Green Acton Privacy Policy and Disclosure:
Policy
Green Acton respects your right to control your data. Any personally identifiable data you give us will be shared ONLY with the Green Acton Board of Directors, and, in some circumstances detailed below, other people involved in Green Acton. We will be thoughtful about contacting you. If you want us to delete your information at any time, just let us know by writing to clerk@greenacton.org. We will NOT give your data to “trusted third parties” or other allies, or share or sell your data. We do NOT reserve the right to sell your data upon merger or acquisition. We do not anticipate changing this privacy policy, but If we do, we will notify you via email and give you a chance to have us delete your data in our records if you do not agree with the new privacy policy.
Disclosure
We are volunteers and amateurs, relying on tools (see below) created by others to store and protect your data. The most likely ways for your data ever to become public are either human error in the use of our tools, or via flaws in the tools themselves, misuse by the tool owners, or malicious activity by hackers. To help you evaluate whether or not to trust us with your data, we are disclosing the tools we use, the way we use these tools to protect your data, and our understanding of what information is protected and what is public. We are also including links to the privacy policies of the tool-makers.
How are your data collected and stored?
This policy and disclosure address the following ways in which you might interact with Green Acton and share some personally identifiable information, such as your name, email address, phone number, or personal preferences:
- the inbound email address info@GreenActon.org
- group email lists, including:
- the two Google groups:
- Green-Acton-announcements@Googlegroups.com
- Green-Acton-discussion@Googlegroups.com
- various committee lists, for example:
- the two Google groups:
- the Green Acton website GreenActon.org, a WordPress site hosted by GreenGeeks.com, including:
- posting of articles
- the commenting system for posts
- the “contact us” form
- the Green Acton Facebook presence at https://www.Facebook.com/GreenActon
- any Green Acton sign-up forms you might have filled out (digital or hard copy)
If we have your name and contact information, such as your email, address, or phone, it’s because you have voluntarily provided it via one of the means above. We don’t do any automatic data collection, such as tracking who uses the website.
Your right to review and remove the data
At any time, you can contact the Clerk at clerk@GreenActon.org, and ask to see what data we have about you. At your direction, these data can be updated or removed.
How we use the data
Your information is copied out of the systems listed above only for one of two reasons: to contact you to help support some part of Green Acton’s mission, or to store your information in a more-organized manner (to make it easier to contact you at some future time). We use the collection of networked products currently known as GSuite from Google, sometimes called Google Drive or Google Docs, to store your data in a more-organized manner. We send general announcements only to those who explicitly sign up for one of our email lists. If you have indicated some particular interest, we may contact you about that.
Alternate data storage available
If you request it, we will not copy your data into a GSuite document, and instead, store your data on non-networked software on a computer owned by a Green Acton director, or simply on paper. This information will then be used only for specific contact requests, and won’t be moved into GSuite storage unless you give us specific permission to do so.
How your data are protected
info@GreenActon.org:
This email address is published widely as a way of being in touch with Green Acton. Email services at GreenActon.org are provided by Google. We use the administrative settings to ensure that these messages are NOT archived centrally. Emails sent to this address are passed on to one or more of the directors’ personal email accounts. Those directors are bound by our privacy policy.
green-acton-announcements@googlegroups.org
The announcements list is used to send emails to anyone interested in keeping up with general Green Acton information, such as minutes and agendas of our monthly meetings, and announcements of other Green Acton events or activities. These group email services are provided by Google. Anyone can join the list by providing an email address. We use the administrative settings to ensure that only administrators (owners and managers, in Google-groups terminology) are able to see the email addresses. Anyone can see the individual messages, so it is our policy not to include personal email addresses in those messages, except for the address of the person sending the email. The administrators are Green Acton directors or officers.
green-acton-discussion@googlegroups.org
The discussion list is used to share information and discuss topics among anyone interested. Anyone can request to join the list by providing an email address. These group email services are provided by Google. We use the administrative settings to ensure that only administrators (owners and managers, in Google-groups terminology) are able to see the list of email addresses, and only group members can see the individual messages. Individual messages do contain the email address of the sender, and thus, other group members can see those email addresses.
Committee and other Green Acton group email lists
Each Green Acton committee or subcommittee, such as Plastics, Water, Land Use, Energy, et al., uses its own group email address for discussions of committee topics, and to allow those interested in a committee’s work to learn more. These group email services are provided by Google, as part of our GreenActon.org GSuite account. In other words, these group emails look like Google groups, but use the GreenActon.org name. We use the administrative settings as follows: anyone can read the emails; only committee members and Green Acton directors can see the complete list of who is on the committee list; anyone can see who a particular email is from. Green Acton has agreed that joining a committee list requires the agreement of the committee. One person on the committee, and the Green Acton Clerk, both have the actual administrative privileges to add someone.
