Hidden Gem Family Center: PRIVACY POLICY

PRIVACY POLICY

Hidden Gem Family Center

1. Purpose

This policy addresses the standards and procedures of the Hidden Gem Family Center when handling information about you; how it may be used and disclosed plus safeguards. This policy includes the standards for how The Hidden Gem will collect, use, and disclose the data collected for its programs, including the collection, use, and disclosure of protected personal information (PPI). This policy is to be reviewed annually, and may be amended at any time in order to reflect changes in the Hidden Gem Family Center privacy standards.

This policy is not a contract but it shall govern all actions wherein the Hidden Gem Family Center data is the subject. A link to this policy will be made available on the Hidden Gem Family Center website and a physical copy can be obtained by request. This policy meets the legal requirement to maintain and preserve the confidentiality of PPI.

2. Website

The Hidden Gem Family Center maintains a website as a service to our volunteers and supporters, and as a source of information for those interested in learning more about the Hidden Gem Family Center. Visitors to this site, who provide information, do so voluntarily. Visitors need not register or provide any PPI to access any part of this site.

This privacy statement demonstrates our commitment to online and offline privacy. The following formally discloses the information gathering and dissemination practices for this website.

a. WEB Site Information Collection and Use

The Hidden Gem Family Center collects only information that is voluntarily submitted. We will not share or sell information in any manner that is provided. The sole use of this information is for contact purposes—to send receipts, “Thank You” letters, and Newsletters—and to respond to questions or comments from website visitors.

b. Donations

The “Online Donations” form allows our supporters to donate conveniently via the internet. This form collects PPI including contact and credit account information and stores the data in a database hosted at our web host company, https://paypal.com. The information stored includes the following:

- Name, address, email, and phone if provided

- Donation amount, type of card, and expiration date

NOTE: Your complete credit card number is NOT stored in the database. The database stores a masked form of the number that includes only the last four digits, e.g., XXXX-XXXX-XXXX-1234.

Credit account information that is collected is transmitted from our web server to PayPal.

Corporation where the online transaction is processed on their secure servers. This occurs when the donor clicks the “Donate” button on the “Donate Check Out” form.

c. Information Sharing

The Hidden Gem Family Center does not share information with any person, organization, or other entity except as outlined above related to the “Online Donations” form. The sharing occurs when the “Donate” button is clicked and the data is sent to Square Pay for processing.

d. Security

The website server uses Secure Sockets Layer (SSL) encryption to secure the exchange of data. This protocol applies to the “Online Donations” form and to the transmission of that data to PayPal. 

e. Choice/Opt-Out

If anyone wants to be added or removed from our mailing list or e-news, you may:

 Send email to: hiddengemfamilycenter@gmail.com requesting to be removed from the list.

 Send postal mail to: Hidden Gem Family Center 115 S. 7th Street Gatesville, TX 76528

 Call the Hidden Gem Family Center at 254-216-1813

f. Corrections/Update

Donors may notify the Hidden Gem Family Center of a change to information previously provided using one of the contact options noted under Choice/Opt-Out.

4. Health Information
PPI may be collected through one of our programs but is protected by the HIPAA Privacy Rule. Generally, protected health information is information that identifies an individual created or received by a health care provider, health plan or an employer on behalf of a group health plan that relates to physical or mental health conditions, provision of health care, or payment for health care, whether past, present or future.

 

How We May Use Your Protected Health Information
Under the HIPAA Privacy Rule, we may use or disclose your protected health information for certain purposes without your permission. This section describes some of the ways we can use and disclose your protected health information.

 

To Business Associates: We may enter into contracts with entities known as Business Associates that provide services to or perform functions on behalf of the Organization. We may disclose protected health information to Business Associates once they have agreed in writing to safeguard the protected health information. For example, we may disclose your protected health information to a Business Associate to assist in substance abuse recovery. Business Associates are also required by law to protect protected health information.
 

3. Storage and Disposal of Private or Sensitive Data

 · Paper documents and electronic files will be stored in such a way as to provide two (2) levels of security. Examples: a locked filing cabinet inside a locked office or building, or a locked closet inside a locked office or building, or a password-protected computer inside a locked office or building.
· Paper documents that need to be transported between physical buildings of the Hidden Gem Family Center will be stored inside a marked clasped envelope, with the staff member couriering the documents either handing them directly to another staff member or placing them in an agreed upon locked location.
· Paper documents used to collect data will be disposed of by either micro-shredding in-house at the Hidden Gem Family Center, or through a secure third-party shredding vendor.
· Paper documents will be kept the length of time to be in compliance with any federal, state or city requirements. Typically documents will not be kept longer than eight (8) years.
· Electronic data files with regard to personal private information are stored in password protected computers as mentioned above. The computer hard drives will be wiped clean before being disposed of by the Hidden Gem Family Center.
· A client’s consent to collect the data may be inferred when a privacy notice is posted at the intake desk or a comparable location.
· In order to collect data on a third party (the client’s household or emergency contacts), a written consent must be obtained from the client.

 

a. Data collected by the partner agency may include, but is not limited to, the following:
· Protected Personal Information (PPI), such as name, social security number, date of birth, gender, race, ethnicity, marital and family status, household relationships, veteran status, and disabling conditions;
· Housing information, such as address history, housing status, reason for homelessness;
·Program-specific information including, but not limited to, income, non-cash benefits,
educational attainment, employment status, domestic violence experience, health status and
medical information;
· Transactional information such as service need, provision, and outcome.

 b. Reasons for disclosures
The prime reason we disclose your data is to provide and coordinate services between partner agencies. Disclosures are also made for some administrative purposes that relate to agency functioning and in the application for funding. In cases when data is disclosed to an agency, the agencies will de-identify all client data, in order that no PII is passed on, except for the following reasons:
· To avoid a serious health or safety threat, if the partner agency believes that the use or disclosure of PII is necessary to prevent or lessen a serious threat to an individual or the public.
· To disclose reports of abuse, neglect or domestic violence to the proper authorities and to refer the client to the appropriate, confidential services.
· In response to a legal law enforcement request or to report a death as a result of possible criminal conduct.
· For national security and intelligence activities.
· In response to a relevant medical emergency.
· To funeral directors, coroners, and/or medical examiners, as necessary to carry out their
respective responsibilities.
· As needed to remain in compliance with local, state, and national law.

 

c. Privacy Rights
Clients with data at The Hidden Gem have the following rights:
· To inspect and obtain a physical copy of their data. The partner agency providing the copy will explain any data that the client may not understand.
· The client has the right to request a correction of any inaccurate or incomplete PPI that is present. If the request is granted, the partner agency may delete it, amend it, or mark it as inaccurate or incomplete. If the request is denied, the client will receive a written explanation for why their request was denied. The client has the right to submit a written statement disagreeing with the agency’s dissent.
· To obtain what disclosures of their PPI have been made within a set timeframe. This list does not have to include disclosures that were made for law enforcement officials, correctional facilities, national security or intelligence inquiries.
To make a written complaint about privacy policies, practices or other security concerns. All complaints may be submitted to the Hidden Gem Family Center 115 S 7th Street Gatesville, TX 76528

 d. Remote Access to Data
· Utilizing remote access to computers is limited to the Hidden Gem Family Center staff and/or Board of Directors.