Privacy Policy 2018-04-18T09:16:40-07:00

Privacy Policy

Privacy Information Notice

At the Center for Photographic Art, a 501(c)3 non-profit, we’re committed to protecting and respecting your privacy. Our privacy policy is designed to meet the requirements of the State of California, United States federal regulations, and those of the European Union (GDPR.)

This policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.

We may change this policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this policy.

Any questions regarding this policy and our privacy practices should be sent by email to info@nullphotograpyhy.org, or via the other methods on our contact page.

1. Who are we?

We are the Center for Photographic Art, a 501(c)3 non-profit corporation for the preservation and furtherance of the the skills required for the art of photography.

The Center for Photographic Art, is located in The Sunset Center, Carmel, CA 93921.

Our mailing address is
The Center for Photographic Art
PO Box 1100
Carmel, CA, 93921

To contact us by email, address your email to    info@nullphotography.org

Full contact details can be found in the footer at the bottom of every page.

2. How do we collect information from you?

We obtain information about you when you contact us to subscribe to our newsletter, or enter one of our contests. If you purchase an item or tickets to an event online, that will also require us to get personal information.

3. What information do we collect & how is it used?

We collect information to allow us to fulfil our obligations to you, and to respond to business enquiries. For example, we need your mailing address to send out purchases, or more information, such as address and phone, if required by Stripe, our payment processor. You may be asked for email address, phone and other information if you enter a contest, so that we may contact you if you win, or for other contest-related purposes.

Some information, such as a user name, password and email address are required by WordPress to add you as a user. We also keep membership information, such as what level of membership applies to your account. Purchasing a membership, or a photograph, tickets or other items online will generate a unique order record on our site. The law prohibits us from, and we do not keep credit card numbers. Credit card numbers may be kept by Stripe, our payment processor, as necessary for renewing subscriptions and as required by law. In some cases, PayPal processes transactions. Each of these institutions has data-retention requirement proscribed by US law. Please contact PayPal or Stripe for more information.

We keep your membership information until you delete it yourself, or instruct us to remove it. Memberships expired for more than a year are removed from our records periodially.

Some information, such as your email address, is also shared with MailChimp, our email processor. That is a separate list maintained by them, although we do have control over individual entries. You may remove yourself from this mailing list by clicking the “unsubscribe/remove” link at the bottom of every email sent by Mailchip. You may also email us and have us remove you from the list.

3.0. Sensitive Data

We do not gather sensitive personal data (e.g. health, genetic, biometric data; racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions). We expressly request that you do not provide any such sensitive data to us.

3.1. Children’s information

Our services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.

3.2. Third Parties

We will not give, sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

We may pass your information to third party service providers who we have engaged for the purpose of completing tasks and providing services to you on our behalf, such as sending our monthly newsletter or processing credit cards. We disclose only the personal information that is necessary to deliver the service.

We also use a number of 3rd party services to help us fulfil our contractual obligations – for example, our computers are backed up to various locations, as described below.

3.3. Data Retention Details

The following outlines the personal data we collect and for what purpose. The table also outlines the 3rd parties the data is processed by or shared with, and how long the data is stored for:

Email: contact information; To allow initial and ongoing contact with prospects, clients, suppliers, etc. Kept by WordPress engine and MailChimp. Shipping labels are kept in an Excel spreadsheet for office use. Kept until request for deletion.

Passwords: Client log-in details for various services, including membership. Allows users to log in and access member services> kept in WordPress database using the WordPress provided encrypting algorythm. Kept until request for deletion.

Backup: Our entire site, including all user information, is backed up daily. Backups of our website, in full, are stored on Microsoft OneDrive, BlogVault and are duplicated on the website host drive at Dreamhost. Kept on a rotating basis in perpetuity.

We also use Google Analytics: Website visitor behavior (anonymized – full IP address is NOT stored) NO personal data is stored. No  user identifiable information is stored. Google’s  “user-id” is not used. All Google  Ad-tracking is disabled. Session information is deleted automatically after 14 months.

WordFence: this security software reads IP addresses to generate security warnings and prevent hacking. Entries are kept for 30 days, and are automatically pruned (deleted) by the system.

Security Audit Log: tracks IP address to provide an audit trail in case of hacking. Entries are kept for 30 days, and are automatically pruned by the system.

4. Controlling your information

You have certain rights concerning the information we hold about you. If you wish to exercise these rights, please contact us, including your email address in the first instance (your email address is the unique identifier we use to identify your account).

Note that paid members of the Center for Photographic Art may log in to their own account and control the information we have on file without needing to contact us. You may change or remove most information from the membership panel.

4.0. Requesting a copy of your information

You may request a copy of any data we hold about you. Upon request, we will provide a CSV file (which you may open in a program such as Microsoft Excel or any text editor) containing the personal data we hold on record about you.

4.1. Updating or correcting your information

The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please log in to your account online and make the necessary corrections; or you may contact us so we can correct our records.

4.2. Deleting your information

You have the right to request erasure of your personal information. Unless there is a compelling reason for the data not to be erased (for example, if we need to use that data to fulfil our contractual or legal obligations), your personal data will be deleted on request.

If you delete, or request deletion of, information necessary for us to identify you as a member of CPA, your membership will, of necessity, also cease.

4.3. Automated decision making

We do not use any personal information for automated decision making or profiling; your data is not subject to automated decision making or profiling.

5. Use of ‘cookies’

Like many other websites, the Center for Photographic Art website uses cookies. Cookies are small pieces of information that are stored on -your- computer or mobile device when you visit a website.

The cookies we use are ‘1st party’ cookies. We don’t use any ’3rd party’ cookies (these are often used to track behaviour across a range of websites, so targeted advertising can then be applied. We don’t do this!!) The following list outlines what we use cookies for:

Google Analytics: Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible.

WordPress Comments: When you leave a comment on our blog, three cookies are set to store your name, email address and website. This is so that if you wish to leave another comment, you won’t have to re-type this information. (Comments are currently disabled, so this does not apply.)

Temporary cookies: infrequently used to track action from one page to the next. No personal information is involved.

By using and browsing the Center for Photographic Art website, you consent to cookies being used in accordance with this policy.

If you do not consent, you must turn off cookies in your browser or refrain from using the site. Most browsers allow you to turn off cookies. To do this, look at the ‘help’ menu on your browser. Switching off cookies should not noticeably restrict your use of this website, although it may preclude you from some services which require online payments.

6. Security

The Center for Photographic Art takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:

Data minimisation

Password best practice (we do not accept trivial passwords, such as “passW0rd” or “iloveyou.”)
Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
Staff training and accountability on data protection
Two-factor authentication for site administrators.

This website runs on a dedicated server with extremely limited access. The server is located in a highly secure facility in Virginia, USA.

7. Data Breaches

Where appropriate, the Center for Photographic Art will promptly notify you of any unauthorized access to your personal information.

8. Complaints

If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter.