Skip to main content

Privacy Policy

Effective November 19, 2021

WELCOME!

Welcome to CampMinder. We take your privacy seriously and know you do too. This Privacy Policy (“Policy”) is here to help you understand how we collect, use, disclose, and process your personal data. We also describe Your Rights and Choices with respect to how we process your personal data. Please read this Policy carefully.

WHO WE ARE

This is the Policy of CampMinder LLC (“CampMinder,” “us,” “our,” or “we”), a Delaware limited liability company with offices at 5766 Central Avenue, Boulder, CO 80301. You can contact us here.

APPLICABILITY

This Privacy Policy applies to our “Services”, which include our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”) and mobile applications (the “Mobile App(s)”).

AGREEMENT

This Policy is incorporated into the Terms of Use governing your use of any of our Services. Any capitalized terms not defined in this Privacy Policy will have the definitions provided in our Terms of Use.

Following notice to you or your acknowledgment of this Privacy Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Policy.

 

THIRD PARTIES

CampMinder is a service provider for camps and other clients (“Clients”). Our Services enable our Clients to connect with, support, and provide services to parents, client customers, as well as the Client’s administrators and staff. In each case, we provide a platform for use by Clients, and this Policy reflects the data processed and activities undertaken through our Services. However, the Policy does not apply to the Client’s own uses of your data, including processing they may choose to undertake that is not described in, or different from, this Policy.

This Policy also does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them. See our list of third parties below for more information regarding our sources and recipients of personal data.

COLLECTION AND USE OF PERSONAL DATA

DATA WE COLLECT

We collect and process the following types of information, including data that relates to identified or identifiable individuals (“Personal Data”) (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data: Personal Data about you and your identity, such as your name, ID/driver’s license number, gender, marital status, date of birth, social security number, photo/avatar, username, and other Personal Data you may provide on applications, registration forms, or as part of an account profile (e.g. biographical information).

Transaction Data: Personal Data we collect in connection with a transaction or purchase, such as the item you purchased, the price, the delivery location, zip code, and other similar information.

Contact Data: Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.

Financial Data: Personal Data relating to financial accounts or services, e.g. a credit card, bank, or other financial account numbers, and other relevant information you provide in connection with a financial transaction.

Device/Network Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.

Location Data: Personal Data relating to your precise location, such as information collected from your device’s GPS or other precise localization service.

Special Category Data: Personal Data revealing racial, national, or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation.

Face Recognition Data: Personal Data that is generated in connection with an analysis of a photo or other image for purposes of using automated systems to identify an individual in another image, e.g. a facial map or similar analysis of facial geometry. Face Recognition Data may include Special Category data to the extent revealed in the creation or processing of the Face Recognition Data.

Custom Content: Custom Content: Information that a user provides in a free text or other unstructured format, or pursuant to custom fields created by a Client; this may include Personal Data or Special Category Data to the extent provided by the user.

HOW WE COLLECT PERSONAL DATA

We collect Personal Data from various sources based on the context in which the Personal Data will be processed:

You: We collect Personal Data from you directly, for example, when you input information into an online form, sign up for a waiting list, register, or contact us directly.

Your Device: We may collect certain Personal Data automatically from your devices. For example, we collect Device/Network Data automatically using cookies and similar technologies when you use our Services, access our Sites, or when you open our marketing communications.

Service Providers: We receive Personal Data from third parties with whom we have a relationship in connection with a relevant transaction, or who collect information on our behalf.

Data we create or Infer: We (or third parties operating on our behalf) create and infer Personal Data (such as Inference Data) based on our observations or analysis of other Personal Data we process, and we may correlate this data with other data we process about you.

PROCESSING OF PERSONAL DATA

USER ACCOUNT REGISTRATION

Users may register and create an account on our Services. When you register, we process certain Personal Data such as Identity Data and Contact Data. We may also process certain Financial Data if you choose, for example, to purchase products and services through our Service. We use Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Financial Data provided at registration will be used only as necessary to process transactions at your request or to store payment information for future purchases.

CLIENT AND FAMILY APPLICATION/REGISTRATION

Client’s users may submit inquiries, camper or event applications, medical and other forms, and register with Clients through our Services. When you submit an application or register with a Client, we process certain Personal Data on behalf of the Client, which typically includes Identity Data, Contact Data, and Financial Data, and if requested by the Client, Custom Content and Special Category Data.

