As of September 20, 2020
SJICN, a nonprofit subsidiary of Navigating Our Future, a 501 (c) (3) enterprise, receives, collects and stores any information visitors enter on SJICN’s website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.
HOW SJICN COLLECTS INFORMATION
When visitors conduct a transaction on SJICN’s website, as part of the process, we collect personal information visitors give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
COMPLIANCE WITH THE FEDERAL TRADE COMMISSION’S CHILDREN’S ONLINE PRIVACY PROTECTION ACT (COPPA)
SJICN welcomes the youth in our community to participate in the process of understanding the challenges we face and engaging as residents in developing solutions to these challenges, exploring opportunities, and working to improve the quality of life for all human and non-human life in the San Juans.
Therefore we will comply to the Children’s Online Privacy Protection Act (COPPA) enacted by Congress in 1998. COPPA required the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy. The Commission’s original COPPA Rule became effective on April 21, 2000. The Commission published an amended Rule on January 17, 2013. The amended Rule took effect on July 1, 2013.
The primary goal of COPPA is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13, while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps and IoT devices, such as smart toys) directed to children under 13 that collect, use, or disclose personal information from children, or on whose behalf such information is collected or maintained (such as when personal information is collected by an ad network to serve targeted advertising). The Rule also applies to operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13, and to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. Operators covered by the Rule must:
Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
Provide parents access to their child's personal information to review and/or have the information deleted;
Give parents the opportunity to prevent further use or online collection of a child's personal information;
Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security;
Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use; and
Not condition a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity.
Who is covered by COPPA?
The Rule applies to operators of commercial websites and online services (including mobile apps and IoT devices) directed to children under 13 that collect, use, or disclose personal information from children. It also applies to operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children.
What is Personal Information?
The Rule defines personal information to include:
First and last name;
A home or other physical address including street name and name of a city or town;
Online contact information;
A screen or user name that functions as online contact information;
A telephone number;
A Social Security number;
A persistent identifier that can be used to recognize a user over time and across different websites or online services;
A photograph, video, or audio file, where such file contains a child’s image or voice;
Geolocation information sufficient to identify street name and name of a city or town; or
Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described above.
COMPLIANCE WITH BEST PRACTICES FOR YOUTH UNDER 18 YEARS OF AGE BUT OLDER THAN 13 YEARS OF AGE
According to Childnet International, nearly all other social media services require users to be at least 13 years of age to access and use their services. This includes Facebook, Snapchat, Twitter, Instagram, Tik Tok and Skype.
Whilst there is no age restriction for watching videos on YouTube, users need to be 13 or older to have their own YouTube account (enabling them to subscribe to other channels, like videos, post comments, share their own content and flag inappropriate content).
Why do these restrictions exist?
The reason most social media services use an age limit of 13 or over is in part because of a law in the USA. The COPPA law or Children’s Online Privacy Protection Act states that any organisations or people operating online services (including social media services) are not allowed to collect the personal information of anyone under the age of 13 without parental permission.
To avoid the necessity of obtaining parental permission for any user under the age of 13, most services have instead chosen to place an age restriction of 13 to their services. They write this rule into their Terms and Conditions – which users must agree to when they initially sign up and some services may ask users to declare their age during sign up.
SJICN’s new age limit has been chosen in response to the General Data Protection Regulation (GDPR) coming into effect from May 25th, 2018 and while only applying in the European region, and not elsewhere (e.g. the USA), we feel these guidelines are of value.
What does GDPR advise?
Whilst COPPA and GDPR exist to protect the personal information of children, there are also other elements of social media use which may not be appropriate for young users. Visit Childnet International’s Hot Topic for parents and carers provides more detail and guidance on these risks.
Our advice with regards to age restrictions is that it’s always better to wait until the required age to join any social media service. These rules around age relate to privacy, but also are relevant to safety. Some services offer additional protection for users who are registered as under 18, and by supplying a fake age young people can potentially lose some of this protection. Young people also risk being exposed to content which is intended for older users when they use sites that are not designed for people their age.
Additionally, if a service finds out a user is underage then they may delete the user’s account and any content which has been shared.
We know that social media services are popular with young people of all ages. Parents have an important role in helping prepare their children to go online before they start to use social media platforms. Together you can look at the key things they need to know about staying safe online, critical thinking, and the safety settings that are available to them.
When looking at creating a profile online with your child, have a discussion as a family and make this decision together – talk about why they want the account and ensure that any family members using social media know what tools are available to help them stay safe. You may want to use Childnet International’s family agreement to support this.
WHY SJICN COLLECTS PERSONAL INFORMATION
We collect such Non-personal and Personal Information for the following purposes:
To provide and operate the Services;
To provide our Users with ongoing customer assistance and technical support;
To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
To comply with any applicable laws and regulations.
HOW WE STORE, USE, SHARE AND DISCLOSE SJICN VISITORS PERSONAL INFORMATION
SJICN is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to provide our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Gravitypayments.com and used by SJICN adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by SJICN and its service providers.
HOW SJICN COMMUNICATES WITH OUR SITE VISITORS
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about SJICN, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.
HOW SJICN SITE VISITORS WITHDRAW THEIR CONSENT
If you don’t want us to process your data anymore, please contact us at email@example.com or send us mail to: P.O. Box 2506,, Friday Harbor, WA 98250.
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at firstname.lastname@example.org or send us mail to: P.O. Box 2506, Friday Harbor, WA 98250