Privacy Policy

1. Introduction

Pan-Massachusetts Challenge Inc. (“PMC” “Pan-Mass”, “Pan-Mass Challenge” or “we” or “us”), a U.S. Federal 501(c)(3) non-profit organization (and registered as a non-profit in every U.S. State, where required), respects your privacy and is committed to protecting it through our compliance with this privacy notice. We value the support of our riders, donors, sponsors, volunteers, and others who support PMC or our events (collectively, “Supporters”) and know that protecting Personal Data (as defined below) is important to our Supporters.

This Privacy Notice (our “Privacy Notice”) describes the types of information we may collect, use, maintain, protect, disclose, or otherwise process about you as a Supporter:

  • when you visit any website pages at the following domains that have a link to this Privacy Notice (each, a “Website”): *.pmg.org; *.unpaved.org; and/or *.wintercycle.org, including when you make a purchase on one of our Websites;
  • when you install and use our Pan-Mass Challenge (or other) mobile applications that you download from an authorized distribution site, such as the Apple App Store® or the Google Play Store® (each, an “Application”); and
  • when you make a donation or register to be a rider or a volunteer for one of our events (each, an “Event”).

This Privacy Notice also describes our practices for collecting, using, maintaining, protecting, disclosing, or otherwise processing any of the above information.

This policy applies to information we collect:

  • on our Websites;
  • on or through our Applications;
  • when you register to be a rider, volunteer, or other attendee for one of our Events;
  • when you make a donation (either on our Websites, through a rider’s campaign page, at an Event, over the phone, or by mailing a check); and
  • in email, text, and other electronic messages between you and PMC through any medium.

It does not apply to information collected by:

  • us through any other means, including on any other website operated by PMC or any third-party;
  • us or any of our affiliates or subsidiaries related to your or any other individual’s employment or potential employment with us; or
  • any third party, including through any application or content (including advertising) that may link to or be accessible from the Website.

Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Websites and Applications and not participate in an Event. By accessing or using our Websites or Applications, or by participating, attending, or registering to participate or attend an Event, you agree to this Privacy Notice. This Privacy Notice may change from time to time (see Changes to Our Privacy Notice). Your continued use of our Websites and Applications or continued participation, attendance, or registering to participate or attend in an Event after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates.

2. Children Under the Age of 13.

We welcome children under the age of 13 to participate in appropriate Events (some of our Events are specifically for children), when they are registered for the Event by a parent or legal guardian.

Our Websites and Applications are not intended to be used directly by children under 13 years of age, and children under 13 cannot directly register themselves for any Event. No one under age 13 may directly provide any personal information to or on the Websites and Applications. We do not knowingly collect Personal Data directly from children under 13. If you are under 13, do not use or provide any information on our Websites and Applications or on or through any of their respective features, register on or through the Websites or Applications, make any purchases through the Websites or Applications, use any of the interactive or public comment features of our Websites and Applications, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data directly from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information directly from a child under 13, please contact us at panmass@pmc.org.

We only collect Personal Data from children over 13 but under 18 with the written consent of the parent or guardian (or from the parent or guardian directly).

3. Information We Collect About You and How We Collect It.

Throughout this Privacy Notice, the term “Personal Data” means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device. However, Personal Data does not include any deidentified or aggregated information.

Generally

We collect Personal Data from various sources, including:

  • directly from you when you provide it to us;
  • automatically as you navigate through or otherwise use the Websites or Applications;
  • information that we create about you as you use our Websites or Applications; and
  • From third parties, for example, our business partners.

