PRIVACY POLICY

WHO WE ARE

Save The Waves, a non-profit, tax-deductible environmental grassroots organization. We are a registered 501(c)3 non-profit organization, which means we have tax-exempt status from the United States government and we follow all applicable laws regarding this status. Save the Waves will use reasonable efforts to ensure that Your Confidential Information is afforded confidential treatment.

Our website address is: https://www.savethewaves.org. This privacy policy applies to www.savethewaves.org, the Save The Waves App (the “App”) and to other websites, applications, services and mobile applications on or in which this Privacy Policy is linked or referenced (collectively with the Site and the App, the “Services”).

We respect each of our site’s visitors right to personal privacy. Save the Waves Coalition promises not to share your personal information with any outside sources. No matter what your contribution to our organization might be, your personal information will be safe with us, and you will only be contacted by us to inform you of our work and important issues involving the protection of surf spots. If you have any other questions regarding our privacy policy, please contact us.

If you sign-up for our newsletter, we will keep you informed on our coastal protection programs, action alerts, fundraiser events and documentaries. You may also receive information regarding partner organizations and other groups related to Save The Waves. This information will come directly from Save The Waves and not from any third-party, this way Save The Waves is able to maintain security over your personal information.

We promise to handle your personal information confidentially as well as utilize “anti-hacking” security measures through our web server.

HOW & WHAT PERSONAL DATA WE COLLECT

Save The Waves collects information that tells us something about who you are, such as your name, phone number, email address, mailing address, or even credit card number (if you use a credit card to make a donation) through the use of our Services. We do this for two reasons; first, because we are better able to potentially alert our friends and members to local issues and events that they might be interested in and second, to monitor our progress as a non-profit. We automatically collect certain information about your web browser, IP address, time zone, GPS as applicable for posts on the Mobile App, and some cookies that are installed on your device. We also collect information on which pages and products you view, as well as websites and/or search terms that referred you to the Site.

COMMENTS

When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

MEDIA

If you upload images, you should avoid uploading images with embedded location data (EXIF GPS) included as necessary to protect privacy. Visitors to the website can download and extract any location data from images on the website. You should also avoid uploading images of yourself or other individuals if you do not want those images to be used for potential marketing activities by Save The Waves. By uploading images or content, you grant Save The Waves a worldwide, royalty-free, transferable license to use, perform, modify, display, exploit and create derivative works of such images or content in connection with marketing and advertising activities engaged in by Save The Waves.

CONTACT FORMS

We use Gravity Forms plugin for forms. Click here to find out how Gravity Forms plugin deals with submitted data.

COOKIES

Our web site uses “cookie” messages to automatically help provide better services. They remind us who you are and how you like to use our web site, based on what you’ve done and told us before. The “cookie” is placed in your computer and is read when you come back to our web site. Cookies let us take you to the information and features you’re particularly interested in. They also let us track your and others’ usage, so we know which parts of our sites are most popular. You can reject cookies or very easily cancel them later.

Also, our online store and “My Account” pages rely on cookies for core functionality; the online store and “My Account” pages will not function for you if you have cookies turned off. If you would like your browser to reject cookies, you can instruct your browser to do so.

If you leave a comment on our site, then you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

EMBEDDED CONTENT FROM OTHER WEBSITES

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

ANALYTICS

We use Google Analytics for visitor statistics. Click here to find out how Google uses this information.

HOW WE USE YOUR DATA

We use your data in order to better provide services to you and other users. This can include: improving site functionality; fulfill orders placed through the Site; to communicate with you; screen orders for potential risk or fraud; and, when in line with the preferences you’ve shared with us, provide you with information or advertising relating to our Services.

WHERE PERSONAL DATA IS STORED

BACKUPS

Per the functionality of this plugin, backups of your website files and/or database are created and stored locally on your server and/or remotely on 3rd party servers based on the settings of this plugin. Archives can include, but are not limited to, file and database assets, including hashed passwords, 3rd party data, uploads and user information. These backups are stored to provide critical functionality of this plugin.

PLUGIN SETTINGS

Some plugin settings ask for an email address or login credentials to 3rd party services. This is stored to provide functional features to the plugin.

RECENT ACTIVITY

This plugin tracks dates, times and actions of successful and unsuccessful backups and remote data transfers. This is stored to help make the plugin better and assist with troubleshooting problems.

LOGGING

This plugin logs some personal information such as email addresses, usernames, database and server information. This is stored to help make the plugin better and assist with troubleshooting problems.

HOW LONG WE RETAIN YOUR DATA

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

BACKUPS

Backup retention is completely up to the website owner of third party websites. This can vary from less than one minute to indefinitely.

COOKIES

Cookies used during the restore/import process expire after 24 hours.

