Last modified: August 2, 2023
Data Privacy Statement
This Privacy Statement aims to give you information on how we collect and process your Personal Data, including any data you may provide to us via our websites or otherwise. It is important that you read this Privacy Statement together with any other Privacy Policy or fair processing notice we may provide on specific websites or other occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data. This Privacy Statement supplements the other Policies and notices and is not intended to override them. We also describe your rights, how the law protects you, and how you can contact us about our privacy practices.
Who We Are
Data Controller
The data controller for the websites listed below is The First Church of Christ, Scientist (“The Church”) and its affiliate The Christian Science Publishing Society (“CSPS”), 210 Massachusetts Ave., Boston MA 02115 U.S.A. (Collectively “TFCCS”).
csmonitor.com
christianscience.com
jshonline.com
quarterly.christianscience.com
marybakereddylibrary.org
mbepapers.org
concord.christianscience.com
christianscienceplaza.com
Data Protection Officer (DPO)
If you have any questions about this Privacy Statement, including any requests to exercise your legal rights, please contact the DPO at:
Email: [email protected]
Mail: Data Protection Officer
The First Church of Christ, Scientist
210 Massachusetts Avenue, P9
Boston MA 02115 U.S.A.
Personal Data We Collect
“Personal Data,” or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of Personal Data depending on the activity.
How We Use Personal Data
We may combine Personal Data collected by TFCCS across its products, services, and websites, in a secure database. We generally use Personal Data as follows:
- Contract
When we need to execute a contract you have entered into with us by accepting applicable terms and conditions or specific related terms relating to other services offered by us to you.
- To carry out our activities where we have necessary legitimate interests
Where we rely on legitimate interest, we make sure that we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interest. We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data, which will be used in accordance with this privacy statement.
- To comply with a legal or regulatory obligation
When we need to collect Personal Data by law. If you fail to provide that data when requested, we will not be able to perform our services under the contract with you (for example, to provide you with any of our products or services).
- To send you marketing or promotional offers with your consent
We are committed to providing you with choices regarding certain Personal Data uses, particularly around marketing and advertising. We will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to receive third-party marketing communications at any time by contacting us.
We use your identity, contact, technical usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you. You can expect to receive marketing communications from us if you have requested information or purchased services from us and you have not withdrawn your consent to receive that marketing.
When we have a lawful basis for doing so, we process data for the following purposes:
Providing requested goods or services. If you order goods or services from TFCCS, TFCCS will use the Personal Data that you enter into the order or registration form (your name, email, telephone number, address, and credit card number or bank details) only to process your order or to provide the requested goods or services. This may be required for contracting, responding to inquiries, shipping and billing purposes, collecting customer feedback or providing customer support. We may also collect and/or record conversation data that you may instigate by using chat functionalities or other local TFCCS web presences, contact forms, emails, or telephone. “Goods or services” includes (access to) TFCCS’s web services, subscriptions, membership, offerings, other content, non-marketing related newsletters, tutorials, training, events,and user research studies.
We communicate on a regular basis by email with users who subscribe to our services, and we may also communicate by phone to resolve customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account or subscription, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as required by law. Generally, users cannot opt out of these communications, which are not marketing-related but merely required for the relevant business relationship.
Any information required to track your choices regarding the processing or use of your Personal Data or receipt of marketing materials may be stored and exchanged between the Church and CSPS as required to ensure compliance.
Church Membership Data. If you are a member of the Church, your Personal Data (for example, name, address, phone number, name of primary teacher, and branch church) and other optional information you may choose to provide (for example, email address, photo, and so forth) are stored and used for internal Church purposes. The Church may send you communications related to your membership using the contact information provided.
User research. TFCCS may invite you to participate in user research, such as questionnaires, surveys, testing, and other user studies. Where we collect Personal Data through user research, we will protect the Personal Data using reasonable measures. User research may be administered by a third party on our behalf and under our direction. TFCCS may use such Personal Data to improve its goods and services or to enable historical research.
Creation of anonymized data sets. TFCCS may anonymize Personal Data provided under this Privacy Statement to create anonymized data sets, which will then be used to improve its and its affiliates’ goods and services.
Recording of calls for quality improvement purposes. In case of telephone calls or chat sessions, TFCCS may record such calls or sessions (after informing you accordingly during that call or session and before the recording starts) in order to improve the quality of TFCCS’s goods and services.
In order to keep you up-to-date/request feedback. Within an existing business relationship between you and TFCCS, TFCCS may inform you, where permitted in accordance with local laws, about its goods or services (including webinars, seminars or events) which are similar or relate to the products and services you have already purchased or used from TFCCS.
Communications About TFCCS’s Goods and Services. TFCCS collects Personal Data (such as name, email, country, address or phone number) in some of its data collection locations, such as where you subscribe to newsletters or content, apply for membership, or register for one of our events. We use Personal Data to contact you with messages about our activities, events, user research studies, and goods and services unless you have opted out of receiving such communications. You can unsubscribe from receiving these messages at any time by clicking the unsubscribe link at the bottom of the messages we send.
You can also request to review, change, or remove your Personal Data by contacting us at [email protected].
Recording personal data in the media. As publishers of content in a wide variety of formats, we may publish photographs, text, and recordings in which you are depicted, and process your personal data when we acquire or create such media. This may occur when you participate in one of our projects or events, or where you have provided media to us. We generally ask data subjects depicted in media to provide a media release, except when journalism and other free speech or freedom of expression exemptions apply, or where we have acquired the right to use stock photography through a supplier who provides such releases. In media, we will only use or publish your personal data:
- On the basis of your consent.