Information You Provide to Us

We collect the following types of Personal Data directly from you when you access or use our Websites or Applications, or when you participate, attend, or register to participate or attend an Event:

  • For Riders: real name, postal address, email address, telephone number, account name, credit or debit card number, title, current employer name, visual information (photographs) when you provide it to us as part of your fundraising campaign, medical information, age, birthdate, medical conditions, gender identity, and records of Events participated in or considered to participate in. Note that your credit or debit card number is sent directly to our payment processor, and we only receive a tokenized version of your debit or credit card number that may only be used with our payment processor for refunds (when applicable), repeat registrations, and other similar purposes.
  • For Volunteers: real name, postal address, email address, telephone number, medical information, age, birthdate, visual information (photographs) when you provide it to us as part of your volunteer campaign, medical conditions, gender identity, and records of Events volunteered for or considered to volunteer for.
  • For Donors: real name, home/work postal address, home/work email address, home/work telephone number, credit or debit card number, and employer name, donation history (including types and amounts of donations). Note that your credit or debit card number is sent directly to our payment processor, and we only receive a tokenized version of your debit or credit card number that may only be used with our payment processor for refunds (when applicable), ongoing/repeat donations, and other similar purposes.
  • For Event Attendees: real name, home/work postal address, home/work email address, home/work telephone number, credit or debit card number, title, employer name, employment history, records of Events attended, registered for, or considered to be attended or registered for.
  • For all Other Website Users (i.e., who purchase our PMC merchandise or otherwise browse the website): real name, home/work postal address, home/work email address, home/work telephone number, credit or debit card number, title. Note that your credit or debit card number is sent directly to our payment processor, and we only receive a tokenized version of your debit or credit card number that may only be used with our payment processor for refunds (when applicable) and other similar purposes.

In addition, we also collect other types of information that you may provide when you fill out a form or through your correspondence with us.

The Personal Data we collect on or through our Websites and Applications through:

  • information that you provide by filling in forms on our Websites or Applications or at an Event. This includes information provided at the time of registering to use our Websites and Applications as a rider, donor, or to attend or participate in an Event, posting material, or requesting further services. We may also ask you for information when you report a problem with our Websites or Applications;
  • information you may provide to us when you attend an Event;
  • if you contact us, records and copies of your correspondence (including email addresses);
  • your responses to surveys that we might ask you to complete for research purposes;
  • details of transactions you carry out through our Websites and Applications (for example, when you register to be a rider or attendee at an Event).
  • details of donations you make at or during one of our Events or on our Websites (including when you contribute to a campaign by one of our Riders for an Event). You may be required to provide financial information before placing a donation; and
  • your search queries on the Websites and Applications;

You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Websites and Applications or transmitted to other users of the Websites or Applications or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Websites with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Websites or Applications, we may use automatic data collection technologies to collect certain Personal Data about your interaction with our Websites or Applications, including information about your equipment, browsing actions, and patterns. This includes:

  • details of your visits to, and use of, our Websites and Applications. This includes: traffic data, logs, date and time of your visit to our Websites, error information, and other communication data and the resources that you access, use, or otherwise interact with on or through the Websites or Applications; and
  • Information about your computing device and internet connection, i.e., your IP address, operating system, device make and model, and browser type.

The information we collect automatically is statistical data and may include Personal Data, or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Websites and Applications and to deliver a better and more personalized service by enabling us to:

  • estimate our audience size and usage patterns;
  • store information about your preferences;
  • provide you with targeted advertising, which is based on your activities on the Websites and other online activities;
  • record your activities on our Websites and Applications for analytics and debugging purposes;
  • customize our Websites and Applications according to your individual interests;
  • speed up your searches; and
  • recognize you when you return to our Websites and Applications.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites or otherwise use our Applications. Our Websites and Applications may use both session cookies and persistent cookies:
    • Session Cookies. Each time you access the Websites or Applications, a session cookie containing an encrypted, unique identifier is placed on your device. These session cookies allow us to uniquely identify you when you use the Websites and Applications and allow us to maintain your login session and allow us to maintain your donation cart and process your transactions. Session cookies are required to use the Websites and Applications and are removed when you logout or close your browser window to the Websites and Applications.
    • Persistent Cookies. Persistent cookies that may contain a unique identifier are placed on your device when you access the Websites or Applications. These cookies are used to track aggregate and statistical information about user activity, maintain your preferences, and provide you with targeted or behavioral advertising based on your activities on the Websites. The amount of time these cookies remain on your device may vary, depending on the cookie.

