The YMCA of Metropolitan Los Angeles (the “Association”) is committed to
protecting the privacy of its members and donors and maintaining their personal
information in confidence. As an expression of the Association’s commitment to
protect the personal information of its members, employees, and volunteers the
use of your personal information, including the reasonable efforts we make to
protect your personal information in accordance with these guidelines and about
what choices you have concerning the Association’s use of such information. Please
read this Policy carefully.
Please refer to this Policy regularly. The Association may need to change this Policy
from time to time to address new issues and reflect changes on our website.
Changes will be posted to the Association’s website and will update the “last
updated” date at the top of this page so that you will always know the Association’s
policies regarding what information is gathered, how information is used, and
whether the Association will disclose that information to anyone.
The Association collects information from members in multiple database(s) for the
purposes of billing; supporting the progress of its members toward their goals;
encouraging the involvement of the whole family; and providing information on
upcoming Association events and program opportunities. Member information is
also aggregated in certain ways to help staff and the Association’s Board determine
how well it is serving the community and how it can improve its operations.
This policy applies to the personally identifiable information (“PII”) which you
provide to the Association either through our websites, in person, or otherwise. This
Policy does not apply to your use of unaffiliated sites to which our websites link.
Collection of Personally Identifiable Information (PII):
The Association collects PII from you when you voluntarily submit such information
to us. This information may include your name, home address, email address, date
of birth, demographic information, personal health information(“PHI”), and other
information that we may need to collect in connection with certain events,
including, but not limited to:
• Registration for, or participation in, events, classes, camps, and other
• Registration for surveys, forums, content submissions, chats, bulletin boards,
discussion groups, requests for suggestions, or other services or activities
offered on the Association website;
• Answering your inquiries about the Association website, organization,
membership, or other services or activities;
• Registration as a member, donor, and/or volunteer.
Use and Disclosure of Personally Identifiable Information (PII):
If you do provide the Association with PII for an activity, event, or service, it may
use it to conduct such activity, event, or service and future Association activities
that may be of interest to you. The Association may contact you based on the
information you provide online or offline.
The Association shares member and donor information with financial institutions,
government agencies, and companies working on behalf of the Association only as
needed to conduct Association operations or other support services. We also may
share your information with other YMCA Associations and with the YMCA of the
USA, which is a national resource office for the YMCA of Metropolitan Los Angeles
and other local YMCAs, to help improve the overall network of YMCAs. The
Association may also provide PII, including PHI, to regulatory authorities and law
enforcement officials in accordance with applicable law or when we otherwise
believe in good faith that the provision of such information is required or permitted
by law, such as in connection with the investigation or assertion of legal defenses or
for compliance matters.
Other than as required by law or to conduct Association business, the Association
will use its best efforts to never disclose any PII about you to any third-party for
purposes unrelated to the Association without having received your permission,
except as provided herein or otherwise as permitted or required under applicable
law. The Association will not sell, rent or lease your personal information to others,
including information provided about children.
You may inspect your records and update your personal information at any time.
Please notify the Executive Director at your Association branch location, with regard
to any concerns you may have about the privacy of your records.
The Association and each of its community locations are committed to keeping any
and all PII confidential and secure. Your PII includes personal information, such as
your name, address, birth date, social security number (employees only),
employer, payment history, bank information, personal health information (“PHI”)
and program and donor involvement.
volunteers, and donors (“members”), as well as to all persons who have offered
personal information to the Association as prospective members or employees.
How we Protect Your Privacy:
The Association maintains procedural, electronic, and physical safeguards to protect
the PII of its members, donors, and volunteer staff, including, but not limited to,
• The Association permits access to PII only by authorized employees and
volunteers with a need to have access and who are trained in the proper
handling of member information. The Association removes employee and
volunteer’s access to systems as part of the employee separation process.
• The Association requires all outside vendors and contractors who may be
retained to perform services for the YMCALA to conform to Association
privacy standards and/or sign strict confidentiality agreements. In the rare
and limited circumstance when a retained service provider is required to use
PII to complete its assignment, the service provider is strictly prohibited from
using this information for any other purpose.
• The Association will not reveal information about your health, character,
personal habits or reputation to anyone for marketing purposes.
• The Association uses outside vendors to conduct periodic network security
audits to help prevent security breaches.
• The Association follows published document management procedures
providing for the timely destruction of outdated personal information.
• The Association masks all but the last four digits of your credit card and bank
account numbers in our Membership and Donor application screens.
• The Association uses SSL (secure socket layer) transmission to transmit
electronic funds transfer payments to and from financial institutions.
• The Association does not display any bank or credit card information on any
system generated receipts or invoices.
• The Association ensures that all unattended computers display electronic
screensavers to help prevent unauthorized access to personal information.
Access is locked out until a proper password is entered.
• All Association employees and volunteers, upon logon to any networked
computer, are prompted with a message that reminds them of the
importance of protecting PII.
• The Association’s automated system policies require employees and
volunteers to change passwords every ninety days.
• The Association’s internal audit team periodically audits our Metropolitan
offices and locations to ensure that reasonable security practices and internal
controls are being followed.
• All Association locations take adequate measures and implement safeguards
to reduce the incidents of theft and to ensure that your personal checks are
deposited in the bank.
• Many Association locations have security surveillance cameras to discourage
theft on the premises.
