Introduction
When you entrust your personal information to a web site, you expect the operators of that site to demonstrate that they have earned your trust. Maintaining your privacy and the security of your personal information is our highest priority.
This Privacy Policy explains how the State Urban Search and Rescue Alliance, Inc., a New Jersey based corporation (SUSAR), collects, stores, uses, and discloses information about you.
SUSAR is committed to meeting and exceeding all relevant international, federal, and state laws and industry guidelines regarding your personal information and how it is protected.
Please note that privacy laws differ widely between countries and, within countries, between states and smaller jurisdictions. Because our website may be accessed from anywhere in the world, SUSAR will follow the strictest possible rules.
SUSAR is based in the United States and our servers are hosted in the US. No matter where you are located, you consent to the transferring to, and processing of, your information in the US.
This Privacy Policy applies only to this website and SUSAR operated/maintained sites. This website may contain links to other websites not controlled by SUSAR and the policies and procedures described herein do not apply to these other websites.
Note also that privacy laws and regulations are continually evolving, and this privacy policy may be modified at any time to account for new and stricter provisions. Your continued membership in SUSAR and/or your continued use of this website, whether as a member or non-member, confirms your agreement to abide by the provisions of the current privacy policy. As described below, you also have the right and ability at any time to resign from the organization and to have your personal information removed from its databases.
What We Collect and How We Use It
This site stores personal information about you, including your name, contact information (addresses, phone numbers, email address, work information, etc.), demographic data (date of birth, gender, etc.), and, for members only, a username and password to allow you to log in and access member-only content. Depending on which functions have been enabled by SUSAR, it may also collect, store, and display other information, including but not limited to:
Your original membership sign-up and subsequent renewals
Your event registrations
Your donations
Your online payments and payment history
Biographic and other information specifically to share with other members
Business information specifically to share with the public
Links to your social networking accounts for the purposes of sharing club or association information with others in your networks
Information posted in online discussion forums and surveys
Volunteering and committee assignments
Downloading of documents and photos from the website
Uploading of documents and photos to the website
Completing custom forms for specific club or association purposes
Posting classified ads or available jobs
Maintaining your certifications and continuing education training
Purchasing products through an E-commerce storefront
Registering for interest groups
Whether you have opened emails sent to you from the platform
This information is provided by you as you interact with the website and its various screens and dialogs. Some information is required by the association in order to maintain accurate and complete records, for legal protections, or to allow the organization to provide its services to you. Other information is optional or dependent on your participation in specific activities or programs.
SUSAR uses this information to run the association, to provide services for members, to maintain accurate and complete financial records, to fulfill its legal obligations in accordance with laws pertaining to non-profits, to promote the association in the general community, to strengthen and grow the organization, to communicate with you about news and activities, and to advocate for issues that are important to members.
Within this website, only authorized administrators appointed by SUSAR have access to personal information on members. SUSAR strongly discourages the selling or trading personal data to third parties, but if they do so, you always have the ability to opt-out from such lists.
This website also collects information when you log in and as you navigate around the site, using standard Internet technologies (such as IP addresses, log files, access dates and times, language and other formats, session cookies, pixel tags, other tracking technologies, and reading your computer or mobile device type, operating system, browser version, etc.)
We use this information for the following purposes:
To provide and maintain our site
To manage the performance of our platform
To perform accounting and billing activities
For the following security and data protection purposes:
To detect, investigate and prevent fraudulent use of the platform
To detect, investigate and prevent abuse and other illegal activities
To detect, investigate and block security breaches
To protect the rights, intellectual and physical property of SUSAR
To protect the rights and intellectual property of others
To provide you with a safe online environment
To manage and resolve legal claims
To protect and enforce our legal rights
SUSAR may enable a module that provides discussion forums. Please remember that any information disclosed in these forums may become public. You should exercise caution regarding personal information when you write messages in a public discussion forum.
SUSAR may enable a module that allows a third party, from an external website, to verify your membership in SUSAR using a special interface and by providing credentials that you have supplied to that party. Your use of their website and the provision of these credentials is governed by their Privacy Policy. In providing them with your credentials for this website, you have consented to allow them to use this data to verify your membership status.
Using the SUSAR Mobile App
SUSAR may also enable a mobile app that provides special functions for members using mobile devices such as a smartphones and tablets, running on both iOS and Android. When you download the mobile app for your association and device, we may request permission to use various features on your mobile device:
Calendar – We request access to your calendar so that we can add/edit events on your device. Calendar events are only added when you touch the “add event” icon. We never automatically add or edit events on your device without user interaction.
Location – We request permission to access your device location for the “Meets” functionality within the mobile app. Your device location is stored on our servers when you touch the “Update my position” button. Your device location is displayed to other users for the specified time limit. After that time limit expires, your location is no longer displayed to other users. Your device location is automatically hidden and not requested unless you explicitly touch “show me on this device” or “update my position. We do not retain this data or share it with your club or association or any third parties.