You can set your browser or mobile device to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select this setting you may be unable to access certain parts of our Websites or Applications. You can find more information about cookies at http://www.allaboutcookies.org and http://youronlinechoices.eu.

  • Web Beacons. Pages of our Websites, screens of our Applications, and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit PMC, for example, to count users who have visited those pages or screens or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
  • Website Interaction and Performance Monitoring Tools.Our Websites may also use interaction and/or performance monitoring tools (sometimes call tracking scripts, analytics tools, session replay tools, or heatmap tools). These tools execute code in your web browser to help us collect data about your use of and interactions with the pages and content on our Websites. This may include recording your mouse movements, keystrokes, navigation pathways, other actions that you take our Websites, and information automatically transmitted from your web browser to our Websites such as information about your operating system, computer hardware, and browser preferences.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Websites and Applications are served by third parties, including advertisers, ad networks and servers, content providers, analytics providers, social media companies, and application providers. These third parties may use cookies to collect information about you when you use our Website. The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

By continuing to use our Websites, you hereby consent to our recording your mouse movements, keystrokes, navigation pathways, use and communications you may have with our Websites (including information related to your access to any audio-visual materials available on or through the website that), and other actions that you take on or through the website and our disclosure of such recorded information to third-party providers of such tools.

Information We Create About You

We may also create certain information about you. When we associate this information with other Personal Data about you, we consider this information to be Personal Data. This information includes: unique identifiers and records of donations.

Information We Collect from Third Parties

We may collect Personal Data from third parties. When we associate this information with other Personal Data about you, we consider this information to be Personal Data. This information includes: real name, work postal address, work email address, work telephone number, employer name, and whether your employer has a charitable donation matching program and any applicable limitations.

4. How We Use Your Information.

We use information that we collect about you or that you provide to us, including any Personal Data:

  • to provide and personalize our Websites and Applications and their content to you;
  • to allow you to participate in or attend an Event and to plan future Events;
  • to provide you with information, products, or services that you request from us;
  • to support, develop, troubleshoot, and debug our Website, Application, Events, or other products, and services;
  • to create, maintain, customize, and secure your account with us;
  • to process your requests, donations (including recurring donations), and transactions, and prevent transactional fraud;
  • to provide you with tax receipts and other similar documentation regarding your donation or other products and services you may purchase from us;
  • to analyze donation patterns, and to learn about our donors and riders and what matters to them;
  • to determine if your employer may provide matching funds for your donation;
  • to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
  • to personalize your Website and/or Application experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and advertisements through our Websites, third-party sites, and via email or text message (with your consent, where required by law);
  • to help maintain the safety, security, and integrity of our Websites, Applications, Events, products and services, databases and other technology assets, and business;
  • or internal testing, research, analysis, and product development, including to develop and improve our Websites, Applications, and/or Events and to develop, improve, or demonstrate our other products and services;
  • auditing relating to a current interaction with you and concurrent transactions, including, but not limited to, counting advertising impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with any applicable specification and other standards;
  • detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  • debugging to identify and repair errors that impair existing intended functionality;
  • to notify you about changes to our Websites, Applications, or any products or services we offer or provide though them, or any changes to Events (for example, due to inclement weather or other good cause);
  • to allow you to participate in interactive features on our Websites or Applications;
  • in any other way we may describe when you provide the information;
  • to fulfill any other purpose for which we have collected it (for example, if you give us your email address or other Personal Data to donate to a rider’s campaign, we may disclose your identity and donation amount to that rider);
  • as necessary to comply with all applicable laws and regulations, including any reporting requirements; and
  • for any other purpose with your consent.

