JA Worldwide Data Protection Statement

Please read the the JA Worldwide Privacy Policy, the JA Worldwide Terms of Use, and the JA Worldwide Data Protection Statement (below), which lists the requirements and expectations for persons assigned user credentials to a JA Worldwide administered system, including, but not limited to JA Worldwide–hosted Office 365, websites, Salesforce, Gather, Intacct, and JADE. If you have questions or concerns, at any time, regarding JA Worldwide’s Data Privacy, contact privacy@jaworldwide.org for assistance. 

Background

As a not-for-profit organization, data assets are valuable resources owned by JA Worldwide and must be managed to safeguard constituent information and minimize potential reputational risk to the organization. Implementing and managing access controls to our systems and data is one of the ways JA Worldwide protects its data.

The General Data Protection Regulation (EU) 2016/679 (GDPR) was adopted in 2016 and became enforceable on May 25, 2018. The GDPR purports to apply to organizations outside the EU that process personal data of EU citizens (data subjects) related to (i) offering goods or services to EU data subjects or (ii) monitoring the behavior of EU data subjects.  Accordingly, as a not-for-profit organization based in the United States, JA Worldwide may be required to comply with the GDPR in processing the personal data of EU data subjects.

Although JA Worldwide’s core activities do not involve the kind of processing activities that trigger the highest level of regulation under the GDPR (e.g., large scale, regular and systematic monitoring of individuals or large scale processing of special categories of data), JA Worldwide produces, collects, and uses many different types of data in fulfilling its mission in the course of its operations and in furtherance of its charitable purposes. 

User Obligations

Each person assigned user credentials to any JA Worldwide–managed enterprise system must take appropriate administrative, technical, and physical safeguards designed to (i) ensure the security and confidentiality of data, (ii) protect against any reasonably anticipated threats or hazards to the security or integrity of such Information, (iii) protect against unauthorized access to or use that could result in harm or inconvenience to any constituent.

Each assigned user will use care in protecting JA Worldwide data against unauthorized disclosure and in no event use less than a reasonable standard of care. JA Worldwide data shall not be disclosed without consent and may not be posted publicly. Reasonable methods shall be used to ensure internal data is accessed by or shared with authorized individuals or individuals with a legitimate need to know. All access shall be approved by an appropriate data owner and tracked in a manner sufficient to be auditable. Before granting access to external third parties, contractual agreements which outline responsibilities for security of the data shall be approved by the responsible department executive.

These efforts, in conjunction with our Privacy Policy and Terms of Use, govern how JA Worldwide collects, processes, and uses constituents’ data, and assists in maintaining secure data protection protocols. JA Worldwide is committed to protecting the personal information it collects and to using it in compliance with data privacy laws, including the GDPR. 

Annual Acknowledgment

Your acknowledgement below indicates that you have read and understand the JA Worldwide Privacy Policy, the JA Worldwide Terms of Use, and the JA Worldwide Data Protection Statement (above) and agree to protect JA Worldwide data in compliance with these policies. You also acknowledge that your credentials are dependent upon agreement.