Effective Date/Last Modified: August 14, 2020
The Services are owned or operated by The Ocean Agency and its affiliates.
2. User Consent and Incorporation
4. Information We Collect
Personal Information vs. Usage Information
We collect various kinds of information that you provide to us as well as information we obtain from your use of the Services. Some of the types of information that we collect include:
“Personal Information” means information associated with or used to identify or contact a specific person. Personal Information includes: (1) contact data (such as name and e-mail address); (2) demographic data (such as location or country of residence); (3) certain Usage Data (defined below), such as IP address; and (4) user-generated content.
“Usage Information” or “Usage Data” is information about an individual’s online activity that, by itself, does not identify the individual, such as browser type, operating system, and webpages visited.
Generally, we do not consider Usage Data as Personal Information because Usage Data by itself usually does not identify an individual. Personal Information and Usage Data may be linked together. Different types of Usage Information also may be linked together and, once linked, may identify an individual person. Also, some Usage Data may be Personal Information under applicable law.
Sensitive Personal Information
Certain Personal Information (e.g., social security numbers, financial information, information related to racial or ethnic origin, political opinions, religion or other beliefs, information about personal health, biometrics or genetic characteristics, criminal background, or trade union membership) is characterized as sensitive and subject to stricter regulation than other Personal Information.
“Location Data” is a category of Personal Information collected about the location of a mobile device or computer, including:
5. Combining Information from Third-Party Sources
6. How We Collect Information
We collect information that you provide to us and from your use of the Services. Your level of engagement with The Ocean Agency determines the amount and type of information we will collect, and the majority of the information we collect is given to us directly from you. Some information is collected automatically through use of data collection tools.
We collect information about you in the following ways:
From You. We collect information from you when you:
From Our Business Partners and Service Providers. Third parties that assist us with our business operations also collect information (including Personal Information and Usage Data) about you through the Services and share it with us. For example, our third party payment processor collects and shares information with us in connection with charitable donations to The Ocean Agency made through the Services.
Usage Data. We also automatically collect Usage Data when you interact with the Services, including, among other things, your IP address, browser type, mobile device type, content visited while on the Websites and the duration of your visit to the Websites.
7. Cookies and Other Information Collection Tools
We and the service providers that help us provide the Services, use small text files called cookies.
“Cookies” are small computer files sent to or accessed from your web browser or your computer’s or tablet’s hard drive that contain information about your computer, such as a user ID, user settings, browsing history, and activities conducted while using the Services. Cookies are not themselves personally identifiable, but may be linked to Personal Information that you provide to us through your interaction with the Services. A Cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the Cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.
How We Use Data Collection Tools
Cookies help us improve the Services by customizing users’ experience with the Services; enabling us to analyze technical and navigational information about the Services; and helping to detect and prevent fraud.
We also use other Cookies and other data collection tools (such as web beacons and server logs), which we collectively refer to as “Data Collection Tools,” to help improve your experience with the Services. For example, Data Collection Tools help us make the Services more relevant to users. The Services also may use Data Collection Tools to collect information from the device used to access the Services, such as operating system type, browser type, domain and other system settings, as well as the operating system used, and the country and time zone in which the computer or device is located.
We use essential Cookies to help make the Websites and other web applications usable by enabling basic functions like session management. Certain Cookies may also help us comply with legal requirements (e.g., the European Union’s General Data Protection Regulation). The Websites may not function properly without these Cookies. Many of the essential Cookies we use are transient. A transient Cookie expires when you close your browser. We use analytics Cookies that collect information about how visitors interact with and use the Websites. This information enables us to improve how the Websites works generally. We use functional Cookies to remember the choices you make and provide enhanced features such as support that may be of particular interest to you. These Cookies allow us to personalize your return visits and to save you time during certain activities.
Control of Cookies
You do not have to accept our Cookies and can block them by activating the setting on your browser. Most web browsers have settings allowing a user to reject Cookies or to alert a user when a Cookie is placed on the user’s computer, tablet, or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept Cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.