We may also use your information to contact you about upcoming Events, new merchandise, updates, news articles, requests for donations, status of your campaign as a rider (including new donations), and other information regarding PMC or its Events that may interest you. We may further anonymize or aggregate your Personal Data in accordance with applicable law such that it can no longer reasonably be used to identify you and use it without restriction.

Text Messaging

With your consent, we may send you informational, marketing, and promotional messages to your mobile device with your consent. We may use third-party service providers to provide messages services to us for these messages. Our third-party service providers are contractually obligated to use your phone number and information provided to us only to send you these messages on behalf of PMC and not to use your information (including your phone number) to send marketing, fundraising, or other messages on behalf of any other organization. However, your consent to receive these messages from PMC is completely optional. If you do not provide consent, neither PMC nor its third-party service providers will send you messages on PMC’s behalf.

5. Disclosure of Your Personal Data.

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Notice. However, we may disclose anonymized or aggregated information about our users, and information that does not reasonably identify any individual, without restriction.

We may disclose Personal Data that we collect or that you provide as described in this Privacy Notice:

  • PMC’s board members, staff, volunteers, and other similar professionals on a need-to-know basis and in accordance with all appliable laws, regulations, court orders, or other governmental requests;
  • to our affiliates (however, we do not disclose Personal Data to the beneficiary of donations from rider campaigns, the Dana-Farber Cancer Institute, or to any of our sponsors);
  • to contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. These services that these entities provide include IT and infrastructure support services, employer donation matching services, and payment processing services. We currently use M&T Bank (https://www.mtb.com) as our merchant bank for payment processing (including for donations) and who is under a contractual obligation to only process your Personal Data in accordance with PCI-DSS. The privacy notice for the service provider we currently use for employer donation matching services can be found at https://doublethedonation.com/privacy-policy/. The privacy notice for Chariot, the service provider we currently use for processing DAF donations via DAFpay, can be found at https://www.givechariot.com/privacy.
  • to a potential or actual buyer or other successor in the event of a planned or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of PMC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by PMC about our Websites’ users is among the assets transferred;
  • to third-party cookie and other tracking technology providers for the purpose of providing analytics and cross-context behavioral advertising services to us;
  • to fulfill the purpose for which you provide it;
  • for any other purpose disclosed by us when you provide the information; and
  • with your consent.

We may also disclose your Personal Data:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of PMC, our supporters, or others.

If you are a rider, we may also disclose Personal Data you choose to disclose to the general public on your rider campaign page. This may include your current donations and your donation goal. If you have donated to a rider’s campaign (or to PMC, the Dana-Farber Cancer Institute, or an Event in general), we may disclose your name and your donation amount to the general public, unless you opt-out of such disclosures by clicking the box to make your donation anonymous, when this choice is provided to you.

6. Choices About How We Use and Disclose Your Information.

We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.

In addition, we strive to provide you with choices regarding the Personal Data we have collected about you. We have created mechanisms to provide you with control over your Personal Data:

  • Tracking Technologies. We may use certain tracking technologies that may record your activities on our Websites, Applications, and your other online activities, and such recordings may be disclosed and processed by third parties who provide such technologies. This helps us understand our users and the use of our Websites and/or Applications. You may set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent, however, if you disable or refuse cookies in this manner, please note that some parts of our Websites or Applications may then be inaccessible or not function properly. If you do not disable these technologies, you hereby consent to our use of your Personal Data and our recording and disclosure to third-party cookie providers of your activities on our Websites in this way.
  • Targeted and Behavioral Advertising. Our Websites and Applications may use certain technologies, including cookies, to display advertising to you based on your activities of our Websites, Applications, and other online activities. You may also set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you disable or refuse cookies in this manner, please note that some parts of our Websites or Applications may then be inaccessible or not function properly.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can learn more about interest-based advertisements and your opt-out rights and options from members of the Network Advertising Initiative (“NAI”) on its website (www.networkadvertising.org) and from members of the Digital Advertising Alliance on its website (www.aboutads.info).