Microphone – We never store or retain any information from your microphone or record any audio from the microphone. Our app will request permission to use your microphone as a general “media” permission request.
Phone – We request access to your phone so that if users tap or touch a phone number the keypad/dialer will become preloaded with the phone number you touched. We never store or retain any contact logs or phone numbers you may have touched. This general permission allows us to access information about your device such as screen orientation or unique identifiers. We do not retain this data or share it with your club or association or any third parties.
Contact Logs – We never request or keep any information from your device’s contact logs.
Notifications – We request permissions to send notifications so that you are notified when a new message is posted to a Chat channel.
Storage – We request permission to access device storage so that we can save files to your device or display them temporarily. Files are only downloaded or displayed when you explicitly touch a file name or “download” button. Files are never automatically sent to the device without your knowledge. Your device will automatically cache some files in storage for better performance.
Carrier/Network information – We never share or keep any information regarding your carrier or network information.
Camera – Your device camera can be accessed when adding a photo to a Chat message. Our app will request permission to use your devices’ camera in the event that you choose this option.
Cookies – We use “session” cookies to keep you logged in while you use the SUSAR mobile app to keep session information about who you are while you are logged in. Session cookies disappear when you log out or close the app. We do not keep any session information or financial information in Persistent cookies.
What is our Legal Basis for Collecting and Processing this Information
As noted above, SUSAR is the controller of this data. It collects and stores your personal information in order to manage your membership in the association and/or your participation in the organization’s activities. Any of the following activities provide clear indication of your intent to establish a relationship with this club or association, thereby allowing them to collect and store your personal information:
When you pay a membership fee to join or renew
When you register for an event
When you make a donation
When you purchase product from the organization’s storefront
When you request to be added to the organization’s mailing list
When you log in to the website as a paid-up member to participate in the organization’s activities
As noted below, you also have the right to cancel this relationship with the association at any time, and to have your data removed from their website and data repositories, subject to the organization’s rights to maintain accurate and complete records of its operations.
As noted above, SUSAR is the Data Processor for this data. We manage the security and integrity of this data and access to it.
Sharing of Information
Information about you will only be shared based on the provisions of this Privacy Policy.
The SUSAR platform is designed to allow the organization to run our operations online, including promoting ourselves to the public SUSAR may choose to make certain user information (generally limited to your name but, in some cases, also showing contact information) visible on the public side of its website, available to anyone who visits the site. This information may include, but is not limited to:
Your membership in a committee, interest group, or chapter
Your registration for an event
Your registration for a volunteering activity
Photos that you have uploaded to the website
Your participation in a Member or Business Directory
Members who log in to SUSAR website may have access to more information about other members. You may have the ability to control what information is shown.
We recommend that you survey the website to see what information is visible to the public or to other members, to ensure that you are comfortable with this level of sharing. You always have the option to not participate in the activities that involve sharing.
SUSAR may assign “Administrators” from within the organization who have access to all data on the website, as well as “Coordinators” who have some but not all administrative rights. These members assume the responsibility on behalf of the organization, to protect the privacy and integrity of this data.
SUSAR may share member and non-member data with vendors who assist in the operation of the organization. For example, a vendor may help to manage a large event and will need to know who has registered and paid to attend the event or specific activities within the event.
SUSAR may share information with service providers and vendors that help us run the platform, including hosting the computers on which the platform runs, merchant processing companies to handle credit card payments, address verification and geocoding services, Google Analytics for traffic and usage intelligence, and consultants that help us secure, maintain, and enhance the platform in different ways. This information sharing will be strictly limited only to what is necessary for the vendor to perform its service(s) and said vendors and service providers are subject to strict contractual and confidentiality obligations barring them from using it for any other purposes.
We may retain and disclose information about you to third parties if we believe such disclosure is required by applicable international, federal, or state law or regulation, or by the order of a competent legal authority (such as a court order), or as part of an audit. We may also disclose information if we believe that your actions are inconsistent with our Terms of Service or internal policies, or if necessary to defend against a real or perceived threat or fraud against SUSAR and its employees or contractors.
What SUSAR Will Not Do
Board members, officers, nor any agent of SUSAR do not have direct access to your password or credit card information. This data is encrypted by the system using state of the art technologies and cannot directly be accessed. If you forget your password, SUSAR can reset it at your request. You will then be required to change it when you next log in.
You have the option to not store your credit card information in our system. If you select this option, you will need to re-enter it for each transaction. Once your card has been authorized using an encrypted transfer, we only retain the first 4 and last 4 digits in accordance with Payment Card Industry (PCI) regulations and for reporting purposes.
