Website & Social Marketing Privacy Practices

 Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally identifiable information’ (PII) is being used online. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your email address, mailing address, phone number, credit card information or other details to help you with your experience.
When do we collect information?
We collect information from you when you subscribe to a newsletter, fill out a form or enter information on our site.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

       To personalize user’s experience and to allow us to deliver the type of content in which you are most interested.
       To improve our website in order to better serve you.
       To allow us to better service you in responding to your customer service requests.
       To quickly process your transactions.
       To send periodic emails regarding your order or other products and services.
How do we protect visitor information?
We do not use vulnerability scanning and/or scanning to PCI standards.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted .
We implement a variety of security measures enters, submits, or accesses their information to maintain the safety of your personal information.
For your convenience we may store your credit card information kept for more than 60 days in order to expedite future orders, and to automate the billing process.
Do we use ‘cookies’? We do not use cookies for tracking purposes
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled that make your site experience more efficient and some of our services will not function properly. However, you can still place orders.
Third Party Disclosure:We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.

Third party links: We do not include or offer third party products or services on our website.

Google: Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have not enabled Google AdSense on our site but we may do so in the future.
California Online Privacy Protection Act: CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy.
According to CalOPPA we agree to the following:
Users can visit our site anonymously
Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
Our Privacy Policy link includes the word ‘Privacy’, and can be easily be found on the page specified above.
Users will be notified of any privacy policy changes:
       On our Privacy Policy Page
Users are able to change their personal information:
       By emailing us @ callie.vanderbilt@windwoodfarm.org or deborah.mckelvey@windwoodfarm.org
       By calling us @ 843-884-5342 x224
How does our site handle do not track signals?
We do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third party behavioral tracking?
It’s also important to note that we do not allow third party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via our website, and email
       Within 1 business day
Individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

 

South Carolina Code of Laws on the Internet

While every effort was made to ensure the accuracy and completeness of the unannotated South Carolina Code available on the South Carolina General Assembly’s website, the unannotated South Carolina Code is not official, and the state agencies preparing this website and the General Assembly are not responsible for any errors or omissions which may occur in these files. Only the current published volumes of the South Carolina Code of Laws Annotated and any pertinent acts and joint resolutions contain the official version.

Title 30 – Public Record
FAMILY AND PERSONAL IDENTIFYING INFORMATION PRIVACY PROTECTIO

SECTION 30-2-20. Privacy policies and procedures required of all state entities.

All state agencies, boards, commissions, institutions, departments, and other state entities, by whatever name known, must develop privacy policies and procedures to ensure that the collection of personal information pertaining to citizens of the State is limited to such personal information required by any such agency, board, commission, institution, department, or other state entity and necessary to fulfill a legitimate public purpose.

HISTORY: 2002 Act No. 225, Section 1.

SECTION 30-2-30. Definitions.

For purposes of this act, the following terms have the following meanings:

(1) “Personal information” means information that identifies or describes an individual including, but not limited to, an individual’s photograph or digitized image, social security number, date of birth, driver’s identification number, name, home address, home telephone number, medical or disability information, education level, financial status, bank account numbers, account or identification number issued by or used, or both, by any federal or state governmental agency or private financial institution, employment history, height, weight, race, other physical details, signature, biometric identifiers, and any credit records or reports.

“Personal information” does not mean information about boating accidents, vehicular accidents, driving violations, boating violations, or driver status, or names and addresses from any registration documents filed with the Department of Revenue as a business address which also may be a personal address.

(2) “Legitimate public purpose” means a purpose or use which falls clearly within the statutory charge or mandates of an agency, board, commission, institution, department, or other state entity.

(3) “Commercial solicitation” means contact by telephone, mail, or electronic mail for the purpose of selling or marketing a consumer product or service. “Commercial solicitation” does not include contact by whatever means for the purpose of:

(a) offering membership in a credit union;

(b) notification of continuing education opportunities;

(c) selling or marketing banking, insurance, securities, or commodities services provided by an institution or entity defined in or required to comply with the Federal Gramm-Leach-Bliley Financial Modernization Act, 113 Stat. 1338; or

(d) contacting persons for political purposes using information on file with state or local voter registration offices.

(4) “Medical information” includes, but is not limited to, blood samples and test results obtained and kept by the Department of Health and Environmental Control pursuant to Section 44-37-30.

HISTORY: 2002 Act No. 225, Section 1; 2003 Act No. 20, Section 1; 2003 Act No. 69, Section 3.II.

SECTION 30-2-40. Display of privacy policy on web site; access to personal information disclosure; criminal justice and judicial agency exception.

