Privacy Policy for ACM at CSUF

Last updated September 19th, 2023

Introduction

This privacy policy is an agreement between you, the user of our services (the “User”), and the Association for Computing Machinery chapter at California State University, Fullerton (henceforth “ACM”). By registering for access to all channels in the ACM Discord server (the “Discord”), you hereby agree to all the terms of this agreement. The terms and conditions described in this policy shall apply exclusively to usage and management of Discord bots made by ACM (the “services”), and shall not apply to the general distribution of data from Discord by other users or by members of ACM. The distribution of data through other means is regulated by the Discord Terms of Service (https://discord.com/terms) and the Discord Privacy Policy (https://discord.com/privacy). The valid, working version of this privacy policy shall exclusively be hosted on the ACM website (the “Website”) at https://acmcsuf.com/privacy. This information details the data which we collect about you, basic rights as recognized under the laws covering the jurisdiction where ACM resides, and how to exercise your rights.

Information we collect

We may collect any information that is submitted over Discord, including but not limited to messages sent in the ACM discord, forms submitted through ACM discord bots, Discord profile information, and other communications made over Discord. This data may be associated with your identity through any identifying information you provide over any channels. Any personal information provided to another person may enter our data collections in the event that they distribute the data over Discord or through some other means of interaction with our Discord bots; this data shall be considered their data, but we may, at our discretion, honor requests by a user to delete their personal information when submitted by another individual.

Authority

The right to handle requests under this agreement shall generally, as well as when explicitly stated, be given to General Board members of ACM, as defined by ACM's Constitution (in its latest revision). However, at any time when General Board members have jurisdiction over an action, they may choose (either recurring or for a specific instance) to designate authority over a request to another member of ACM, who shall have the full authority to handle the request(s) and action(s) as per the provisions of this policy.

Data sale and distribution

ACM shall not, under any circumstances, sell your data in any way through bots created by ACM in the Discord. This does not limit any other rights of distribution of messages directly through Discord; ACM simply agrees not to sell data directly from collections made by our Discord bots. We may aggregate and entirely anonymize data, and use that data for ACM promotional purposes; we will take all reasonable measures to ensure that no data from among our collected data with personally identifiable information is distributed. Under certain circumstances, we may need to distribute lists of event attendees as collected by the services to California State University, Fullerton; by registering for an event, you agree to this distribution. We also reserve the right to distribute Discord messages using Discord bots for ACM projects and in support of projects by students and alumni of California State University, Fullerton. Further, the ACM Discord is considered a public forum, and all messages in it are (to the extent allowed by law) public domain; as such, individuals may use data for purposes outside the scope of this policy, and ACM may use the data for purposes determinable in its sole discretion.

Accessing your data

You have a right to know what data we have collected about you. In addition to the categories listed in this document, you may directly access your data by submitting a request to a General Board member of ACM. We will comply with this request within 45 days, or within limits specified by local law, whichever is shorter.

Disclosure to law enforcement

Except where bound by valid court order or by other enforceable, legal order from within the United States, or as where bound by California laws requiring disclosure, we will not disclose any information under any circumstances to any law enforcement agency, including limited jurisdiction enforcement agencies such as the U.S. Immigration and Customs Enforcement. We will not enforce the disclosure laws of any other jurisdiction without an order certified by a court residing within California, whether state or federal, demanding the disclosure of the documents, and we reserve the right to confer with legal or other counsel prior to disclosing any data we have collected.

Right of correction

You have the right to correct any information which you deem to be incorrect stored on our servers or other databases owned by ACM. You must submit a request listing what information is incorrect, and what it should be changed to, to a General Board member of ACM. We will comply with the request within 45 days, or within limits specified by local law, whichever is shorter.

Data retention

We reserve the right to retain any data collected indefinitely, unless it must be deleted by applicable laws, you request to delete it, or we lose the data. If the services are discontinued by ACM, users will be given a 14-day notice during which they may request copies of their data, after which point the data will be deleted.

Amendments

We may, at our sole discretion, amend the terms of this privacy policy. Changes which do not affect the actual effects of the policy may be made at any time, without any advance notice. Changes which affect manners of substance shall be given 14 days notice, both on the Website and on the Discord. By continuing to use the services after the termination of the notice, you agree to any changes made to this policy.

Information for users accessing from California and other U.S. states

Laws in California and other U.S. states may give you extra rights and protections than laws in other states. As we are registered and organized in California, we will extend the rights of those accessing our services from California to all users of our services. While we are not bound by all of the conditions of the California Consumer Privacy Act (and successor legislation), we will generally (with the ability to, at our discretion, reduce our actions to only those required by law) comply with it as if we were bound by it. If you would like to exert your rights as provided by the laws of another state, you must contact us with a request to exert those rights, as well as citations to the applicable laws for your jurisdiction.

Information for users accessing from the European Union, European Economic Area, United Kingdom, Switzerland, and Brazil

We will fully respect all rights under the European Union's General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), and any other applicable local laws regarding data privacy. We are not incorporated, registered, or organized in any of these territories, and thus laws applying to local organizations do not apply to us; however, you still reserve your rights as would be applied to foreign organizations, including but not limited to the right to access, rectify, erase, limit the processing, disseminate, object, and withdraw consent over the usage of your data. We do not hold registration with any data protection agencies, or have a designated data protection officer. We may, at our discretion, allow users from outside these territories to exercise the same rights as users from these territories.