This Privacy Policy describes how aksummarathon.org collects, uses, and discloses information when you visit and interact with our website. By using this Site, you accept the practices described in this Privacy Policy. This policy applies only to information collected through this Site.
A. Information We Collect
We collect various types of information to operate our website, process transactions, and improve user experience:
Automatically Collected Information (e.g., Google Site Kit): As you browse the Site, we and our web hosting service may automatically collect certain data, such as “hit data” or other web statistics, through technologies like “cookies” and “web beacons.” This information may include your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of access. We use Google Site Kit on our WordPress website, which integrates various Google services, including Google Analytics, Google Search Console, and PageSpeed Insights, to gather metrics data such as traffic, session duration, keywords, and website performance, and presents them directly within your WordPress dashboard. Google Analytics, which is a core component integrated via Site Kit, uses unique online identifiers, cookies, and IP addresses, which are considered personally identifiable information (PII) under certain privacy regulations. This data is used to maintain and improve the Site, for example, by evaluating popular sections, determining visitor origins, and tracking page access frequency. Google may also use data collected from Google Analytics to improve its products and services. This data is not used to retrieve information unrelated to your visit or interaction with the Site.
Voluntarily Provided Information: We collect personally identifiable information that you voluntarily provide to us when you engage with our services. This includes, but is not limited to:
Registration and Contact Information: Your name, email address, phone number, and mailing address when you register for an account, sign up for newsletters, or submit inquiries through contact forms.
Transaction Information: When you purchase merchandise or event tickets, we collect necessary financial information, such as credit card details. We use industry-standard encryption technologies (e.g., HTTPS) for the secure transmission and receipt of sensitive visitor data via the Site.
B. How We Use Your Information
The information we collect is used for the following purposes:
To process your merchandise orders and event ticket purchases.
To manage your registrations and provide access to relevant content or services.
To send you updates, newsletters, and information related to aksummarathon.org’s mission and activities.
To respond to your inquiries and provide customer support.
To analyze website usage and trends to improve our website’s design, content, and functionality.
To ensure the security and integrity of our website and data.
C. Disclosure of Your Information
We may disclose your information to third-party service providers who assist us in operating our website, processing payments, managing events, or analyzing data (e.g., payment gateways, email marketing services, Google Site Kit, and the Google services it integrates). We require these third parties to adhere to appropriate security and privacy standards consistent with this policy and applicable laws. We may also share information if required by law, such as in response to a subpoena or other lawful request. We may share non-personally identifiable information publicly and with our partners, such as to show trends about the general use of our services.
D. Public Forums
If aksummarathon.org features message boards, blogs, or other public forums, any information you reveal in such a public forum, including personally identifiable information, is by design open to the public and is not subject to this Privacy Policy. You should think carefully before disclosing any personally identifiable information in any public forum, as what you write may be seen, disclosed, or collected by third parties and may be used by others in ways we are unable to control or predict.
E. User Consent and Google Site Kit
Currently, aksummarathon.org does not implement a consent management plugin to obtain explicit user consent for data tracking via Google Site Kit. It is important to note that Google Site Kit integrates services like Google Analytics, which utilize cookies and unique online identifiers considered personally identifiable information (PII) under various privacy regulations. For full compliance with laws such as GDPR and CCPA, a consent management solution is generally required to allow visitors to agree or disagree to data collection. Without a third-party consent management plugin, user data may not be tracked in Google Analytics and Google Ads reporting, or may be tracked without explicit consent, depending on Google Site Kit’s default settings and the specific privacy laws applicable to your visitors. As the site owner, aksummarathon.org is responsible for managing notice and consent requirements, including EU User Consent Policy (EUUCP) requirements, as described in Google’s User Consent Policy. We recommend using a compatible consent management plugin (e.g., Complianz, Cookiebot CMP) to ensure proper user consent for data collection, especially for statistics and marketing data.
As an organization that owns or licenses personal information about residents of the Commonwealth of Massachusetts, aksummarathon.org is subject to the Massachusetts Standards for the Protection of Personal Information (201 CMR 17.00) and 940 CMR 27.00: Safeguard of Personal Information. These regulations establish minimum standards for safeguarding personal information in both paper and electronic records, ensuring security and confidentiality consistent with industry standards.
To comply with these regulations, aksummarathon.org implements and maintains a comprehensive information security program that includes, but is not limited to, the following technical and administrative safeguards for all personal information handled through our website:
Secure User Authentication Protocols: We implement controls for user IDs and other identifiers, and use a reasonably secure method for assigning and selecting passwords (at least seven letters and numbers, periodically changed). We control data security passwords to ensure they are kept separate from the data they access. Access is restricted to active users and accounts only, and access is blocked after multiple unsuccessful login attempts.
Secure Access Control Measures: Access to records containing personal information is restricted only to those whose job duties require it. Unique user IDs and non-vendor-supplied passwords are assigned to each person with computer access.
Encryption: All transmitted records and files containing personal information that travel across public networks (e.g., your website) are encrypted. All data containing personal information to be transmitted wirelessly is encrypted. Additionally, any personal information stored on laptops or other portable devices is encrypted.
Monitoring: We conduct reasonable periodic monitoring of systems for unauthorized use of or access to personal information, including recording audit trails for user activity.
Firewall Protection and Operating System Security Patches: For electronic files containing personal information on a system connected to the Internet, we maintain reasonably up-to-date firewall protection and operating system security patches, designed to maintain the integrity of the personal information.
System Security Agent Software: We utilize the most current version of system security agent software, including anti-spyware and antivirus software, with up-to-date patches and virus definitions, set to receive regular updates.
Employee Education and Training: Employees are educated and trained on the proper use of the computer security system and the importance of personal information security.
Vendor Management: We take reasonable steps to select and retain third-party service providers (e.g., web hosting, payment gateways, and analytics providers like Google Site Kit and the Google services it integrates) that are capable of maintaining appropriate security measures to protect personal information.