A. What information do we collect?
When you register, donate, create a profile, or fill out a form online (catalog request; email sign up; scholarship, employment, or nonprofit retreat applications) on the Platform, we request the information we need to complete your order or request. This information may include your full name, billing address, shipping address, telephone number, email address, gender, and if applicable, credit card number.
The information you provide will be used to process your order or request and improve your online experience. Once you have placed your order or donation with us, we will verify with your credit card company that your credit card is valid and send you an email message that confirms your order or donation was successfully received. We will also send you an email order confirmation once your registration, donation, or online form request has been finalized.
After you have attended a workshop in-person or online we may email a survey to gather information about your experience. Periodically we may use surveys, questionnaires, or evaluations to gather additional information from you to inform our programs and other activities. Participation in surveys is entirely voluntary.
C. What do we use your information for?
Any of the information we collect from you may be used in one or more of the following ways:
To personalize your experience
To improve our Platform
To improve customer service
To troubleshoot problems
To send periodic emails
To process your registration, request, donation, or application
For business analysis
D. How to Opt Out
Contemplative Outreach of Colorado believes in your privacy and we have created easy steps for you to limit or control the way we communicate with you.
If you do not wish to receive promotional emails from Contemplative Outreach of Colorado such as our monthly newsletter or email promotions, please follow the instructions at the end of emails you receive from us. From these emails you can unsubscribe or manage your subscription preferences. It can sometimes take up to 5 business days for our systems to reflect your changes.
Email: Send an email to firstname.lastname@example.org
Write: Send us a note addressed to: Contemplative Outreach of Colorado, 3650 Yates, Denver, CO 80212
The options listed above are specifically designed to limit or control the receipt of promotional materials and the sharing of gathered information. Contemplative Outreach of Colorado will still contact you regarding customer service, workshop and conference registration, and other related issues.
If you wish to clear tracking cookies from all of the websites you visit, you can change the preferences or settings in your web browser to control cookies. The Help menu on the menu bar of most browsers will tell you how. In some cases, you can choose to accept cookies from the primary site, but block them from third parties. In others, you can block cookies from specific advertisers or clear out all cookies.
F. Browser and Device Information
Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (e.g., Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
G. Internet Protocol Address
Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems, and administering the Services. We may also derive your approximate location from your IP address.
H. Web Server Traffic, Browsing History, Pixel Tags
We collect standard web server traffic pattern information and your browsing history. General traffic, Platform usage, browser information, and length of stay information are collected and stored in log files. Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates.
We implement a variety of security measures to maintain the safety of your personal information when you place an order or access your personal information, including offering use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems, and they are required to keep the information confidential. However, as with all information submitted online, while we strive to protect personal information, neither Contemplative Outreach of Colorado nor our service providers can guarantee the security (including but not limited to unauthorized access by third parties, loss, misuse, or alteration) of any information you transmit to us over the Internet.
Incorrect or Fraudulent Information: A credit card transaction may be canceled by Contemplative Outreach of Colorado if we reasonably determine that the order information you provided is incorrect or fraudulent, or if we reasonably believe the credit card utilized is from an unauthorized party.
Login Profile: You are responsible for maintaining the confidentiality of your account and password, and for restricting access to the computer(s) you have used to place orders. We recommend you keep this information current. Contemplative Outreach of Colorado is not responsible for updating login profile information.
Password: To provide you with an increased level of security, access to your login profile is protected with a password you select. We strongly recommend that you do not disclose your password to anyone. Your password will never be requested through unsolicited communication from Contemplative Outreach of Colorado.
Protecting children's privacy is important to Contemplative Outreach of Colorado. It is our policy to comply with the Children's Online Privacy Protection Act of 1998 and all other applicable laws. Therefore we restrict our website use to persons eighteen years or older. Therefore, we do not knowingly collect personal information from children under 18. If we learn that Contemplative Outreach of Colorado has inadvertently collected or received the personal information of a child under 18 we will take steps to delete the information.
[PLEASE NOTE: You must be 18 or older to use the Sites, and to purchase the software, products, or services offered via the Sites without an adult (parent or guardian).]
DUE TO THE AGE RESTRICTIONS FOR USE OF THIS WEBSITE, NO INFORMATION OBTAINED VIA THIS WEBSITE FALLS WITHIN THE CHILDREN'S ONLINE PRIVACY PROTECTION ACT (COPPA) AND IT IS NOT MONITORED AS DOING SO.