We use all Application/Registration data as necessary to provide our Services to the Clients, including in connection with the assessment of applications and prospective applicants, and creation of the Client-camper or Client-applicant relationship. Financial Data provided in connection with any application/registration will be used only as necessary to process transactions you request. Subject to your rights and choices, we may also use Identity Data, Contact Data, and Custom Content on behalf of Clients: (i) in connection with the maintenance of camper or event attendee records, which may include family/guardian relationships, emergency contact information, mailing addresses, etc.; (ii) to provide marketing or other communications between Clients and parents or event organizers and attendees; and (iii) along with Special Category Data, in accordance with your consent provided to the Client (e.g. to provide health services, adjusting meal options, etc.), and where permitted by law, to maintain records relating to the health and treatment of campers or event attendees by the Client.

PURCHASES AND DONATIONS

On behalf of the Client, we process Transaction Data, Identity Data, Financial Data, and certain Contact Data when you complete a purchase from or donate to a Client through our Services. Note, all purchases and donations are processed by a third party on behalf of us or the Client, however, we and/or the Client may obtain any Personal Data processed by that third party.

On behalf of the Client, we use the Transaction Data, Identity Data and Contact Data as necessary to complete and provide you with important information regarding your transaction, or in connection with certain recordkeeping the Client may wish to undertake. Financial Data is used only as necessary to process your transaction, and if you request, we may store your Financial Data for future purchases.

CLIENT COMMENTS, MESSAGING AND CUSTOM CONTENT

On behalf of the Client, we process Identity Data, Contact Data, and if provided, Custom Content when you use our Services to fill out forms relating to Clients, message the Client, or send a message to a camper, or if you otherwise submit any Custom Content (e.g. on a comment board or other free form content submission form).

On behalf of the Client, we use Identity Data and Contact Data as necessary to carry out the processes and transactions you request. Subject to your rights and choices, we may also use Identity Data to improve our Services and, on behalf of the Client, we may make certain Custom Content and Identity Data, including information (such as name) derived from analysis of faces that appear in photos, contained in Client photos and videos available on our Site for viewing by parents, event organizers and Client Administrators.

We do not screen messages, comments or other postings for personal or inappropriate content.

EVENTS, PLANNING AND CLIENT ACTIVITIES

On behalf of the Client, we may process Identity Data and Contact Data, and if requested by the Client, Custom Content and Special Category Data in connection with the management of events, trips, and other activities at the Client, as well as Client administration.

On behalf of the Client, we use this personal data as necessary for the Clients to manage these activities. Subject to your rights and choices, we may also use Identity Data, Contact Data, and Custom Content on behalf of Clients: (i) in connection with the maintenance of event-related administrative camper or event attendee records, e.g. Client and event scheduling and attendance records, building/room/bus/seat assignments or other data relating to transportation use, counselor assignments, event description/destination, etc., and (ii) along with Special Categories Data, in accordance with your consent provided to the Client (e.g. to provide health services, adjusting meal options, etc.).

MOBILE APPS

If you use our Mobile Apps, we process certain Personal Data, which typically includes Identity Data, Contact Data, Device/Network Data, and, with your consent, Location Data. Note, you may also be able to complete purchases, register for an account, or enroll in marketing communications through our Mobile App. If you use our photo recognition feature, we’ll process information as set forth in the “Facial Recognition Services” section below, including Facial Recognition Data.

We process the Identity Data, Contact Data, and Device/Network Data as necessary to create your account and deliver the Service and fulfill your requests. Subject to your rights and choices, we may use the Identity Data, Contact Data, Device/Network Data, and Location Data to improve our services, and we may process this Device/Network Data and Location Data on behalf of the Client in connection with counsel location awareness features or other location services the Client may offer.

FACIAL RECOGNITION SERVICES

As part of our Service, we may allow parents, guardians, campers or event attendees to search for pictures of their camper or themselves in images uploaded by the Client. To do so, parents, guardians, campers or event attendees upload an image of their camper or themselves, which is then compared to the photos that have been uploaded by the Client, and matching images are then sent or shown to that user. As part of this process, we process Identity Data, Face Recognition Data, and Special Category Data (to the extent revealed in the photo).

