Introduction
This page states the Privacy Policy under which you, the Web Site visitor (“You” or “Your” or “Yourself”) may use or correspond with this Web site (“Our Site”), which is owned by East Grand Rapids (“EGR”, or “We” or “Us” or “Our”).
Our Privacy Policy will help you understand what information we collect and process using this Imagination Factory website, how we use it, and what choices you have about your personal data.
When we refer to “EGR” within this Privacy Policy, we are referring to the City planning offices of East Grand Rapids, MI 49506 USA, which provides this website, and any services or features which may be made available to you from this website. Throughout this Privacy Policy we’ll refer to our website, mobile applications and other products and services collectively as “Services.”
Data Protection Framework
East Grand Rapids is based within the United States. We have aligned our Privacy Policy with:
- European Union (EU) General Data Protection Regulation (GDPR) of 2018
- European Union (EU) Enforcement and Modernisation Directive (OMNIBUS) of 2020
- Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) of 2020
- South Africa’s Protection of Personal Information Act (POPIA) of 2020
- the California Consumer Protections Act (CPPA) of 2018
- the California Privacy Rights Act (CPRA) of 2020
- the Virginia Consumer Data Protection Act (CPDA) of 2021
- the Colorado Privacy Act (CPA) of 2021
- the Connecticut Data Privacy Act (CTDPA) of 2022
- the Utah Consumer Privacy Act (UCPA) of 2022
East Grand Rapids has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for activities related to this website, and these are available upon request from the EGR’s Data Protection Officer (see Section 9).
1. Customer and Citizen Data
You may decide to send us your personal information via this website if you are seeking more information, requesting to attend one of our events, requesting access to our support ticket system, making payments for our Services, or for other similar purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.
We will at all times handle and store your personal data in accordance with industry best practice aligned with ISO/IEC 27001, the international standard for information security. This includes the activities and procedures undertaken by our own personnel and authorized third parties (see Section 5), and the technical controls which we have implemented to prevent unauthorized access, compromise or theft of information from our applications, supporting computer systems and premises.
We use information about you as mentioned above and as follows:
- To provide our Services–for example, to set up and maintain your account, host your website, backup and restore your website, or charge you for any of our paid services;
- To further develop our Services–for example by adding new features that we think our users will enjoy or will help them to create and manage their websites more efficiently;
- To monitor and analyze trends and better understand how users interact with our Services, which helps us improve our Services and make them easier to use;
- To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of EGRI and others;
- To communicate with you (with you specific consent to do so) about Services / promotions offered by EGR, solicit your feedback, or keep you up to date on EGR and our products; and
- To personalize your experience using our Services, provide content recommendations and serve relevant advertisements.
How We Share Information
We do not sell our users’ private personal information. We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
- Subsidiaries, Employees, and Independent Contractors: We may disclose information about you to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Policy for personal information that we share with them.
- Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information) and those that help us understand and enhance our Services (like analytics providers). We require vendors to agree to privacy commitments in order to share information with them.
- As Required by Law: We may disclose information about you in response to a subpoena, court order, or other governmental request.
- To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of EGR, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that EGR goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
- With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so, such as the social media services that you connect to your site through our Publicize feature.
- Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
- Other Site Owners: If you have an account and leave a comment on a site that uses our Services, your IP address and the email address associated with your account may be shared with the administrator(s) of the site where you left the comment.
- Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.
Information Shared Publicly
Information that you choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like your public profile, posts, other content that you make public on your website, and your “likes” and comments on other websites that may use our Services, are all available to others. We provide a stream of public data (like posts and comments) from sites that use our Services to provide that data to subscribers, who may view and analyze the content, but do not have rights to re-publish it, publicly. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.
2. Sensitive Personal Data
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from the EGR’s Data Protection Officer (see Section 9).
3. Children’s Personal Data
This website, and any Services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact the EGR Data Protection Officer (see Section 9) immediately so that we can take appropriate action.
4. EGR Customer and EU Citizen Data Rights
As prescribed within data protection regulations, you have several rights connected to the provision of your personal data to EGR using this website. These include your rights to request that EGR:
- confirms to you what personal data it may hold about you, if any, and for what purposes
- changes the consent which you have provided in relation to your personal data
- corrects any inaccurate or incomplete personal data which may be held about you
- provides you with a complete copy of your personal data for you to move elsewhere
- stops processing your personal data, whilst an objection from you is being resolved
- permanently erases all your personal data promptly, and confirms to you that it has done so (there may be reasons why we may be unable to do this)
If/when an individual contacts the company requesting this information, this is called a Subject Access Request (SAR). Subject Access Requests from individuals should be made by email, addressed to the data controller at dpo@eastgrmi.gov. The data controller can supply a standard request form, although individuals do not have to use this.
Individuals may be charged $10 per subject access request. The data controller will aim to provide the relevant data within 14 days. The data controller will always verify the identity of anyone making a subject access request before handing over any information. To contact EGR, please see Section 9 below.
If EGR does not address your request, or fails to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
5. Declaration of Sub-Processing
To make an informed decision on whether to provide your personal data to EGR using this website, we need to make you aware of three organizations that act as Data Processors for us in the provision of our services to you:
WP Engine, Inc., a provider of secure hosting services, based in the United States
CloudFlare, Inc., a provider of content delivery network services, based in the United States
Amazon, Inc. (AWS), a provider of cloud storage services, based in the United States
Google, LLC. & Google Ireland ltd., provider(s) of web fonts, spam reduction & analytics services, based in the U.S. & Ireland respectively
FontAwesome, Inc., a provider of web symbols/icons, based in the United States
RocketGenius Inc., a provider of online form processing software, based in the United States
Automattic, Inc., a provider of content management and ecommerce software, based in United States
WP Engine Inc. complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
The activities within which each of these Data Processors participates have been recorded within the applicable EGR Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) and these are available upon request from the EGR’s Data Protection Officer (see Section 9).
6. Website Cookies
This website uses cookies to record log data. We use both session-based and persistent cookies, dependent upon how you use or interact with this website. Cookies are small text files sent by us to your computer, or from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.
We use cookies which are not specific to your account but are unique and allow us to undertake website analytics and customization, among other similar things. If you decide to disable some or all cookies, you may not be able to use some of the functions on our website. We may use third-party cookies, for example Google Analytics, and you may choose to opt-out of third party cookies from their website.
If you do not want these cookies to be served on your device, you are able to disable them by changing the settings on your browsers or third-party software can allow you to block cookies while you use this Website site. If you want to know how to do this, please look at the menu on your browser, or visit www.allaboutcookies.org for more information about cookies and how you can turn them off. Or, you can use third-party “anonymizer” services to mask information in your cookies, or even general data such as your IP address. In such cases you would not be able to take advantage of most of the personalization Services offered by EGR. Please note that if you do decide to disable cookies you may not be able to access this Website, some of the features of this Website or this Website may not function properly. By continuing to use this Website you consent to the relevant cookies being set on your device.
7. External Links
This website may include relevant hyperlinks to external websites not controlled by EGR. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences caused by your use of them.
8. Changes to this Privacy Policy
We may change this EGR Privacy Policy from time to time, and if we do we will post any changes on this page. If you continue to access this website or use Services available from this website after those changes have come into effect, you will have agreed to the revised policy.
9. Contacting East Grand Rapids
If you have any questions about this Privacy Policy, would like to exercise any of your statutory rights, or to make a complaint, please write to:
The Data Protection Officer
City of East Grand Rapids
750 Lakeside Drive SE
East Grand Rapids, MI 49506
USA
email: dpo@eastgrmi.gov