Privacy Policy

Last updated: June 19, 2021

This Privacy Policy constitutes Vista Maria’s (“we,” “us,” or “our”) policy regarding the use and protection of personal information provided to us by you, whether personally or on behalf of an entity (“you” or “User”) while visiting vistamaria.org as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”).

You agree that by accessing the Site, you have read and understand our Privacy Policy. By using the Site, you agree to be bound by our Privacy Policy, which is incorporated into our Terms and Conditions. Please be advised the Site is hosted in the United States.

If you have privacy-specific concerns, please contact Jennifer Golabek at JGolabek@vistamaria.org.

AMENDMENTS TO POLICY

We reserve the right, in our sole discretion, to make changes or amend our Privacy Policy at any time and for any reason without prior notice.

It is your responsibility to periodically review this Privacy Policy to stay informed of updates. You will be subject to, and will be deemed to have been made aware of and to have accepted, the changes or amendments by your continued use of the Site after the date such revised Privacy Policy is posted.

PERSONAL INFORMATION COLLECTED

Pursuant to our Terms and Conditions, you may be required to register with the Site. All registration information you submit must be true, accurate, current, and complete. This information may include personal data, such as your name, email address, personal account preferences, and Third-Party Content (as defined in our Terms and Conditions) that is obtained through your use of this Site.

We do not intentionally request any sensitive personal information, as defined in applicable local law. Personal information is collected, processed, and used for purposes including, but not limited to, informing you about our events, services, and company that may be of interest to you.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

We provide programs and services that may require clients to disclose medical and other sensitive information. We maintain this information for proper diagnosis and treatment, required reporting of health information, and to receive reimbursement for services provided with the individual’s knowledge and consent. Any of this information is handled with the highest degree of confidentiality and privacy consistent with providing the highest quality medical care possible. This information will not be requested by the Site.

MEDIA USAGE

Your Contributions, Submissions, Social Network Content, and Third-Party Accounts, as defined in our Terms and Conditions, obtained through your use of this Site is publicly accessible.

PROTECTION OF PERSONAL INFORMATION COLLECTED

We maintain reasonable and appropriate administrative, technical and physical safeguards to protect your personal information against unauthorized access, use, and change. We make efforts to restrict access to personal information so that only those staff members who require knowledge about your data in order to fulfill our purpose as stated in this Privacy Policy.

Our Information Technology Department maintains an Internet security infrastructure consisting of hardware, software, policies and standards, and department staff responsible for providing technical guidance on internet security. The Information Technology Department monitors compliance with Internet security requirements and function as a computer emergency response team (“CERT”) to respond to any virus infestations, hacker intrusions, and similar events.

The Information Technology Department periodically, and no less than semi-annually conducts risk assessment of each production information system to identify risks and determine vulnerabilities.

Any of this information is handled with the highest degree of confidentiality and privacy consistent with providing the highest quality medical care possible.

DATA SHARING WITH THIRD-PARTIES

Personal information you share on the Site may be shared with third-party providers, including payment processors and third party service providers. We will not transfer, disclose, sell, distribute or lease your personal information to third parties other than as described in this Privacy Policy unless we have your permission or are required or permitted by law. In the event that we transmit personal information to third parties who provide services to us, we will use all reasonable efforts to ensure that these third parties also comply with this Privacy Policy and applicable privacy laws.

Donations made via this Site are processed by Blackbaud, Inc. on our behalf. Blackbaud encrypts personal and credit card information during all transactions and sends an automated confirmation email for all transactions. For more information regarding Blackbaud’s collection, processing, and use of your data, please review Blackbaud’s Privacy Policy.

USERS LOCATED IN FOREIGN JURISDICTIONS

If you access the Site from the European Union, Asia, or any other region of the world with laws or other requirements governing personal data collection, use, or disclosure that differ from applicable laws in the United States, then through your continued use of the Site, you are transferring your data to the United States, and you expressly consent to have your data transferred to and processed in the United States.

The General Data Protection Regulation (EU) 2016/670 (“GDPR”) applies to the processing of personal data of data subjects who are in the United Kingdom, Switzerland, European Union, Norway, Liechtenstien, and Iceland (collectively, the “Union”) by a controller or processor not established in the Union. For purposes of the GDPR, Vista Maria acts as a Data Controller for your personal information, determining the purpose and means by which data is processed. Please contact us using the Contact Information detailed below to make a complaint or assert your rights, if applicable, under the GDPR. If any complaint with us is not satisfactorily resolved, you can contact the applicable supervisory authority pursuant to Art. 77 GDPR.

The New York Stop Hacks and Improve Electronic Data Security Act (“NY SHIELD”) requires nonprofits to develop and implement a data security program that contains reasonable administrative, technical and physical safeguards for protecting against unauthorized access to personal information of New York residents. NY SHIELD defines personal information to include social security numbers, driver’s license numbers, bank account numbers, credit or debit card numbers, biometric information, and username or e-mail addresses in combination with a password or security questions. We do not intend to receive NY SHIELD personal information, but we acknowledge that this information may be obtained through User Registration as detailed in our Terms and Conditions. Please contact us using the Contact Information detailed below to make a complaint or assert your rights, if applicable, under the NY SHIELD. If any complaint with us is not satisfactorily resolved, you can contact the New York Attorney General.

The California Consumer Privacy Act of 2018 (“CCPA”) applies to general consumer information and the exercise of privacy rights by California consumers and residents. However, the CCPA does not apply to us because the CCPA definition of “business” does not include nonprofit organizations pursuant to CCPA 1798.140(c).

Personal and sensitive information collected by us is maintained in accordance with HIPAA and this Privacy Policy.

SITE USE BY MINORS

This Site is intended for users who are at least 18 years old. We do not knowingly accept, request, or solicit information from children or knowingly market to children. However, we acknowledge that users who are minors in the jurisdiction in which they reside (generally under the age of 18) may access this Site. We request that minors under the age of 18 do not submit any personal information to us via this Site. We will not knowingly ask minors to provide their personal information.

Therefore, in accordance with the U.S. Children’s Online Privacy Protection Act, 15 U.S.C. 6501-6505, if we receive actual knowledge that anyone under the age of 13 has provided personal information to us without the requisite and verifiable parental consent, we will delete that information from the Site as quickly as is reasonably practical.

CONTACT US

In order to resolve a complaint regarding the Site or to receive further information regarding use of the Site, please contact us at:

Vista Maria
20651 W. Warren Ave.
Dearborn Heights, MI 48127
Main: (313) 271-3050
Toll-free: (800) 7-VISTA-6
info@vistamaria.org