Notwithstanding the foregoing, if we discover or form a reasonable belief that we have received any information from a child under 18 in violation of this policy, we will delete that information. If you believe Genesis Digital has any information from a child under age 18, please contact us at the following address:
Contemplative Outreach of Colorado, 3650 Yates, Denver, CO 80212 USA
M. Social Media
Contemplative Outreach of Colorado may collect certain information from you if you interact with us via social media such as Facebook, Twitter, Google+, Instagram, and other such services. For example, you may be given the option to register for webinars, take advantage of special offers, receive mailings, newsletters or the like, via your social media account. The information we receive or collect from such social media, and our ability to collect it, may depend on the social media site, its policies, and its requirements or its technology. We may collect the information you provide from these social media interactions and may use it for various purposes to improve our services or your experience, or to contact you regarding the reason you connected with us or with additional offers in the future. Of course, you have the opportunity to opt-out at any time provided we do not require a means of contacting you to fulfill your request.
N. Your Consent
O. International Visitors to Our Platform
P. GDPR Data Privacy Statement
FOR RESIDENTS OF THE European Economic Area (EEA) ONLY.
We endeavor to ensure that any personal data we collect about you will be held and processed strictly in accordance with the Data Protection Act of 1998 (DPA) and the European General Data Protection Regulation (GDPR). Terms with meanings under GDPR are identified here:
“controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or other applicable law, the controller or the specific criteria for its nomination may be provided for by EU or other applicable law. We are considered a “Data Controller”. Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
We utilize “Data Processors (or Service Providers),” which means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
You, or any User, would be considered a “data subject”. A data subject is any living individual who is the subject of personal data.
“personal data” means any information relating to a data subject, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or other applicable law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
We process personal data based on at least one of the following statutory sources:
Permission of the data subject to the processing of his/her personal data concerning one or more specific purposes (Art. 6 Para.1 S.1 lit.a GDPR);
Completion of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 Para.1 S.1 lit.b GDPR);
Compliance with a legal obligation we are subject to (Art. 6 Para.1 S.1 lit.c GDPR);
Protection of the vital interests of the data subject or of another natural person (Art. 6 Para.1 S.1 lit.d GDPR);
Protection of our legitimate interests or those legitimate interests of a third party (Art. 6 Para.1 S.1 lit.f GDPR)
Disclosure of personal data to recipients
We only share personal data with recipients (processors of personal data or other third parties) to the extent necessary and only under one of the following conditions:
Permission of the data subject to the transfer of his/her personal data;
The transfer is necessary for the fulfillment of contractual obligations or in order to take steps at the request of the data subject prior to entering into a contract;
We are legally obligated to transfer the data;
The disclosure is based on our legitimate interests or those legitimate interests of a third party.
Under European data protection law, you have:
The right to access: You may request a copy of your personal data;
The right to rectification: You may request correction of your personal data that you believe is inaccurate or incomplete;
The right to erasure: You may request that we erase your personal data, under certain conditions enumerated under Article 17 (https://gdpr-info.eu/art-17-gdpr/);
The right to restrict processing: You may request that we restrict the processing of your personal data, under certain conditions;
5he right to object to processing: You may object to our processing of your personal data, under certain conditions;
The right to data portability: You may request that we transfer to another organization, or to you, the data we have collected about you, under certain conditions; and
You can exercise any of these rights by contacting us as follows:
Email: Send an email: email@example.com
Write: Send us a note addressed to:
Contemplative Outreach of Colorado
Denver, CO 80212
Deletion and Limitation of Personal Data
We delete personal data processed according to Art. 17 GDPR and restrict the processing of personal data pursuant to Art. 18 GDPR. Unless otherwise specified herein, personal data is deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed and the deletion does not conflict with any statutory requirements of safeguarding the personal data. If personal data is required for legally permissible purposes, it will not be deleted but its processing will be limited to such purpose. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons.
To make our Platform available to the public, we use hosting services provided by hosting providers, such as the supply of web servers, disk space, database services, security, and maintenance services. Therefore we and our hosting provider are processing personal data of users of our Platform on the basis of our legitimate interests under Art. 6 Para. 1 lit. f GDPR.
Access Data and Log Files
When you access our Platform or one of its pages, the browser on your device automatically sends information to the Platform’s server. This information is stored in so-called log files by us or our hosting provider. The following information is stored:
IP address of the computer requesting access to our Platform
Date and time of the access
Name and URL of the retrieved file
Platform from which access is made (referrer URL)
The browser used and, if applicable, the operating system of your computer
Database changes and errors
This data is processed for the following purposes, and the legal basis for such data processing is Art. 6 Para. 1 p. 1 lit. of GDPR:
Providing the Platform, including all functions and contents
Enabling an unobstructed dial-up connection to the Internet
Enabling easy utilization of our Platform
Ensuring system security and stability
Anonymized statistical evaluation of visitors accessing our Platform
Other administrative purposes
Registration / User Account
You have the opportunity to register on our Platform. Registering requires the providing of personal data. The registration is voluntary and is in accordance with Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your voluntary consent. The personal data being transferred depends on the data input in the registration form. The personal data recorded is used as described above and to contact you. You may access your personal data and make changes to it. Your data will be stored until you delete the user account or instruct us to delete your data. Other than obligations to retain your personal data on the basis of statutory retention periods, under tax and commercial law, the processing of your personal data will be restricted until the retention period expires, and then the data will be deleted.