GreenActon.org articles (“posts” and “pages” and “comments”)
The GreenActon.org website is a site hosted by GreenGeeks.com. We use a copy of WordPress publishing software to manage the site. Much of the content of the site is in the form of “posts,” each of which is publicly listed with the author’s name. WordPress also provides a commenting system, so that users who sign up for accounts can comment on articles. The connection between an author’s name and the actual email address of that author is maintained in a protected database on a GreenGeeks.com server, managed by our copy of the WordPress software. The only personally identifiable information kept with WordPress is that connection between names and email addresses. WordPress installations are often targets of hackers. We update our copy of the software when there are security updates, to increase our chances of keeping ahead of any hackers. WordPress installations, including ours, are also built by installing “plug-ins,” additional bits of code to provide specific functionality. We have installed a number of widely used security-protection plug-ins to prevent, for example, spam users from signing up for accounts. We also update these plug-ins when we are notified to do so. The Clerk and one volunteer are currently the administrators of the website: it is especially important that administrators keep their passwords protected.
The Green Geeks terms of service disallow them from looking at our databases unless they have a reasonable suspicion that we are misusing the terms of our agreement with them, or breaking the law, as described below in their terms of service.
The makers of WordPress can’t see our files directly because we are hosting the files on our own server.
Some of the plug-ins can see our files, but these plug-ins are open source files that anyone can examine. A well-known plug-in is very unlikely to contain malicious code. Plug-ins from less-well-known software writers have this risk, so we avoid using plug-ins at GreenActon.org that are not widely used and well-reviewed.
GreenActon.org Facebook page
Green Acton uses the Facebook page to amplify a motley variety of general messages related to Green Acton’s mission. Most new GreenActon.org WordPress posts are referenced in corresponding Facebook posts. As of Fall 2018, more people follow the Green Acton page than are signed up for the Green Acton announcements or discussion lists. Using Facebook, however, comes with a wide variety of well-publicized privacy risks, most of which can be managed by careful use of settings. There are many guides for doing so, including this one from Consumer Reports: https://www.consumerreports.org/privacy/facebook-privacy-settings/
Green Acton Shared GSuite Google Drive files
There is a shared Green Acton Google Drive with a large collection of files and folders. These are mostly used by committees to share information. Some of these files have been shared on the website or via widely distributed emails, and thus, are deliberately publicly viewable. Folders and files with private information are individually protected. The Clerk is the administrator of these files, but most also are editable by relevant committees or individuals. A risk is that files may have incorrect protections, or that protections are later changed to be public when they shouldn’t be. Another risk is that files or folders are shared with individuals rather than Green Acton lists, and are still shared with those individuals after they are no longer part of Green Acton. Still another risk is that some files and folders are set to allow people who do not need that access to change the protection status; there is also the risk that they may use it unskillfully. Some instances of all of these risks have been detected and fixed via periodic informal security checks by the Clerk.
Google itself has strong policies related to not using the contents of Google Drive files for marketing purposes, along with notification policies to alert us of any changes in these policies. There is a large community of privacy activists who monitor Google and help the rest of us understand the changes that Google may make in the future, and how to protect ourselves in the present. A good place to start to learn about Google privacy issues is this Wikipedia article: https://en.wikipedia.org/wiki/Privacy_concerns_regarding_Google. Here’s one of many articles on how to use Google’s privacy settings to secure your data and protect your privacy effectively:
https://www.consumerreports.org/privacy/how-to-use-google-privacy-settings/
GreenActon.org sign-up forms
Green Acton has used a variety of electronic and paper sign-up forms for people to become more connected with the organization and its projects. The paper forms are stored by the Clerk, and the information on both electronic and paper forms eventually makes its way to GSuite spreadsheets. This generally results in one or more emails, to the people who signed up, inviting them into various kinds of participation in Green Acton. To learn more about data risks of using GSuite spreadsheets, see the previous section.
Links to underlying privacy policies
Google’s privacy policies are here (includes Groups, Gmail, and GSuite): https://policies.google.com/privacy.
Our web host for GreenActon.org is Green Geeks:
https://www.GreenGeeks.com/legal/tos
Facebook privacy information:
https://www.facebook.com/privacy/explanation
(Approved 2018-11-13)