(A) Any state agency, board, commission, institution, department, or other state entity which hosts, supports, or provides a link to page or site accessible through the world wide web must clearly display its privacy policy and the name and telephone number of the agency, board, commission, institution, department, or other state entity person responsible for administration of the policy.

(B) Where personal information is authorized to be collected by an entity covered by this section, the entity must at the time of collection advise the citizen to whom the information pertains that the information is subject to public scrutiny or release.

(C) Subsection (B) does not apply to criminal justice or judicial agencies, or both.

HISTORY: 2002 Act No. 225, Section 1.

SECTION 30-2-50. Obtaining personal information from state agency for commercial solicitation; penalty.

(A) A person or private entity shall not knowingly obtain or use any personal information obtained from a state agency for commercial solicitation directed to any person in this State.

(B) Each state agency shall provide a notice to all requestors of records pursuant to this chapter and to all persons who obtain records pursuant to this chapter that obtaining or using public records for commercial solicitation directed to any person in this State is prohibited.

(C) All state agencies shall take reasonable measures to ensure that no person or private entity obtains or distributes personal information obtained from a public record for commercial solicitation.

(D) A person knowingly violating the provisions of subsection (A) is guilty of a misdemeanor and, upon conviction, must be fined an amount not to exceed five hundred dollars or imprisoned for a term not to exceed one year, or both.

(E) This chapter does not apply to a local governmental entity of a subdivision of this state or local government.

The General Assembly finds:

(1) The social security number can be used as a tool to perpetuate fraud against an individual and to acquire sensitive personal, financial, medical, and familial information, the release of which could cause great financial or personal harm to the individual. While the social security number was intended to be used solely for the administration of the federal Social Security System, over time this unique numeric identifier has been used extensively for identity verification purposes and other legitimate consensual purposes.

(2) Although there are legitimate reasons for state and local government entities to collect social security numbers and other personal identifying information from individuals, government entities should collect the information only for legitimate purposes or when required by law. An entity that provides employee benefits has a legitimate need to collect and use social security numbers and personal identifying information as part of its administration and provision of employee benefits programs.

(3) When state and local government entities possess social security numbers or other personal identifying information, the governments should minimize the instances this information is disseminated either internally within government or externally with the general public.

SECTION 30-2-310. Collection of and maintenance and disposition of records containing social security numbers by public agencies.

(A)(1) Except as provided in Sections 30-2-320 and 30-2-330 of this article, a public body, as defined in Section 30-1-10(B), may not:

(a) collect a social security number or any portion of it containing six digits or more from an individual unless authorized by law to do so or unless the collection of the social security number is otherwise imperative for the performance of that body’s duties and responsibilities as prescribed by law. Social security numbers collected by a public body must be relevant to the purpose for which collected and must not be collected until and unless the need for social security numbers has been clearly documented;

(b) fail, when collecting a social security number or portion of it containing six digits or more from an individual, to segregate that number on a separate page from the rest of the record, or as otherwise appropriate, so that the social security number may be easily redacted pursuant to a public records request;

(c) fail, when collecting a social security number or any portion of it containing six digits or more from an individual, to provide, at the time of or before the actual collection of the social security number by that public body, upon request of the individual, a statement of the purpose or purposes for which the social security number is being collected and used;

(d) use the social security number or a portion of it containing six digits or more for any purpose other than the purpose stated;

(e) intentionally communicate or otherwise make available to the general public an individual’s social security number or a portion of it containing six digits or more or other personal identifying information. “Personal identifying information”, as used in this section, has the same meaning as “personal identifying information” in Section 16-13-510, except that it does not include electronic identification names, including electronic mail addresses, or parent’s legal surname before marriage;

(f) intentionally print or imbed an individual’s social security number or a portion of it containing six digits or more on any card required for the individual to access government services;

(g) require an individual to transmit the individual’s social security number or a portion of it containing six digits or more over the Internet, unless the connection is secure or the social security number is encrypted;

(h) require an individual to use the individual’s social security number or a portion of it containing six digits or more to access an Internet web site, unless a password or unique personal identification number or other authentication device is also required to access the Internet web site; or

(i) print an individual’s social security number or a portion of it containing six digits or more on materials that are mailed to the individual, unless state or federal law requires the social security number be on the mailed document.

(2) An entity that collects and uses social security numbers or other personal identifying information as part of the maintenance and reporting of employment records or the administration or provision of employee benefits programs is exempt from the prohibitions in this subsection.