If you register on our Platform or create a user account, we store the IP address and the time of the respective use. This storage is based on our legitimate interest under Art. 6 Para. 1 p. 1 lit. f GDPR in providing such options. The user account and data stored in connection with it also facilitate purchases, access to historical orders, and the writing of customer reviews. Transfer of this data to third parties does not take place unless it is required to fulfil contractual obligations according to Art. 6 Para. 1 lit. b GDPR or for the prosecution of any claims or if there is a legal obligation according to Art. 6 Para. 1 lit. c GDPR.
In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our Platform upon request of the data subject, we process the data of the data subject required for the fulfillment of the contract. This includes:
Data of the contractor, such as name, address and contact details, if applicable different delivery or billing addresses or recipients, roommate request, and gender;
Contractual data, such as subject of the contract, duration, and customer category;
Payment data, such as bank details, credit card data, and payment history.
The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. b GDPR. The data will be transferred to third parties only to the extent to fulfil pre-contractual and contractual obligation, e.g. to banks, payment service providers, and credit card companies for the payment transaction and to email service providers.
By using our application form you are asked to submit your name, contact information, and further application information, so we can consider your application and contact you personally. Data to process your application is processed according to Art. 6 Para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
Email Marketing to Customers
If you are our customer and we have received your email address in connection with the sale of a good or service, we are authorized to use your email address for purposes of customer service, direct marketing of similar goods or services. This only applies if you have not objected to such use and we have explicitly informed you about the possibility to object to such use when collecting the email address and every time we use your email address. Legal basis of such processing is our legitimate interest in direct marketing according to Art. 6 Para. 1 lit. f GDPR.
If you would like to receive our newsletter, we require your email address. The data processing for the purpose of sending you our newsletter is carried out pursuant to Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your voluntary consent by means of the so-called double opt-in procedure. Your email address and other provided details will be used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter. It is possible to unsubscribe from our newsletter at any time, for example via a link at the end of each newsletter. Alternatively, you can unsubscribe at any time by sending an email to the email address documented under II.
We send our newsletters with a so-called counting pixel. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow for analysis of reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter you accessed. We use this data to generate statistical evaluations about the success or failure of a marketing campaign in order to optimize the delivery of newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.
All email marketing is sent via Act-On. The provider of Act-On is Act-On Software Inc., 121 SW Morrison St, #1600, Portland, Oregon 97204, USA (hereafter “Act-On”). Act-On is used for the distribution and analysis of the reach of our email marketing. For this purpose, your email address as well as any other data required by Act-On for the supply of our email marketing will be processed on our behalf. The legal basis for processing by Act-On is Art. 6 Para. 1 lit. f GDPR and our legitimate interest to establish a user-friendly and secure newsletter system.
Payment Service Provider
This Platform uses Stripe as a payment service provider. Provider is Stripe (Headquarters) 185 Berry St # 550, San Francisco, CA 94107, USA. (hereafter "Stripe"). Stripe assumes the function of an online payment provider as well as a trustee and provides buyer and seller protection services. In case of payment via Stripe, credit card via Stripe, debit via Stripe, or – if offered – purchase on account via Stripe, your name, email address, purchased products, invoice amount, and billing and shipping address will be transferred to Stripe within the scope of the payment. If the payment methods credit card via Stripe, debit via Stripe, or – if offered – purchase on account via Stripe are used, Stripe will, if applicable, request a credit rating query, to verify creditworthiness and minimize payment defaults when deciding to accept the payment transaction. Probability values will be used for a credit rating query (so-called score values), and address data will be included into the calculation. A recognized mathematical-statistical method is the foundation of calculating those score values. If the credit rating is insufficient, Stripe can reject the chosen payment method. Legal basis of such processing: Art. 6 Para. 1 lit. b GDPR.