7. Accessing, Correcting, and Deleting Your Personal Data.

If you are a rider, you can review and change your Personal Data by logging into the applicable Website or Application for your Event and visiting your account profile page. Note that you may not be able to correct some information that may require verification through the Websites or Applications.

You may also send us an email at panmass@pmc.org to request access to, correct or delete any Personal Data that we have collected about you. For riders, we cannot delete your Personal Data except by also deleting your user account, which may de-register you from the ride you registered for without any refund of registration fees. We may not accommodate a request to change or delete your Personal Data if we believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Contributions from the Website, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other Website users.

8. Your California Privacy Rights.

California Eraser Law

California law permits minors under the age of 18 to request the removal of your User Contributions, subject to certain exceptions. If you are under the age of 18 in California, you may contact us using the Contact Information below (if you contact us via email, please use the subject “California Eraser Law Request”). We may not remove your User Contributions that we are required to retain under any federal or state law, or that have been provided to a third party. While we will do our best to remove a minor’s information upon a valid request, we cannot ensure the complete or comprehensive removal of your User Contributions from our Websites or any information that has been republished, copied, downloaded, or reposted by any third party, and we cannot guarantee that any such information may not be accessible to users of the Internet in the future. We do not advertise or market any of the products or services identified in California Business and Professionals Code Section 22580(i) to users who we have actual knowledge are under 18 years of age.

9. Do Not Track Signals.

We may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.

10. Data Security.

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. Our Websites and Applications are designed to only collect, transmit, and otherwise process your credit card or other financial account information using approved encryption algorithms and as otherwise required by our merchant bank/payment processor. Please note that when you enter your financial account information, it goes directly to our merchant bank/payment processor or one of their subcontractors. As required by the Payment Card Industry Data Security Standard, PMC may only receive a tokenized version of your credit card or other financial account information which may only be used with our merchant bank/payment processor for dispute resolution and for recurring donations and cannot be used by any third person with us or any other retailer or merchant.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Websites and Applications, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Websites like message boards. The information you share in public areas may be viewed by any user of the Websites.

Unfortunately, the transmission of information via the internet is not completely secure. Although we have implemented measures to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Websites or through our Applications. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures deployed on the Websites or through our Applications.

11. Consent to Processing of Personal Data in the United States.

In order to provide our Websites and Applications to you, we may send and store your Personal Data outside of the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your Personal Data may be processed and stored in the United States and federal, state, and local governments, courts, or law enforcement or regulatory agencies in the United States may be able to obtain disclosure of your information through the laws of the United States. By using our Websites, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.

Your Personal Data is transferred by PMC to another country only if it is required or permitted under applicable data protection law and provided, however, that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with this Privacy Notice when we transfer it to a third party, PMC uses Data Protection Agreements between PMC and all other recipients of your Personal Data.

12. Changes to Our Privacy Notice.

We may change this Privacy Notice at any time. It is our policy to post any changes we make to our Privacy Notice on this page. If we make material changes to how we treat our users’ Personal Data, we will notify you through a notice on the Websites’ home page. The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Websites and this Privacy Notice to check for any changes.

Your continued use of our Websites or Applications following the posting of changes constitutes your acceptance to such changes.

13. Donor Bill of Rights

We subscribe to the Donor Bill of Rights as created by the Association of Fundraising Professionals, Associations for Healthcare Philanthropy, the Council for Advancement and Support of Education, and the Giving Institute. A copy of the Donor Bill of Rights may be downloaded from our Websites, or you may contact us as described in the “Contact Information” section below.

14. Contact Information.

If you have any questions, concerns, complaints, or suggestions regarding our Privacy Notice or the ways in which we collect and use your Personal Data described in this Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may contact us at the contact information below or through the “Contact” page on our Websites.

Pan-Massachusetts Challenge Inc.

77 4th Avenue

Needham, MA 02494

USA

781-449-5300

panmass@pmc.org