If you consent to the use of this service, we will process the Identity Data, Face Recognition Data and Special Category Data only as necessary to identify the camper in the photos uploaded by the Client and display those images to the camper, their parent or guardian, or event attendee. You can revoke your consent at any time as set forth in the your rights and choices section below. Note, we may use third party software for the purpose of facial recognition and comparison, and the foregoing information will be disclosed to this third-party processor in connection with this service. Face Recognition Data will be retained only for so long as necessary, usually for 1 year following the upload of the image.

You may not upload images to which you do not have the right to have processed in accordance with the above. When you upload a photo, you represent and warrant that you have all necessary rights to process the images as set forth above.

STAFFING DATA

We may process Identity Data, Financial Data and Contact Data as well as certain Special Category Data on behalf of our Clients in connection with an application to be a Client’s administrator, counselor, volunteer, or otherwise join or support a Client’s team, and where requested by the Client, in connection with criminal, professional, credit or other background checks relating to an applicant.

Staffing data is used as is requested by the Client, as necessary in connection with these activities, or as required by law. Financial Data is collected and may be stored for payroll or reimbursement purposes, or as otherwise necessary in the context of the staffing relationship. Subject to your rights and choices, we process this Personal Data on behalf of the Client, in connection with Clients’ activities in relation to the assessment, creation, maintenance, and termination of the staffing relationship, or in connection with various background checks relating to a prospective staff member.

CampMinder may maintain relationships with background check providers, and Clients may direct CampMinder to assist in the request, fulfillment, and storage of background check information. However, Clients are the controllers of such information and are responsible for obtaining applicants’ consent, ensuring the legal rights of applicants, and for their use of background check data.

ADMINISTRATION DATA

On behalf of the Client, we may process Identity Data, Financial Data and Contact Data as well as certain Special Category Data in connection with administrative information collected by Clients, such as invoicing, expense reporting, financials, or other internal processes. This information may include medical information of certain staffers campers or event attendees, or other similar Special Category data, to the extent provided by the staffer, camper, parent or attendee.

On behalf of the Client, we process Identity Data, Financial Data and Contact Data primarily in connection with Clients’ internal business activities in relation to the analysis and internal reporting of Client financials, performance, or other activities. All administrative data will be used as is required by the Client as necessary in connection with these activities, or as required by law. Financial Data is collected and may be stored for payroll or reimbursement purposes, or as otherwise necessary in the context of the staffing relationship. Subject to your rights and choices, we may process the Special Category Data in connection with the individual’s consent, or as otherwise permitted by law.

COOKIES AND SIMILAR TECHNOLOGIES

We, and certain third parties, may process Device/Network Data when you interact with cookies and similar technologies. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.

In connection with our legitimate interests in providing and improving the user experience and efficiency of our Services, and understanding information about the devices and demographics of visitors to our Services, we use this information (i) for “essential” or “functional” purposes, such as to enable various features of the Services such as your browser remembering your username or password, maintaining a session, or staying logged in after a session has ended; (ii) for analytics and site performance purposes, such as tracking how the Services are used or perform, how users engage with and navigate through the Services, what sites users visit before visiting our Services, how often they visit our Services, and other similar information; and (iii) for the purpose of displaying advertisements via retargeting to those users who visited our Site or who may be interested in our Service.

Some of these technologies can be used by third parties to identify you across platforms, devices, sites, and services. Clients may also have access to information, such as reports and analytics, generated through these services.

BUSINESS PURPOSES OF PROCESSING

In addition to the processing described above, we generally process Personal Data for several common purposes in connection with our business. For example:

Operate our Services and Fulfill Obligations: We process any Personal Data as is necessary to provide the Services, and as otherwise necessary to fulfill our obligations to you, e.g. to provide you with the information, features, and services you request.

Personalization/Customization: We process Personal Data (excluding Facial Recognition Data or Special Category Data) as necessary in connection with our legitimate business interest in personalizing our Services. For example, aspects of the Services may be customized to you so that it displays your or a Client’s name, to reflect appearance or display preferences, display recent or commonly used features or data, or other similar functionality.

