 NYSCAA Web Privacy PolicyLast Updated: May 2026 The New York State Community Action Association (NYSCAA) is committed to protecting the privacy and security of personal information entrusted to us by visitors to our websites, member agency representatives, donors, and others we serve. This Privacy Policy applies to the following websites operated by NYSCAA: www.nyscommunityaction.org and nyscaa.online, including all subdomains, member portals, and online services provided through those sites. It does not apply to any separately operated websites, offline services, or third-party platforms that may be linked from our sites. By using our websites, you acknowledge that you have read and understand the practices described in this policy. NYSCAA's data practices are designed to comply with applicable federal and New York State law, including the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), the Children's Online Privacy Protection Act (COPPA), and the federal requirements associated with our receipt of federal financial assistance, including the Community Services Block Grant (CSBG) program. 1. Information We CollectNYSCAA collects two categories of information through its websites: Non-Personally Identifiable Information. When you visit our websites, we automatically collect certain usage data that does not identify you as an individual. This may include the URL you came from or navigated to, your browser type and version, your IP address, the pages you visited, and the frequency and duration of your visits. We may use this data in aggregate, non-identifying form to improve our websites and report to funders and partners. This information cannot be used to identify you personally. Personally Identifiable Information (PII). We collect PII only when you voluntarily provide it — for example, when you register for membership, sign up for events, make a donation, complete a contact form, or subscribe to our communications. This may include your name, organization, mailing address, email address, phone number, and payment information. Consistent with the New York SHIELD Act, NYSCAA treats the following as protected private information: Social Security numbers, driver's license numbers, financial account numbers and related access credentials, biometric information, and — as of March 2025 under SHIELD Act amendments — medical information and health insurance information including policy numbers and claims history. 2. How We Use Your InformationNYSCAA uses the information we collect to provide you with a smooth and relevant experience on our websites, to process membership registrations and event enrollments, to communicate with you about NYSCAA programs and resources, to process donations and payments, and to fulfill reporting obligations to our funders. We do not sell, rent, or share personal information for advertising or commercial marketing purposes. We may share aggregate, non-personally identifiable data with funders, state partners, or research bodies for programmatic or reporting purposes. In these contexts, no information that could identify you personally is disclosed. 3. Cookies and Tracking TechnologiesOur websites may use cookies — small text files placed on your device by a web server — to help us provide a better browsing experience and to understand how visitors use our sites. We may also use standard web analytics tools (such as Google Analytics) that use cookies and similar technologies to collect non-personally identifiable usage data. Most browsers allow you to control cookie settings, including accepting all cookies, rejecting all cookies, or receiving a notification when a cookie is set. Please refer to your browser's Help menu for instructions. Note that disabling cookies may affect the functionality of certain portions of our websites, including member login areas. NYSCAA does not use cookies to track individuals for commercial advertising or to build personal marketing profiles. 4. Third-Party Service ProvidersNYSCAA works with third-party service providers to help us operate our websites, manage member records, process payments, and send email communications. These providers may have access to personal information only to the extent necessary to perform services on our behalf, and are required to maintain appropriate safeguards for that information and not to use it for any other purpose. NYSCAA will always ask your permission before sharing personally identifiable information about you with any third party for purposes beyond those described in this policy. We do not sell or trade personal information to outside parties. 5. Data Security and the New York SHIELD ActNYSCAA takes the security of your personal information seriously. In compliance with the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act, N.Y. Gen. Bus. Law § 899-bb), we maintain a reasonable data security program that includes administrative, technical, and physical safeguards appropriate to the size and nature of our organization and the sensitivity of the information we collect. These safeguards include:
No method of electronic transmission or storage is completely secure. While we work diligently to protect your information, we cannot guarantee absolute security. 6. Data Breach NotificationIn the event of a security breach involving your personal information, NYSCAA will notify affected New York residents in accordance with the SHIELD Act, including the 2024 amendments. Where notification is required, we will make reasonable efforts to provide notice within 30 days of discovering the breach, unless a law enforcement exception applies. Required notifications will also be made to the New York State Attorney General, the Department of State, and other government authorities as required by law. Notification may not be required if NYSCAA reasonably determines that the breach is unlikely to result in misuse of the information or cause harm to affected individuals. 7. Data Retention and DisposalNYSCAA retains personal information only for as long as it is needed to fulfill the purposes described in this policy, to comply with legal obligations, or as required by our funders and applicable grant requirements. When personal information is no longer needed, we dispose of it securely in a manner designed to prevent unauthorized access or reconstruction of the data. 8. Children's Privacy (COPPA)In compliance with the Children's Online Privacy Protection Act (COPPA), NYSCAA does not knowingly collect personal information from children under the age of 13 without verifiable parental consent. NYSCAA will not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary for that activity. If we learn that we have inadvertently collected personal information from a child under 13, we will promptly delete that information. COPPA requires us to identify any operators who may collect or maintain personal information from children through this site. At this time, there are no such operators. 9. Legal DisclosuresNYSCAA may disclose personal information when required to do so by law or in the good-faith belief that such disclosure is necessary to: (a) comply with applicable law or legal process served on NYSCAA; (b) protect and defend the rights or property of NYSCAA; or (c) act under urgent circumstances to protect the personal safety of users of our websites or the public. 10. Federal Grant Obligations and Non-DiscriminationNYSCAA receives federal financial assistance, including funding through the Community Services Block Grant (CSBG) program administered by the U.S. Department of Health and Human Services. As a recipient of federal financial assistance, NYSCAA is subject to federal non-discrimination requirements, including Section 504 of the Rehabilitation Act of 1973, which requires that our programs and services — including our digital services — be accessible to individuals with disabilities. NYSCAA is committed to making its websites accessible to all users. For information about our web accessibility practices and how to request accommodations, please see our separate Web Accessibility Statement. 11. Data Storage LocationPersonally identifiable information collected through our websites is stored and processed in the United States. By using our websites, you consent to the storage and processing of your information in the United States. 12. Accessing and Correcting Your InformationNYSCAA works to maintain the accuracy of the personal information we hold. If you would like to review, correct, or request deletion of personal information you have provided to us, please contact us using the information below. We will make reasonable efforts to respond promptly. 13. Changes to This PolicyNYSCAA may update this Privacy Policy periodically to reflect changes in our practices, technology, or applicable law. When we make material changes, we will post a notice on the home page of our website or notify you directly. We encourage you to review this policy periodically to stay informed about how we protect your information. The date at the top of this page reflects when the policy was last updated. 14. Contact UsNYSCAA welcomes your questions and comments regarding this Privacy Policy. If you believe NYSCAA has not adhered to this policy, or to make a privacy-related request, please contact us:
We will use commercially reasonable efforts to promptly review and address any concerns. This policy reflects NYSCAA's compliance obligations under the New York SHIELD Act (N.Y. Gen. Bus. Law §§ 899-aa, 899-bb), including amendments effective December 2024 and March 2025; the Children's Online Privacy Protection Act (15 U.S.C. § 6501 et seq.); Section 504 of the Rehabilitation Act of 1973 (29 U.S.C. § 794); and applicable federal grant requirements under the Community Services Block Grant Act (42 U.S.C. § 9901 et seq.). This document is for informational purposes only and does not constitute legal advice. NYSCAA recommends periodic review of this policy by qualified legal counsel. |