo in the USA is established. Here, information regarding your visit and your IP address are saved. This information is also transferred to and retained by Vimeo when interacting with the Vimeo plugins (e.g. clicking on the start button). If you have a Vimeo user account and do not want Vimeo to collect information on you via this website and links it to your retained Vimeo membership data, then you have to log out of Vimeo prior to visiting this website. Vimeo’s data protection declaration with further information on the collection and usage of your data by Vimeo can be found at https://vimeo.com/privacy. Furthermore, Vimeo starts up the tracker Google Analytics via an iFrame, in which the video is viewed. This is a proprietary tracking by Vimeo, which we cannot access. You can prohibit the tracking by Google Analytics by utilizing the deactivation tools which Google offers for several Internet browsers. Furthermore, the users can prevent the collection of the data created by Google Analytics in regards to your usage of the website (incl. your IP address) by Google, as well as the processing of such data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout
15. Your Rights to Information, Correction, Blocking, Deletion and Objection
You have the right to receive information on your personal data retained by us at any time. Additionally, you have the right to correction, blocking, or, except for the prescribed data retention for the conducting of business, the deletion of your personal data. Please refer to our data protection officer or firstname.lastname@example.org for this. You can find the contact details at the very bottom. In order for a blocking of data to be considered at any time, this data must be retained for control purposes in a lock file. You can also demand the deletion of the data if no statutory archiving obligation exists. If such an obligation exists, we will block your data upon request. You can undertake changes or a revocation of the consent by way of a corresponding note to us with effect for the future.
16. Changes to our Data Protection Provisions
We reserve the right to adjust this data protection declaration from time to time so that it may correspond with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. upon the introduction of new services. At the time of a new visit, the new data protection declaration will be applicable. Questions about Data Protection. If you have questions regarding data protection, please write us an email or contact us at:
WSHU Public Radio, Sacred Heart University, 5151 Park Avenue Fairfield, CT 06825
Telephone (Weekdays 9 am - 5 pm) 203-365-6604