Internal Processes and Service Improvement: We process Personal Data (excluding Facial Recognition Data or Special Category Data) as necessary in connection with our improvement of the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to service use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Data to understand what parts of our Service are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our Users.

MARKETING COMMUNICATIONS

Data: We may process Identity Data and Contact Data in connection with email marketing communications, including (i) on behalf of Clients, when you register for an account, and choose to enroll, or are enrolled by the Client, to receive marketing communications; (ii) on behalf of Clients, when you open or interact with, a Client’s electronic marketing communications; (iii) on our own behalf when you contact us directly, or express an interest in our products and services; and (iv) on our own behalf when you open or interact with our marketing communications.

Uses: We use Identity Data and Contact Data as necessary to provide marketing communications, and consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for such communications or purchase services from us. See Your Rights and Choices for information about how you can limit or opt out of this processing.

AGGREGATE ANALYTICS

We process Personal Data (excluding Facial Recognition Data or Special Category Data) as necessary in connection with our creation of aggregate analytics relating to how our Services are used, company and investment trends, to understand how our service performs, and to create other reports regarding the use of our Services, demographics of our Users, and other similar information and metrics. The resulting aggregate data will not contain information from which an individual may be readily identified. This processing is subject to users’ rights and choices.

COMPLIANCE, HEALTH, SAFETY & PUBLIC INTEREST

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

OTHER PROCESSING OF PERSONAL DATA

If we process Personal Data in connection with our Services in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Users’ rights and choices) unless otherwise stated when you provide it.

DATA SHARING

GENERALLY

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer Personal Data to the following categories of recipients:

Clients: We process data on behalf of Clients and may share your Personal Data with Clients to the extent such information was provided to us for processing on their behalf. For example, any forms, applications, messages, or other material may be processed by us for Clients, and all Personal Data processed on behalf of the Client may be available to the Client and its users. These parties may engage in direct marketing, or other activities that are outside our control.

Service Providers: In connection with our legitimate business interests or other business purposes, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Sites or disclose information as part of our own internal operations, such as security operations, internal research, etc.) We disclose Special Category Data and Face Recognition Data to service providers only with your consent where required by law.

Affiliates: In order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Corporate Events: Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures: In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

YOUR RIGHTS AND CHOICES

YOUR RIGHTS

Applicable law may grant you rights in your Personal Data. These rights vary based on your location, state or country of residence, and may be limited by or subject to our or our Client’s rights in your Personal Data. In cases where we process Personal Data on our own behalf, you may exercise rights you have by contacting us. All rights requests we receive directly must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you log in to your account or verify that you have access to your account or the email on file in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf. For information regarding your rights in the EU/EEA/Swiss, or your California Privacy Rights, please see below.

YOUR CHOICES

You may have the following choices regarding the Personal Data we process, to the extent required under applicable law:

Consent: If you consent to processing, you may withdraw your consent at any time, to the extent required by law.

Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Location Data: You may control or limit Location Data that we collect using our Mobile App by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use.

Online Advertising: You may opt out or withdraw your consent to behavioral advertising. You must opt out of third-party services directly via the third party. For example, to opt out of Google’s use of cookies, visit Google’s Ads Settings, here. If you wish to take steps to opt-out of tracking by certain online advertisers, you can visit the Digital Advertising Alliance’s opt-out page at http://www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/optout_nonppii.asp.

Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.

NOTE REGARDING CLIENTS’ DATA

In many cases, CampMinder acts a processor of Clients’ Personal Data. We may notify Clients of your data rights requests; however, we may be unable to directly fulfill rights requests regarding Personal Data unless we control or have the necessary rights of access. CampMinder may not have access to or control over all or some Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request. Please note that, to the extent we make interfaces available for you to directly control your data, these will take effect only with respect to the data we control, and you may need to contact the Client regarding your request.

SECURITY

We follow and implement reasonable security measures to safeguard the Personal Data we process. While we may require our service providers to follow certain security practices, we do not have control over and will not be liable for third parties’ security processes. We do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

DATA RETENTION

We retain Personal Data for the periods stated above, or if none, for so long as it remains relevant to its purpose or for so long as is required by law (if longer). As we process Personal Data on behalf of Clients, we may retain information for the periods requested by the Client or delete information at the Client’s request. We will review retention periods periodically, and if appropriate, we may pseudonymize or anonymize data held for longer periods.