SUSAR will not sell or otherwise share your name or any contact information with any third parties, including partners, advertisers or service providers, except as necessary to fulfill your explicit requests. For example, when you renew your membership and pay online using a credit card, we must share data with the credit card processing company to approve the transaction. But we will never sell or share this data for marketing or revenue purposes.
SUSAR may generate and provide aggregate statistics about our members, online traffic patterns and related information to partners, but this information will not contain data which is individually identifiable, or which can be linked back to a specific person, family, or business organization member.
Other Things We Do To Protect You
SUSAR servers are hosted by an independent hosting company in their secure data center behind a firewall. Only authorized personnel have physical access to these computers. We take care to promptly install all service packs and security updates, and the data is backed up nightly. We continually test our platform to ensure that security is maintained. Confidential data is transmitted using SSL/TLS encryption; our SSL Certificates are issued by Comodo, one of the most respected names in Internet security.
We utilize various other technical and operational measures to protect your data stored and maintained in the SUSAR platform. However, no method of electronic storage or data transfer is completely secure or error-free. In particular, email sent to or from this website may not be secure, and you should take particular care in deciding what information you communicate via email to other association members or officers. We strongly encourage you to use a strong username and password, to keep this information well protected and not share it with anyone, and to log out of your user account and close your web browser when finished accessing SUSAR, Inc.’s website on a shared or unsecured device or network.
Data Retention Policy
SUSAR has a compelling business reason to maintain accurate and complete records of its operations, including everything associated with memberships, events, fundraising, and member usage of the organization’s website. There may not be a time-limit to this policy.
SUSAR will retain this information while you are an active or expired member. or have participated in our activities as a non-member, for the following reasons:
To allow you to use the SUSAR platform
To allow you to review and update your information stored in the platform
To allow you to opt-out of receiving communications from the organization or to request that your information be deleted (see below.)
To ensure that we respect your communication preferences
To maintain accurate membership and other records
To maintain accurate financial and accounting records
To better understand how the platform is used so that we can provide you with a secure, reliable, and high-performing experience
To detect and prevent abuse of the platform, or illegal activities or breaches of this Privacy Policy, our Terms of Use, or the Subscription Agreement
To comply with applicable government legal and financial requirements
Note that data may persist for an additional time in other formats exported from this website for backup and data analysis purposes. Requests for correction, deletion or a limitation on processing (see below) will be updated upon request.
Your Rights and Options
history, credit card information if stored in the system, and other data that is part of your membership record. You also have the right to change your privacy settings at any time, including opting out of receiving general announcements and excluding yourself from lists provided to third parties for marketing or fundraising purposes.
If you are a non-member of SUSAR, Inc., you have the right to view any of your personal data stored in the platform, and to update any inaccuracies. You also have the right to change your privacy settings at any time, including opting out of receiving general announcements and excluding yourself from lists provided to third parties for any purpose. Requests should be submitted by email to the organization’s designated Data Privacy Officer (DPO) or general contact address, which can be found on the Contact Us page.
Both members and non-members have the right to request that their information be deleted from the organization’s digital records. For members, this implies that you are resigning your membership. For members, this request can be submitted through your Profile screen. For both members and non-members, this request can also be submitted from the email Opt-Out screen, or via email to the organization’s designated DPO.
If you are a member of SUSAR, you have the right to log in to the website to view and update your contact information, transaction and payment histories, event registration and volunteering.
Both members and non-members also have the right to object to the processing of their information, to request a restriction on its processing, or to withdraw their consent for future processing. Because such processing is an integral part of the organization’s operations, such requests will be treated as delete requests. Note also that such actions typically cannot have a retroactive effect.
Such requests will not affect the lawfulness of any processing conducted before the request was received, nor will it affect subsequent processing based on a reliance on lawful grounds other than consent, such as the compelling business reasons of the organization.
When such a request is received, it will be logged in the system. SUSAR will have 30 days to accept or decline the request. If they decline it, we must provide you with a reason. If we accept it, or if they take no action within 30 days, your information will be flagged for deletion within 7 days. Information that does not have a compelling business reason to be retained (such as your full contact information, biography, answers to additional member data questions, uploaded photos, etc.) will be deleted. Information that does have a compelling business reason to be retained (such as transaction and payment records, event registrations, E-commerce storefront orders, and donations) will be anonymized.
You also have the right to complain to your local Data Protection Authority (“DPA”) about the collection and processing of your data. For more information, please contact your local DPA directly.
Privacy Shield
SUSAR complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, SUSAR commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SUSAR using the contact information below.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted SUSAR also complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission (FTC), an independent agency of the United States government, has jurisdiction over SUSAR’s compliance with Privacy Shield.
Privacy Provisions for Customers and Members located in the UK
With the advent of Brexit, people in the UK and UK subjects located in other countries are no longer protected by the provisions of the European Union’s GDPR and Privacy Shield. The following sections provide similar protections:
SUSAR warrant that the transfer and processing of personal data has been and will continue to be carried out in accordance with applicable data protection laws; and that the personal data will be processed only in SUSAR, Inc.’s behalf and in accordance with applicable data protection laws.