Statistics and Analysis
Within our website we use the so-called “Facebook-Pixel”. Provider is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Responsible for the processing of personal data of individuals in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook has entered the EU/U.S. PrivacyShield, is thereby committed to comply with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the U.S. Information on Facebook’s commitment concerning the PrivacyShield can be found at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
The use of this technology enables Facebook to assign the visitors to our Platform to certain groups (e.g. visitors to our Platform or rather according to the fields of interest we have passed on to Facebook, so-called “custom audiences”) for the display of specific advertisements and to be able to recognize them. This ensures that these users are shown only personalized advertisements and so harassment by improper advertising can be avoided. By using Facebook-Pixel we can also understand the effectiveness of our Facebook advertisements for statistical purposes and track whether and how a user has used our offer after clicking on the advertisement.
More information about Facebook-Pixel and how it works can be found at https://www.facebook.com/business/help/651294705016616. Details about Facebook’s processing of data and general information about Facebook advertisements can be found in the Facebook at https://www.facebook.com/about/privacy/update. You can opt out of the collection of your data by Facebook-Pixel, and its advertisement functions, in your Facebook account under the heading “settings”. Information about these settings can be found at https://www.facebook.com/settings?tab=ads (login required).
The use of Facebook-Pixel helps us advertise our products and services in an appropriate, tailored manner. The legal basis for such use of Facebook-Pixel is the legitimate interests of us and third parties for these purposes according to Art. 6 Para. 1 lit. f GDPR.
Services of Google
Provider of the following Google services: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”).
The legal basis for using the following Google services is our legitimate interest according to Art. 6 Para. 1 lit. f GDPR. Google has entered the EU/ U.S. PrivacyShield, is thereby committed to comply with European privacy standards, and is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the U.S. Information on Google’s commitment concerning the PrivacyShield can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Information about Google’s use of data for advertising purposes, settings and options, can be found at the following:
Demographic Characteristics by Google Analytics
Our Platform uses the function “demographic characteristics” as part of Google Analytics so reports can be created containing information such as age, gender, and interests of Platform visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data cannot be assigned to a specific person. The legal basis for the use of these Google services is our legitimate interests to optimize and optimally market our Platform according to Art. 6 Para. 1 lit. f GDPR. You can disable this feature at any time through the display settings in your Google account or generally prohibit the collection of your data by Google Analytics as outlined above.
Google Tag Manager
This Platform uses Google Tag Manager for tagging. This service allows Platform tags to be managed by a single interface. No cookies are used and no personal data is collected. The Google Tag Manager triggers other tags which may collect data. However, Google Tag Manager does not access this data. If there is a deactivation at the domain or cookie level, it will remain in effect for all tracking tags if they are implemented with the Google Tag Manager.
Social Media Plugins
Our Platform uses social media plugins of social networks. If a page of our Platform is opened with such a plugin, your browser establishes a direct connection to the server of the respective plugin, whereby the respective provider learns which page of our Platform was accessed and from which IP address. The same applies to any interaction with the respective Social Media Plugin (e.g., liking or sharing content, or commenting on a post).
If you are logged in to the respective social network at the same time, the respective provider of that social network can directly match the visit to the page of our Internet offer to your user account there. If you click on the button of the respective plugin, the corresponding information will be transmitted to the respective provider and published there as a post in the profile of your social network. If you do not want the provider to be able to match the data collected on our Platform to your respective user account from the provider, you must first log out of the respective social network. The purposes of plugins are to make our Platform better known and to share content from our Platform in social networks. The legal basis for the use of social media plugins is our legitimate interests according to Art. 6 Para. 1 lit. f GDPR of making our Platform better known through social media.
To improve or complement our content, the Platform also uses content from providers such as YouTube (Google), Vimeo, and Adobe TypeKit. The legal basis for using the following social media plugins is our legitimate interest in improving or complementing the Platform with third-party content, according to Art. 6 Para. 1 lit. f GDPR.
Our Platform displays content from YouTube, whose provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”). This service collects your IP address and, if applicable, any other data required by Google for YouTube. Information generated regarding your use of this Platform is stored on a server in the U.S. This information may also be transferred to third parties if required by law or if third parties process such data on behalf of us or Google. If you are logged in to YouTube at the same time, Google can directly match the visit to the page of our Platform and your YouTube user account. If you do not want Google to be able to match the data collected on our Platform to your respective user account on YouTube, you must first log out of YouTube.
This Platform uses external font types by Adobe Typekit. Provider is Adobe Systems Incorporated, San Francisco, 345 Park Avenue San Jose, California 95110, USA (hereafter “Adobe”). Your browser will load the required fonts into the browser cache when you visit the Platform. If your browser does not support this feature a standard font will be used by your computer to display the Platform. This service collects your IP address, which of our Platforms you have visited and, if applicable, any other data required by Adobe for the provision of the fonts. The generated information about your use of this Platform is stored on a server in the U.S.