MINORS

Our Services are intended for use by Clients, event organizers and attendees and campers’ parents and are neither directed at nor intended for direct use by individuals under the age of 16. Further, we do not knowingly collect Personal Data directly from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

INTERNATIONAL TRANSFERS

We operate and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law.

EU-U.S. PRIVACY SHIELD

We comply with the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce with respect to the processing of Personal Data from European Union member countries as described in this Privacy Policy. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU residents’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU residents’ data to the extent required by law.

If there is any conflict between this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov. You may view the list of Privacy Shield companies here.

We encourage users to contact us if you have any concerns about our compliance with this Privacy Policy and the Privacy Shield Framework. In compliance with the EU-U.S. Privacy Shield Principles, we commit to resolving complaints about your privacy and our collection or use of your Personal Data. EU residents with inquiries or complaints regarding this Privacy Policy should first contact us at the address below. We will respond to complaints from EU residents within 45 days.

In compliance with the Privacy Shield Principles, CampMinder commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CampMinder at: issues@campminder.com.

CampMinder has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain circumstances, these dispute resolution processes may result in your ability to invoke binding arbitration. As a U.S. company, we are also subject to the investigatory and enforcement power of the FTC regarding our compliance with the Privacy Shield Framework and this Privacy Policy, and users may direct complaints to the FTC in the event the dispute resolution processes described above is unsatisfactory.

YOUR EU/EEA PRIVACY RIGHTS

Users of our Services in the EU/EEA/Switzerland (and certain other countries) may have the following rights:

Access: You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law.

Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law.

Delete: To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. Contact us as part of your request to determine how your Personal Data will be erased in connection with your request.

Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

Right to Object: Where we process Personal Data on the basis of our legitimate interests, you can object to that processing to extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise, or defense of a legal claim.

Right to Restrict: You may have the right to restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.

Automated Processing: To the extent we process Personal Data using automated means (if any), or where otherwise required by law, you may opt-out of, or revoke your consent, to this processing or elect to have an individual review any of the results of processing.

Regulator Contact: You may have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

YOUR CALIFORNIA PRIVACY RIGHTS

Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights, subject to your submission of an appropriately verified request (see below for verification requirements):

PRIVACY RIGHTS

Right to Know: You may have the right to request any of following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

Right to Delete: You may have the right to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.

Right to Non-Discrimination: You may have the right to not to receive discriminatory treatment as a result of your exercise of any rights conferred by the CCPA.

Direct Marketing: You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes (if any) during the preceding calendar year.

Opt-Out of Sale: If we engage in sales of Personal Data (as defined by applicable law), you may direct us to stop selling or disclosing Personal Data to third parties for commercial purposes. At this time, we do not sell Personal Data.

SUBMISSION OF RIGHTS REQUESTS

You may submit requests by contacting us (see below for summary of required verification information).

VERIFICATION OF RIGHTS REQUESTS

All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other information we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

SUPPLEMENTAL DATA PROCESSING DISCLOSURES

Categories of Personal Data Disclosed for Business Purposes: For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data; Transaction Data; Contact Data; Financial Data; Device/Network Data; Location Data; Special Category Data; Face Recognition Data; and Custom Content.

Data Sale: For purposes of the CCPA, we do not “sell” your Personal Data.

Right to Know:

Category of Data

Category of Sources

Business and Commercial Purposes

Category of Recipients

Identity Data

You; Clients; Your Devices; Service Providers

Service Provision and Contractual Obligations; Personalization/Customization; Internal Processes and Service Improvement; Marketing Communications; Aggregate Analytics; Compliance, Health, Safety & Public Interest; Other Processing

Clients; Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Transaction Data

You; Your Devices; Service Providers

Service Provision and Contractual Obligations; Personalization/Customization; Internal Processes and Service Improvement; Marketing Communications; Aggregate Analytics; Compliance, Health, Safety & Public Interest; Other Processing

Clients; Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Contact Data

You; Clients; Your Devices; Service Providers

Service Provision and Contractual Obligations; Personalization/Customization; Internal Processes and Service Improvement; Marketing Communications; Aggregate Analytics; Compliance, Health, Safety & Public Interest; Other Processing

