[draft 6/15/2018]

Several USNA Out members reside in the European Union.  Although the GDPR was introduced two years ago, it became enforceable starting May 25, 2018.  Our website has complied with the GDPR requirements.

Who we are

Our website address is: http://usnaout.org.

What personal data we collect and why we collect it

User Information

When you join USNA Out, we collect your class year and warfare specialty, and other verifying data that is shown in the registration form.  The IP address of your initial registration is also stored with your user profile.  This data helps us ensure that all requests to join USNA Out can be verified to be eligible to join USNA Out before the individual is granted asset to areas of our website that are viewable only by members.

Comments

When members leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string as an automatic function of the Squarespace core to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to other members (if a “blocked” post, i.e., viewable only to members) or the public for public posts in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Our contact forms will record your IP address to help spam detection.  Your IP address will be included in the messages sent to the appropriate parties and to you.  Contact forms do not include any other “hidden” data fields.  Emails sent to you and from you on all contact forms communications are retained separately by G-Suite.

Email

Email sent from our automated newsletter generator will include tags to let us know that an email has been opened and if any of the links in the email have been followed.  These tags also allow for the emails to link you to your communications preferences.  We do collect data on the conglomerate overall response to emails read and clicked through to our website by all members, but cannot access data about individual visits or click-throughs.

Emails sent from the website for account activation and password recovery are retained on the g-suite servers.  We only use this data to ensure emails are being sent and not bouncing.

Cookies

When  you log in to this site as a member, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year.  If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We may use Google Analytics or Squarespace Statistics to get a better understanding of the visitors to our site (both members and non-members) and use this information to better write our content for better Search Engine Optimization (SEO).  These tools will may record IP address and search terms used to reach our site, but collect no other user data.

Who we share your data with

Members who opt to be listed in our roster will have their name, class and warfare specialty shared with other members.  Other information that is available to share on our roster to other members is at your option.  If you have made comments on posts and you later opt to be hidden on our roster, your post comments, including your user name, will remain on the site until you delete them.

We do not share your individual data with any other outside party or agency, however, we may share conglomerated data about our membership in whole.  See about us for examples of data shared.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

We also store the personal information you provided in your user profile. All users can see, edit, or delete your personal information at any time (except you cannot change your username). Website administrators can also see and edit that information.

What rights you have over your data

As a member, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Please use the Contact link in the menu above to contact us.  Note that as a logged in user, the subject choices for messages are different from those available to the general public.  Also note that our administrators are all volunteer leaders, sometimes serving at sea, and may not be able to get back to you immediately.

Additional information

How we protect your data

We have obtained SSL certificates so that our users can only access our website via SSL links (https://).  Passwords sent between your device and our servers are encrypted.   Your communications preferences require two factor authentication.  Our web administrator ensures any other assistant membership administrators are trained in personnel verification and privacy.

What third parties we receive data from

We use data from USNA.com, facebook and often through personal references to ensure that people requesting to join USNA Out are verified to be eligible as alumni, midshipmen, faculty, staff or parents of midshipmen or alumni to join us.

What automated decision making and/or profiling we do with user data

Other than for defining the makeup of our overall members, as discussed above, none.