SUSAR warrants that the security measures used in the transfer and storage of personal data are appropriate to protect said data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure, or access, and against other unlawful forms of processing.
SUSAR also warrants that if any sub-processors are involved in the transfer and processing of personal data (for example, a merchant processor handling credit card transactions), that they will also be bound by the provisions of these two paragraphs.
Compliance with CA Consumer Privacy Act (CCPA)
SUSAR complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, SUSAR commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SUSAR using the contact information below.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted SUSAR also complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission (FTC), an independent agency of the United States government, has jurisdiction over SUSAR’s compliance with Privacy Shield.
Privacy Provisions for Customers and Members located in the UK
With the advent of Brexit, people in the UK and UK subjects located in other countries are no longer protected by the provisions of the European Union’s GDPR and Privacy Shield. The following sections provide similar protections:
SUSAR warrant that the transfer and processing of personal data has been and will continue to be carried out in accordance with applicable data protection laws; and that the personal data will be processed only in SUSAR, Inc.’s behalf and in accordance with applicable data protection laws.
SUSAR warrants that the security measures used in the transfer and storage of personal data are appropriate to protect said data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure, or access, and against other unlawful forms of processing.
SUSAR also warrants that if any sub-processors are involved in the transfer and processing of personal data (for example, a merchant processor handling credit card transactions), that they will also be bound by the provisions of these two paragraphs.
Compliance with CA Consumer Privacy Act (CCPA)
SUSAR complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, SUSAR commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SUSAR using the contact information below.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted SUSAR also complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission (FTC), an independent agency of the United States government, has jurisdiction over SUSAR’s compliance with Privacy Shield.
Privacy Provisions for Customers and Members located in the UK
With the advent of Brexit, people in the UK and UK subjects located in other countries are no longer protected by the provisions of the European Union’s GDPR and Privacy Shield. The following sections provide similar protections:
SUSAR warrant that the transfer and processing of personal data has been and will continue to be carried out in accordance with applicable data protection laws; and that the personal data will be processed only in SUSAR, Inc.’s behalf and in accordance with applicable data protection laws.
SUSAR warrants that the security measures used in the transfer and storage of personal data are appropriate to protect said data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure, or access, and against other unlawful forms of processing.
SUSAR also warrants that if any sub-processors are involved in the transfer and processing of personal data (for example, a merchant processor handling credit card transactions), that they will also be bound by the provisions of these two paragraphs.
Compliance with CA Consumer Privacy Act (CCPA)
The CCPA provides consumers (CA residents) with specific rights regarding their Personal Information. This section describes these rights and explains how to exercise them.
SUSAR may collect the following types of Personal Information:
Your name, nickname, postal address, phone numbers, email address, website, spouse and family information, work information, and emergency contact information.
Information that is specific to your membership in SUSAR, Inc. such as professional qualifications, education, interests, and affiliations.
Geolocation data.
Participation in club or association activities, such as (but not limited to) event registrations and attendance, volunteering, files downloaded, pages viewed, discussion forum and chat participation, emails received, text messages received, continuing education and certifications, collectible items owned, resources used, storefront items purchased, and surveys taken.
Activity on the SUSAR, Inc. website.
SUSAR may engage certain trusted third parties to perform functions and provide services to us, including hosting, database storage and management, credit card processing, and direct marketing. We may share your Personal Information with these third parties but only to the extent necessary to perform these contracted functions and provide these services. We require these third parties to maintain the privacy and security of the Personal Information they process on our behalf.
You have the right to see what Personal Information SUSAR has collected about you and how this information is used. If you are a member, you can log into the website to view and update your personal Profile. Non-members who have added themselves to the database (for example, by registering for an event) can go to the Contact Us page on the website and submit a request to see this information. We may require you to verify your identity before providing this information. But once this is done, it will be provided within 45 days.
You have the right to see the following information:
What categories of personal information we collected about you;
The sources of this personal information;
The business purpose for collecting this personal information;
If we have shared this personal information with any third parties.
You have the right to request that personal information collected about you be deleted. For more information, see the “Your Rights and Options” section above.
You have the right of Non-Discrimination. For exercising your CCPA rights described above, we will not deny you goods or services, charge different prices for goods or services, or provide you with a different level of goods services.
Other Provisions
This website is not intended for unsupervised access by children under the age of 13. We will not knowingly collect information from site visitors of this age group. We encourage parents to talk to their children about their use of the Internet and the information they disclose online.
If at any time you have questions, comments, or concerns about this Privacy Policy, the information practices of this website, or your rights please contact our Data Protection Officer at:
SUSAR
205 West State Street
Trenton, NJ 08608
support@susar.org