The table below provides more information about the Cookies we use on the Websites and why:
The Websites are hosted by Squarespace and Squarespace also serves as The Ocean Agency’s data processor in connection with the Services. Squarespace collects Usage Data when you visit the Websites, including:
For information about the functional and required Cookies that Squarespace uses, visit The cookies Squarespace uses.
Data Collection by Other Third Parties
Do Not Track Requests
We do not currently take actions to respond to “Do Not Track” signals sent by your web browser because the “Do Not Track” browser-based standard signal has yet to gain widespread acceptance. We may adopt a standard once one is created that gains widespread acceptance.
8. How We Use Your Information
We may use the information we collect for any of the following purposes:
Please note that, in order to provide you with a better experience and to improve the Services, information collected through the Services may be used in an aggregated or individualized manner. For example, Personal Information collected during use of one of the Services may be used to suggest particular content that can be made available to the user on another of the Services or be used to try to present more relevant information in another of the Services.
9. How We Share and Disclose Your Information
We will not sell your Personal Information to third parties for their use without your consent. We may share and disclose information as described at the times information is collected or as follows:
When you consent. We may share Personal Information with third parties if you have given us your consent to do so. Your Personal Information may be disclosed:
Internal Operations and Affiliates. Your Personal Information may be shared within The Ocean Agency and among its program affiliates, which is defined for this purpose as corporate affiliates of The Ocean Agency with your consent.
In aggregated form. We may share Personal Information about you in an aggregated form—that is, in a statistical or summary form that does not include any personal identifiers—with third parties in order to discover and reveal trends about how users like you interact with our services.
For legal purposes. We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose Personal Information as we deem necessary to respond to a subpoena, regulation binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share Personal Information as required to pursue available remedies or limit damages we may sustain.
10. Information Retention and Disposal
We retain information as long as it is necessary and relevant for our operations. We also retain Personal Information to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and other actions permitted by law. After it is no longer necessary for us to retain information, we dispose of it according to our data retention and deletion policies.
11. Information Storage and Security
We employ industry-standard security measures, including organizational, technological, and physical safeguards that are designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed.
We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any form of authentication involved in obtaining access to secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
If you have reason to believe your interaction with us is no longer secure, please notify us immediately at firstname.lastname@example.org.
12. Links to Third Party Services
13. Disclaimer: Not Child-Directed
The Services are intended for a general audience, and are not directed at children under 13 years of age. If you are under the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian.
We do not knowingly gather “Personal Information” (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. Consistent with the requirements of COPPA, if we learn that we have received any Personal Information directly from a child under 13 years of age without first receiving his or her parent’s or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services and subsequently we will delete that information.
If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, please contact us at email@example.com. We will remove the data to the extent required by applicable laws.
14. Choices About Use and Disclosure of Information
Access to Personal Information
It is important to us that you are able to access and review the Personal Information we have about you. If you have any questions about how to access your Personal Information, please contact us at firstname.lastname@example.org.
Correction and Removal
If any of the information that we have about you is incorrect, or you wish to have information (including Personal Information) removed from our records, please contact us at email@example.com.
If you prefer not to receive emails or messages from us, please let us know by clicking on the unsubscribe link within any such emails or messages that you receive, or contact us at firstname.lastname@example.org.
15. Transfer of Personal Data Outside of the European Economic Area and International Users
We will not transfer Personal Data (defined in Section 16, below) relating to individuals within the European Economic Area (“EEA”) to third parties (i.e., those outside of The Ocean Agency’s group of affiliates and service providers) located outside of the EEA without ensuring adequate protection under the applicable European law. Where a third party is located in a country not recognized by the European Commission as ensuring an adequate level of protection, we (or our affiliates or service providers) will take appropriate steps, such as implementing standard contractual clauses recognized by the European Commission, to safeguard your Personal Data.
The Ocean Agency is headquartered in the United States and the Services are hosted in the United States. If you are located outside the United States, your information is collected in your country and then transferred to the United States — or to another country in which we (or our affiliates or service providers) operate. Any Personal Information collected through the Services about visitors located outside of the United States is processed in the United States by us or by a party acting on our behalf.
WHEN YOU PROVIDE PERSONAL INFORMATION TO US THROUGH THE SERVICES, YOU CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION IN THE UNITED STATES.
