Policy and Privacy

Who we are

A Sista’s Circle Empowerment Network-ASSCEN, LLC is a membership organization for women entrepreneurs who are running, starting, or thinking about starting a business and would like the support and empowerment of other women who are doing the same.

What personal data we collect and why we collect it

Registration

In order to use this website, a user must first complete the registration form. During registration a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. At your option, you may also provide demographic information (such as gender or age) about yourself, but it is not required.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and the browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Additional information

How we protect your data

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only Members of ASCEN who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

What data breach procedures we have in place

This Procedure sets out the processes to be followed by A Sista’s Circle Empowerment Network-ASCEN, LLC (ASCEN) Security Team in the event that ASCEN experiences a data breach or suspects that a data breach has occurred. A data breach involves the loss of, unauthorized access to, or unauthorized disclosure of personal information.

  1. Policy

This Procedure is governed by A Sista’s Circle Empowerment Network-ASCEN, LLC’s Privacy Policy.

  1. Introduction

ASCEN is committed to managing personal information in accordance with the Privacy Act 1988 and the ASCEN Privacy Policy.

This document sets out the processes to be followed by ASCEN staff in the event that ASCEN experiences a data breach or suspects that a data breach has occurred.

The Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB Act) established a Notifiable Data Breaches (NDB) scheme requiring organizations covered by the Act to notify any individuals likely to be at risk of serious harm by a data breach.

Accordingly, ASCEN needs to be prepared to act quickly in the event of a data breach (or suspected breach) and determine whether it is likely to result in serious harm and whether it constitutes an NDB.

Adherence to this Procedure and Response Plan will ensure that ASCEN can contain, assess and respond to data breaches expeditiously and mitigate potential harm to the person(s) affected.

This document should be read in conjunction with ASCEN’s Privacy Policy.

  1. Process where a breach occurs or is suspected

3.1 Alert

Where a privacy data breach is known to have occurred (or is suspected) any member of ASCEN staff who becomes aware of this must, within 24 hours, alert a Member of the ASCEN Security Team in the first instance.

The Information that should be provided (if known) at this point includes:

  1. When the breach occurred (time and date)
  2. Description of the breach (type of personal information involved)
  3. Cause of the breach (if known) otherwise how it was discovered
  4. Which system(s) if any are affected?
  5. Whether corrective action has occurred to remedy or ameliorate the breach (or suspected breach)

3.2 Assess and determine the potential impact

Once notified of the information above, the ASCEN Security Team must consider whether a privacy data breach has (or is likely to have) occurred and make a preliminary judgement as to its severity.

3.2.1 Criteria for determining whether a privacy data breach has occurred

  1. Is personal information involved?
  2. Is the personal information of a sensitive nature?
  3. Has there been unauthorized access to personal information, or unauthorized disclosure of personal information, or loss of personal information in circumstances where access to the information is likely to occur?

3.2.2 Criteria for determining severity

  1. The type and extent of personal information involved
  2. Whether multiple individuals have been affected
  3. Whether the information is protected by any security measures (password protection or encryption)
  4. The person or kinds of people who now have access
  5. Whether there is (or could there be) a real risk of serious harm to the affected individuals
  6. Whether there could be media or stakeholder attention as a result of the breach or suspect breach

The ASCEN Security Team Response team will consist of skilled individuals whose expertise is in Data Security and Information Technology.

3.3 Primary role of the ASCEN Security Team

There is no single method of responding to a data breach and each incident must be dealt with on a case by case basis by assessing the circumstances and associated risks to inform the appropriate course of action.

The following steps may be undertaken by the ASCEN Security Team (as appropriate):

  • Immediately contain the breach (if this has not already occurred). Corrective action may include: retrieval or recovery of the personal information, ceasing unauthorized access, shutting down or isolating the affected system.
  • evaluate the risks associated with the breach, including collecting and documenting all available evidence of the breach having regard for the information outlined in sections 3.2 above.
  • Call upon the expertise of, or consult with, relevant staff in the circumstances.
  • Engage an independent cyber security or forensic expert as appropriate.
  • Assess whether serious harm is likely
  • Make a recommendation as to whether the practicality of notifying affected Members.
  • Consider developing a communication or media strategy including the timing, content and method of any announcements to members of ASCEN.

The ASCEN Security Team must undertake its assessment within 48 hours of being convened.

3.4 Notification

Affected Members will be notified with actions performed by the ASCEN Security Team and instructions that need to be carried out by the Member.

3.5 Secondary Role of the Response Team

Once the matters have been dealt with, the ASCEN Security Team will give attention to the following:

  • Identify lessons learnt and remedial action that can be taken to reduce the likelihood of recurrence – this may involve a review of policies, processes, refresher training.
  • Prepare a report to be kept on file.
  • Consider the option of an audit to ensure necessary outcomes are effective.
  1. Updates to this Procedure

In line with the ASCEN Security Team, this procedure is scheduled for review as often as every year or more frequently deemed necessary.

Contact information

Ida Crawford

info@asistascircle.org

443-692-7259