- For special purposes, such as journalism.
- Where it is necessary for our legitimate interests (or those of a third party).
and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- On the basis of a contract.
Change Of Purpose. Unless an exemption applies to a new use of personal data:
- We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
- If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How Your Personal Data is collected
Information that you Provide to Us
Personal Data that you provide directly to us should be apparent from the context in which you provide it, for example: when you use our services, we must collect your name, email address, and transaction information to complete your transactions. We will process Personal Data that you choose to provide to us through the Website, including, but not limited to, your first and last name, physical address, email address, mobile device identifier or transactional data (eg. amount of funds associated with a transaction).
Information that we collect Automatically
We use Personal Data that we collect automatically through cookies and action tags. We also use the information to help diagnose technical and service problems, administer the Site and identify visitors to the Site.
Please see the next section for more information about Cookies. You may also see our Cookie banner for a more complete description of cookies used by this Site.
Your browser’s “Do not Track” signal
Like many other websites and online services, we do not currently process or respond to “Do not Track” signals from your browser or to other mechanisms that enable choice. If we do so in the future, we will describe how we do so in this Privacy Policy.
Data Security
All of our websites use SSL encryption for security reasons and in order to safeguard the transmission of Personal Data, e.g. the data you submit when you subscribe, purchase a product, or submit content. An encrypted connection is established when the address line in your browser switches from “http://” to “https://” and a lock icon is displayed in the address line. Data transmitted to us cannot be accessed by third parties when SSL encryption is activated.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to have such access. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How Long We Keep Personal Data
We retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it, including the purposes of satisfying any legal, accounting, or reporting requirements. We may retain copies of certain categories of your Personal Data beyond any stated retention date for as long as necessary to fulfill the purposes for which we collected it, including for historical or research purposes, or to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data. See the tab “Data Subject Rights” in this Privacy Statement for further information.
Data Subject Rights
Under certain circumstances you have rights under data protection laws in relation to your Personal Data. You may request us to:
- Correct the Personal Data we hold about you
You have the right to have any inaccurate Personal Data about you rectified and to have any incomplete Personal Data about you completed. The accuracy of your information is important to us. If you do not want us to use your personal Data in the manner set out in this Privacy Statement, or need to advise us of any changes to your Personal Data, or would like any more information about the ways in which we collect and use your Personal Data, please contact us at [email protected].
- Erase your Personal Data (right to be “forgotten”)
You have the general right to request the erasure of your Personal Data in the following circumstances:
The Personal Data is no longer necessary for the purpose for which it was collected;
You withdraw your consent to processing and no other legal justification for processing applies;
We unlawfully processed your Personal Data; and/or
Erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without undue delay and to such extent we are able to do so, unless continued retention is necessary for:
Complying with a legal obligation under EU or other applicable law;
The establishment, exercise or defense of legal claims.
Please be aware that by doing so, we will need to close your account and this action is not reversible and by requesting us to erase your Personal Data we are not able to provide services to you any longer. However, this will not affect the lawfulness of any processing carried out before you requested erasure of your Personal Data.
- Right to restrict the processing of your Personal Data
You have a right to request to restrict processing of your Personal Data, such as where:
You contest the accuracy of the Personal Data;
If you believe processing is unlawful, you may request, instead of requesting erasure, that we restrict the use of unlawfully processed Personal Data;
We no longer need to process your Personal Data but need to retain your information for the establishment, exercise or defense of legal claims or regulatory requirements.
Please be aware that by doing so, we will need to close your account and this action is not reversible and by requesting us to erase your Personal Data we are not able to provide services to you any longer. However, this will not affect the lawfulness of any processing carried out before you requested erasure of your Personal Data.
- Right to data portability (transferring your Personal Data to you or a third party)
Where the legal basis for our processing is your consent, or the processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract, you have a right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format.
- Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us.
We will not contact you for marketing purposes unless you have an existing business relationship with us to offer you similar services, and we rely on our legitimate interests as the lawful basis for processing;
On each and every marketing communication, we will always provide an option for you to exercise your right to object to the processing of your Personal Data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your Personal Data.
Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Privacy Policy or applicable terms and conditions, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe, as they are necessary to provide the services requested.
Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our online services or as part of a contractual relationship we may have with you.
- RIght to withdraw your consent at any time
Where the legal basis for processing your Personal Data is your consent, you have the right to withdraw that consent at any time by contacting us using the details found below. Please be aware that by doing so, we will need to close your account and this action is not reversible and by requesting us to stop processing your Personal Data we are not able to provide our services to you any longer. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent.
You can exercise any of the above rights free of charge by contacting us at [email protected].
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
You also have the right to lodge a complaint with the supervisory authority in the country of your legal residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the European Economic Area.
How to Contact Us
If you have any questions or comments about this Notice or any issue relating to how we collect, use, or disclose personal data, or if you would like us to update information we have about you, you may contact us:
Email: [email protected] (or complete this form)
Mail:
Data Protection Officer
The First Church of Christ, Scientist
210 Massachusetts Avenue, P9
Boston MA 02115
USA
Updates to Our Online Privacy Notice
We keep our Privacy Policy under regular review and we will update it to reflect any changes.
If we change our Privacy Policy in the future, we will post the date of change. You should check this Privacy Policy from time to time when you visit our website.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.