PLUGIN SETTINGS

Settings are retained indefinitely until they are changed or removed manually.

WHERE WE SEND YOUR DATA

Visitor comments may be checked through an automated spam detection service. We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

BACKUPS

Backups are not automatically sent to remote destinations automatically, however backups can be configured to be sent to third-party servers.

HOW WE PROTECT YOUR DATA

Save The Waves’ Services are hosted and based in the United States. If you are visiting the Services from outside the United States, your information will be transferred to, stored and processed in the United States. Save The Waves follows regulations under the California Consumer Privacy Act.

Backup zip files are stored with hashed file names to prevent filename guessing and directory browsing is disabled.

WHAT THIRD PARTIES WE RECEIVE DATA FROM

BACKUP DESTINATIONS

Backups can be sent to third-party destination servers, including but not limited to:

BackupBuddy Stash | Privacy Policy
BackupBuddy Deployment | Privacy Policy
Amazon S3 | Privacy Policy
Dropbox | Privacy Policy
Google Drive | Privacy Policy
Rackspace Cloud | Privacy Policy
Google Firebase | Privacy Policy

Links to third party privacy policies have been included.

SECURITY LOGS

The IP addresses of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information will be retained for 14 days, or such longer period as may be required by applicable law or industry practice.

WHO WE SHARE YOUR DATA WITH

A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy.

When using the Remember Device for Two-Factor, a cookie (itsec_remember_2fa) will be set with a secure token that expires in 30 days.

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

WHAT RIGHTS YOU HAVE OVER YOUR DATA

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

You have the right to be informed of what data is collected, how it is being used, how long it will be kept, and whether it is shared with any third parties. You have the right to request a copy of the information we hold about you. You have the right to correct data that is inaccurate or incomplete. You have a right to request we transfer any data we hold about you to another company. You have the right to request that we limit the way we use your personal data and the right to challenge certain types of processing, such as direct marketing. You may ask to provide a copy of the automated processing activities if you believe that data is being processed unlawfully. You are free to exercise these rights and can do this by contacting info@savethewaves.org or by mail to 849 Almar Avenue, Suite C #163, Santa Cruz, CA 95060.

CALIFORNIA CONSUMER RIGHTS INFORMATION

California Civil Code section 1798.83 law permits residents of California to opt-out of disclosure of Personal Information to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your personal information with third parties for marketing purposes at any time by submitting a request in writing to our contact address below or by e-mailing us at info@savethewaves.org We honor all such opt-out requests and it is our policy not to share personal information with third parties for direct marketing purposes where you have submitted such a request. Please note that this opt-out does not prohibit disclosure made for non-marketing purposes.

If you are a California resident, you are entitled to request information concerning any personal information you provide to us as part of an established business relationship for personal, family, or household purposes that we disclose to nonaffiliated third parties for their direct marketing purposes. We do not share such personal information with nonaffiliated third parties for such purposes.

Under California Civil Code 189.3, Save The Waves is required to provide California residents with the following specific consumer rights information:

The Services are owned and/or operated by Save The Waves Coalition, 849 Almar Avenue, Suite C #163, Santa Cruz, CA 95060.
Unless otherwise expressly stated, the Services are provided without charge.
To submit a complaint regarding the Service or to received further information regarding use of the Service, you may contact info@savethewaves.org or by mail to 849 Almar Avenue, Suite C #163, Santa Cruz, CA 95060. You may also contact the Complaint Assistance Unit of the Division of Consumer Services of California’s Department of Consumer Affairs in writing at 400 R Street, Suite 1080, Sacramento, CA 95184 or by phone at 916-445-1254.

DISCLAIMER
We do our very best to make all our information accurate. But we do not and cannot guarantee its accuracy. This means that if you rely on it, you cannot hold us at fault for any inaccuracies. Save the Waves will have no liability to You or any other person relating to your use of any of the Save the Waves website or any errors therein or omissions therefrom. Save the Waves Recipient acknowledges and agrees that any disclosure of Confidential information will cause irreparable harm and injury to You for which money damages would be an inadequate remedy and that, you are entitled to equitable relief as a remedy for any such disclosure. Save The Waves makes no warranties, express or implied, about the accuracy, completeness, or reliability of any of the information it provides to the public.

CHANGES WITHOUT NOTICE
We may change any part of this policy, without any separate notice to users. The current policy will always be posted here. We will not change the overall purpose of this policy, which is to protect your privacy consistent with our goals as a non-profit advocacy organization dedicated to protecting the environment.

OPT-OUT
You can always “opt-out” now or at any time, to keep from receiving any unwanted messages or solicitations. If you decide to opt-out, you may do so by editing your profile here or simply email us at info@savethewaves.org with the subject line “opt-out”