16. Data Protection Privacy under the European Union’s General Data Protection Regulation
The European Union’s General Data Protection Regulation (“GDPR”) and other privacy laws protect Personal Data (defined below) collected from citizens of European Union Member States. The GDPR is a comprehensive data protection law that strengthened the protection of Personal Data in light of rapid technological developments, the increasingly global nature of business, and more complex international flows of Personal Data. The GDPR replaces a patchwork of national data protection laws with a single set of rules, directly enforceable in each European Union Member State.
If the GDPR applies to you, then you may request information about:
The Ocean Agency will store your Personal Data for as long as necessary to fulfill the purpose for which the Personal Data was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use of disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve these purposes through other means, and the applicable legal requirements. Upon expiration of this time frame, The Ocean Agency will securely erase and destroy all of your collected Personal Data, in accordance with applicable laws and regulations.
The term “Personal Data” includes any information relating to an identified or identifiable natural person, so called “data subjects” (e.g., information such as your name, address, email address, telephone number, IP address, credit card information, identification number, website Cookies, occupation and location).
Personal Data does not include data from which you can no longer be identified due to encryption or anonymity. In some circumstances, The Ocean Agency may completely anonymize your Personal Data so that it is no longer attributable to you. In this case, the information will no longer be considered Personal Data for GDPR purposes.
Rights to your Personal Data under the GDPR
If the GDPR applies to you, then you have particular rights as an individual under this regulation, including the right to:
Reasonable access to your personal data will be provided at no cost to you upon request made to The Ocean Agency at email@example.com. If access cannot be provided within a reasonable time frame, The Ocean Agency will provide you with a date when the information will be provided. If for some reason access is denied, The Ocean Agency will provide an explanation as to why access has been denied.
Withdrawal of Consent
The Ocean Agency acknowledges that even though you may initially consent to the processing of your Personal Data, you may want to withdraw your consent from time to time. You may withdraw your consent from the processing of Personal Data either entirely or in part. To withdraw your consent, please contact us at firstname.lastname@example.org.
Questions or Concerns
If you have any questions or concerns regarding the rights established under the GDPR, please contact us at email@example.com.
17. California Consumer Privacy Rights
If you are a California resident, you may have the rights described below with respect to the Personal Information we have collected about you as a user of the Services.
Right to Know and Right to Request Information
Under the CCPA, California residents have certain rights regarding their Personal Information, including:
To review, request access to, or exercise your rights under the CCPA, please contact us at firstname.lastname@example.org.
Right to Request Deletion
You have the right to request that we delete your Personal Information. “Deleting” Personal Information is defined by:
If Personal Information is stored, archived, or listed in a backup system, we reserve the right to delay compliance with the consumer’s request to delete, with respect to data stored on the archived or backup system, until the archived or backup system is next accessed or used. We will inform the person(s) of this in the event is it applicable to their request.
We must maintain a record of the individual requesting deletion pursuant to the Civil Code section 1798. 105(d).
The Ocean Agency is not required to comply with a consumer’s request to delete the consumer’s Personal Information if it is necessary for us or a service provider to maintain the consumer’s Personal Information in order to:
To submit a request to delete your Personal Information and exercise your rights under the CCPA, please contact us at email@example.com.
Right to Opt-out
Right to Non-Discrimination
Submitting a Data Subject or California Consumer Request
All requests received will be reviewed and verified prior to the request being processed by our privacy team. You may designate an authorized agent to make a request to know or a request to delete your Personal Information by providing the authorized agent written permission to do so; and by verifying your own identity with us directly. We will deny any requests from agents that do not submit proof of authorization. To submit your questions and inquiries related to your rights, please contact us at firstname.lastname@example.org.
18. Third Party Payment Service
We will use a third party payment service to process payments made through the Services. If you wish to make a payment through the Services, your Personal Information will be collected by such third party and not by us, and will be subject to the third party’s privacy statement, rather than this Privacy Statement. We have no control over, and are not responsible for, this third party’s collection, use, and disclosure of your Personal Information.
20. Contact Us
Data Protection Officer
The Ocean Agency
215 South Ferry Road, Box 28
Narragansett, Rhode Island 02882 USA