(B) Before a public body, as defined in Section 30-1-10(B), may transfer or dispose of information technology hardware or storage media owned or leased by it, all personal and confidential information must be removed and the hardware and storage media must be sanitized in accordance with standards and policies adopted by the State Budget and Control Board, Division of the State Chief Information Officer. The director or appropriate information technology manager of the public body owning or leasing the information technology hardware or storage media shall verify that all personal and confidential information is removed and the information technology hardware and storage media are sanitized in accordance with those standards and policies before the transfer or disposal occurs.

(C) When a public body disposes of a record that contains personal identifying information of an individual, the body shall modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable.

(D) A public body is considered to comply with subsection (C) if it contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the body in accordance with subsection (C).
SECTION 30-2-320. Disclosure of social security numbers and identifying information.

Social security numbers and identifying information may be disclosed:

(1) to another governmental entity or its agents, employees, or contractors, if disclosure is necessary for the receiving entity to perform its duties and responsibilities, including a debt collected pursuant to the Setoff Debt Collection Act, Section 12-56-10, and the Governmental Enterprise Accounts Receivable Collections program, Section 12-4-580. The receiving governmental entity and its agents, employees, and contractors shall maintain the confidential and exempt status of those numbers;

(2) pursuant to a court order, warrant, or subpoena;

(3) for public health purposes;

(4) on certified copies of vital records issued by the director of the Department of Health and Environmental Control as the state registrar, pursuant to Section 44-63-30 and authorized officials pursuant to Section 44-63-40. The state registrar may disclose personal identifying information other than social security number on an uncertified vital record;

(5) on a recorded document in the official records of the county;

(6) on a document filed in the official records of the courts; and

(7) to an employer for employment verification or in the course of administration or provision of employee benefit programs, claims, and procedures related to employment including, but not limited to, termination from employment, retirement from employment, injuries suffered during the course of employment, and other such claims, benefits, and procedures.

HISTORY: 2008 Act No. 190, Section 3.B, eff December 31, 2008.

SECTION 30-2-330. Removal of social security numbers and other identifying information from official records filed by register of deeds or clerk of court or county.

(A) A person preparing or filing a document to be recorded or filed in the official records by the register of deeds or the clerk of court of a county may not include an individual’s social security, driver’s license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords in that document, unless otherwise expressly required by law or court order or rule adopted by the state registrar on records of vital events. A loan closing instruction that requires the inclusion of an individual’s social security number on a document to be recorded is void. A person who violates this subsection is guilty of a misdemeanor, punishable by a fine not to exceed five hundred dollars for each violation.

(B) Notwithstanding Section 30-1-30, or another provision of law, an individual or his attorney-in-fact or legal guardian may request that a register of deeds or clerk of court remove, from an image or copy of an official record placed on a publicly available Internet web site or a publicly available Internet web site used by a register of deeds or court to display public records by the register of deeds or clerk of court, the individual’s social security, driver’s license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords contained in that official record. The request must be made in writing, legibly signed by the requester, and delivered by mail, facsimile, or electronic transmission, or delivered in person to the register of deeds or clerk of court. The request must specify the identification page number that contains the social security, driver’s license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords to be redacted. The register of deeds or clerk of court has no duty to inquire beyond the written request to verify the identity of an individual requesting redaction. A fee must not be charged for the redaction pursuant to the request.

(C) A register of deeds or clerk of court immediately and conspicuously shall post signs throughout his offices for public viewing and a notice on any Internet web site or remote electronic site made available by the register of deeds or clerk of court and used for the ordering or display of official records or images or copies of official records a notice, stating, in substantially similar form, the following:

“A person preparing or filing a document for recordation or filing in the official records may not include a social security, driver’s license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords in the document, unless expressly required by law. An individual has a right to request a register of deeds or clerk of court to remove, from an image or copy of an official record placed on a publicly available Internet web site or on a publicly available Internet web site used by a register of deeds or clerk of court to display public records, any social security, driver’s license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords contained in an official record. The request must be made in writing and delivered by mail, facsimile, or electronic transmission or in person, to the register of deeds or clerk of court. The request must specify the identification page number that contains the social security, driver’s license, state identification, passport, checking account, savings account, credit card, debit card number, or personal identification (PIN) code, or passwords to be redacted. There is no fee for the redaction pursuant to request.”

Contacting Us
If there are any questions regarding this privacy policy you may contact us using the information below.
www.windwoodfarm.org
Awendaw, SC
29429
USA
deborah.mckelvey@windwoodfarm.org
Last Edited on 2014-12-29