Clients; Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Financial Data

You; Service Providers

Service Provision and Contractual Obligations; Personalization/Customization; Internal Processes and Service Improvement; Marketing Communications; Aggregate Analytics; Compliance, Health, Safety & Public Interest; Other Processing

Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Device/Network Data

You; Your Devices; Service Providers

Service Provision and Contractual Obligations; Personalization/Customization; Internal Processes and Service Improvement; Marketing Communications; Aggregate Analytics; Compliance, Health, Safety & Public Interest; Other Processing

Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Location Data

You; Your Devices

Service Provision and Contractual Obligations; Personalization/Customization; Internal Processes and Service Improvement; Marketing Communications; Aggregate Analytics; Compliance, Health, Safety & Public Interest; Other Processing

Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Special Category Data

You; Clients

Service Provision and Contractual Obligations; Compliance, Health, Safety & Public Interest; Other Processing

Clients; Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Face Recognition Data

You; Service Providers; Data we Create/Infer

Service Provision and Contractual Obligations; Compliance, Health, Safety & Public Interest; Other Processing

Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

Custom Content

You; Clients

Service Provision and Contractual Obligations; Personalization/Customization; Internal Processes and Service Improvement; Marketing Communications; Aggregate Analytics; Compliance, Health, Safety & Public Interest; Other Processing

Clients; Service Providers; Data Aggregators; Affiliates; Corporate Events; Legal Disclosures

CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your acknowledgment of these changes or use of the Services following notice of any changes (as applicable) indicates your acceptance of any changes.

CONTACT US

Feel free to contact us with questions or concerns using the appropriate address below.

General inquiries:

info@campminder.com

Physical address:

CampMinder, LLC

5766 Central Avenue

Boulder, CO 80301

Phone:

303-444-2267

LIST OF THIRD PARTIES

UNAFFILIATED PARTIES AND PARTNERS

The following is a list of unaffiliated third parties with whom we may share data or which may engage in processing:

Third Party Data Sources

Alachisoft

Vendor of NCache, a product that provides an extremely fast and linearly scalable distributed cache that caches application data.

Amazon Web Services

Vendor – Hosted CM Desktop – Camp In Touch environment housing all details associated with clients of our clients including name, address, date of birth, gender and contact information.

Apple App Store

Vendor – Provides application marketplace for the purchase and updating of applications. Also subject to Apple Privacy Policy found at https://www.apple.com/privacy

Azure WAF Gateway

Vendor – Provides the web application firewall for the CampMinder system database that monitors all traffic coming into this system.

Bill.com

Vendor – Provides an invoicing and accounts payable platform where we store information including client banking information, client contact information including name, address, phone number and email address

Camp Takajo, Camp Manitou, Tripp Lake Camp, Camp Lenox, Camp Wingate Kirkland, Camp Greystone, Alpine Camp for Boys, AdventureTreks, Camp Highlander, Falling Creek Camp, Camp Pinnacle, Camp Romaca, Camp Young Judaea Texas, Everwood, Rolling River Day Camp, Green River Preserve, Camp Highland, International Sports Training Camp, Camp River Way, SuperCamp, Camp Alonim, YMCA New York, Camp Skyline, Raquette Lake, Camp Woodward East (PA), Yachad, Asphalt Green Summer Day Camp, NCSY Summer Programs, Camp Mystic, Camp Ramah in Wisconsin / Ramah Day Camp, Harlam, 6 Points Sports Academy, Six Points Sci Tech, OSRUI,Concordia Language Villages, Nobles Day Camp, Camp Cody, Camp Coleman, Camp Greene, Camp Kalsman, Camp Eisner, Camp Crane Lake, Camp Newman, URJ Camp George, URJ GUCI, URJ Henry S. Jacobs Camp, URJ NFTY EIE, URJ Kutz Camp, Camp Green Leaf, Coleman Country Day Camp, URJ NFTY, URJ 6 Points Sports Academy CA, YMCA Camp Tecumseh, Camp Fitch YMCA, URJ Sci-Tech West, URJ Arts, URJ Teen Travel, URJ RAC

 

Clients also known as Camps – These clients use an API key provided by CampMinder to integrate only their specific data that is owned by them with same clients’ marketing and/or customer relationship management platform that is independent of the CampMinder platform.