• The Metropolitan offices and many locations have controlled access into their
• The Association keeps the transportation of PII between the branches and
the Metropolitan offices to a minimum to help reduce the potential for
Privacy of Children:
The Association is mindful that young people need special safeguards and privacy
protection. We realize that they may not understand all of the provisions of
Association policy or be able to make thoughtful decisions about the choices that
are made available to our adult members. We strongly urge all parents/guardians
to participate in their children’s exploration of the Internet and any online services
and to teach their children about protecting their personal information while online.
If we ask for Personally Identifiable Information (“PII”) from children under the age
of thirteen (13) on the Association website(s), in person, or through any other
mechanism, we will take additional steps to protect the privacy of such information,
• Obtaining consent from the parent or legal guardian of the child before
collecting or using the child’s PII;
• Notifying parent(s)/guardian(s) about what PII is being requested and how
that PII will be used and/or shared, such as through this Policy;
• Limiting the collection of PII from children to no more than is reasonably
necessary to accomplish the purpose of the collection; and
• Giving parents’ access to the PII we have collected from their children and
offering them the opportunity to request that such PII be changed or deleted.
Links to Other Sites:
Users may find other content on Association websites that link to the sites and
services of other third parties. We do not control the content or links that appear
on these sites. In addition, these sites or services, including their content and
links, may be constantly changing. These sites and services may have their own
privacy policies and customer service policies, or no policy (policies) at all. We
encourage you to review the privacy policies of any third-party sites or services
before providing any of them with your personal information.
Collection of Non-Personally Identifiable Information:
We collect non-personally identifiable information without limitation through the use
of the following types of methodology:
“Cookie” technology: A cookie is an element of data that a website can send to your
browser, which may then store it on your system to help enhance your experience
in using our sites and to provide us with technical information about your site
IP address tracking: An IP address is a number that is assigned to your computer
when you are on the Internet. When you request pages from our sites, our servers
log your IP address.
Web beacons: A Web beacon, or “clear gif”, is a small graphic image on a webpage
or web-based document that a website can use to determine information about a
Non-personally identifiable information might include the browser you use, the type
of computer, technical information about your means of connection to our sites
(such as the operating systems and the Internet service providers utilized), and
other similar information. Our systems may also automatically gather information
about the areas you visit and search terms you utilize on our sites and about the
links you may select from within our sites to other areas of the World Wide Web or
Although an industry-standard do-not-track (DNT) protocol has not yet been
established, the Association’s information collection and disclosure practices and the
choices it offers to consumers will continue to operate as described in this Policy.
Use of Non-Personally Identifiable Information:
We use non-personally identifiable information for our purposes related to
operations of the Association and its programs and, in particular, to administer our
websites and, in the aggregate, to determine what technologies are being used so
that we may continually improve our websites. We may also share aggregate, non-
personally identifiable information with other third parties.
When you make a payment as a donation, we collect information to process your
donation and may use that information to contact you in the future about the
Association and its programs. Your payment information is transmitted to us, using
a secure Internet method that helps maintain the privacy of this information.
During the time your payment information resides on our computers, it is in an
encrypted format and can only be accessed by authorized personnel with a
Links to Other Sites:
Users may find other content on our websites that link to the sites and services of
other third-parties. We do not control the content or links appearing on these sites.
Third-party sites or services, including their content and links, may be constantly
changing and may have their own privacy policies and customer service policies.
We encourage you to review the privacy policies of any third-party sites or services
before providing any of them with your personal information.
If you opt-in to receive information from us, you can change your mind later. If at
any time you would like to stop receiving such information or opt out of a feature,
you may change your options by contacting your local Association branch location.
You should be aware, however, that it is not always possible to completely remove
or modify information in our databases and servers, although we will make
reasonable efforts to do so upon your request.
Personal Data Access and Accuracy:
You may contact the Association with inquiries or complaints regarding the use of
information about you. We will use reasonable efforts to grant reasonable requests
to access data about the requester. We will also make reasonable requests to
correct any incorrect or misleading data about the requester.
The Association takes appropriate administrative, technical, and physical measures
to safeguard against unauthorized processing of personal information, and against
the accidental loss of, or damage to, personal data. However, the Association
cannot provide an absolute guarantee of the security of any of our websites or any
other site on the Internet.
Consent to Transfer:
Association websites are operated in the United States. If you are located outside of
the United States, please be aware that any information you provide to the
Association will be transferred to the United States, even though the United States
has privacy laws that the European Union considers inadequate. By using
Association websites, participating in any Association services, and/or providing us
with your information, you consent to this transfer.
California Privacy Rights:
The California “Shine the Light” law permits California residents to annually request
and obtain information free of charge about what personal information is disclosed
to third-parties for direct-marketing purposes in the preceding calendar year. The
Association does not distribute your personal information to outside parties for their
direct marketing without your consent.
Updating your Personal Information:
You can update your personal information by using the Association website. Please
do not send Social Security numbers or other sensitive information to us via
You have the right to know what PII the Association has collected about you; this
does not apply to PII that relates to an actual or possible claim or a civil or criminal
You may ask the Association in writing to correct any PII you believe is recorded in
The Association will notify you, either in writing or electronically, if it suspects a
security breach of your PII, as mandated by California Civil Code Section 1798.82
The Association takes appropriate administrative, technical and physical measures
to safeguard against unauthorized processing of personal information and against
the accidental loss of, or damage to, personal data, although we cannot provide an
absolute guarantee of the security of our site or any other site on the Internet.
addition, a printed copy will also be available at all Association branch locations.
How to Contact Us:
You may contact the Executive Director of your local Association branch location if
you have questions or need additional information.