CardWorks Acquiring, LLC

Vendor – Provides electronic transaction payment services for certain CampMinder clients

Cliq

Vendor – Provides electronic transaction processing services for certain CampMinder clients that are also subject to the privacy policy found at https://www.cliq.com/privacy/

CloudFlare

Vendor – Provides the web application firewall for the Camp in Touch environment that monitors all traffic coming into this system.

Cynergy USA

Vendor – Provides electronic transaction payment services for certain CampMinder clients that are also subject to privacy policy found at https://www.cynergydatagroup.com/privacy.html

District Photo

Vendor – Provides photo processing, printing and shipping of images presented for purchase by the clients of our clients through the Camp In Touch platform as part of our summer services offered as an option through our Camp In Touch service. Digital images viewed in the Camp In Touch platform are available for purchase. Purchaser information stored in the service include name, address, payment method information, phone number and email address.

DropBox

Vendor – Cloud storage and user synchronization where we store accounting information including electronic reports that may include name, physical address, phone number, e-mail address and payment method information.

EZ Texting

Vendor – Text messaging platform to whom we may provide, at our client’s request, their client’s names and phone numbers.

Google

Vendor — provides Google Play Services, which includes application marketplace for the purchase and updating of application. In addition, Google collects information about the apps, browsers, and devices you use to access Google services, which helps Google provide features like automatic product updates. The information Google collects includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. Google also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request. Google collect this information when a Google service on your device contacts Google’s servers — for example, when you install an app from the Play Store or when a service checks for automatic updates. Google Docs and Drives are used as a passthrough service for custom templates for contracts, emails, invoices and other communication. These Docs are immediately deleted once they are delivered to the recipient.

Google Photos

Vendor – Used in Campanion Admin to allow integration between Campminder’s photo uploader and a client’s Google Photos cloud storage, and makes use of the restricted Google API Scope; ./auth/photoslibrary. read-only.  Scopes requested may change from time to time and are described further in the Google Photos API.  Authorization to use each scope will be granted exclusively through the OAuth2 authentication process. Use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy including the Limited Use Requirements.

JotForm

Integrated tool for creation, publication and hosting of forms for data collection from camp attendees and allowing for email responses.

Microsoft Azure

Vendor – Provides cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Microsoft Azure facial recognition service

Vendor – Facial recognition service creates an identity based on properties and measurement of a person’s face when used with our Campanion services. User information stored includes a training photo with an anonymized ID.

Microsoft

Vendor – Hosts campminder.system test environment and houses all of CampMinder system database details.

Neutrino API

Vendor – Streamlines credit card processing services between our clients and their clients by distinguishing the payment method between credit cards and debit cards

NMI

Vendor – Payment gateway solution for epayments and credit card transactions. Data stored includes payors name, payment method details, payment amount and date of payment.

Paysafe

Vendor – Provides electronic transaction payment services that are also subject to privacy policy found at https://www.paysafe.com/privacy-policy/

Pendo.io

Vendor – Provides usage analytics that tracks user interactions with web and mobile applications and collects survey responses from users.

Quala.io

Vendor – Enhances Client onboarding and support by tracking key metrics, automating tasks and workflows and providing trend analysis for best practices. Client data is stored temporarily and includes name, email and phone.

Quickbooks Vendor – Provides an accounting and general ledger platform where we store client information including name, address, phone number and email address.

RackSpace

Vendor – Hosted Microsoft Azure Production environment, managed by Rackspace. Houses all CampMinder system database details.

Redis

Vendor – An open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes with radius queries and streams.

Ronningen Design

Vendor – Provides of graphic design, website design and marketing services to and for the Summer Camp industry.

Salesforce

Vendor – Provides a customer relationship management platform. Here we store client contact information including name, address, phone number and email address.

Sterling

Vendor – Provides background checks for camp staff at client’s request, which requires camp to provide subject’s name, physical address, social security number, phone number and email address.

Twilio

Vendor – Email service that enables the transmission and storage of email traffic between our clients and their clients through the CampMinder system.

Vinta Soft

Vendor – Provides image processing service as part of our summer services offered as an option through our Camp In Touch service.

Wistia

Vendor – Provides video hosting service for clients that provide videos to their clients as part of our summer services offered as an option through our Camp In Touch service.