Privacy Policy

Data Privacy Policy and Procedures
2/12/2013 – Approved by GNPS Board

The Georgia Native Plant Society (GNPS) recognizes that member data shall be handled in ways that protect our members’ sensitive data. Sensitive data in this context refers to a member’s physical address, the member’s phone number(s), and the member’s email address(es). In addition, confidential internal documents should also be kept confidential no matter where they reside.

These policies and procedures are hereby adopted by the GNPS Board of Directors to be followed in regards to member data and other confidential internal documents. This policy does not apply to financial data; it is handled via the financial policy.

Member data

Member data includes member name(s), address, phone number(s), email address(es), chapter affiliation, membership expiration year, and preferences about listserv, newsletter and online member directory. The source of the member data may be the online database or it may be a local repository.

The following are policy statements:

1. Access to the source of member data is via a secure process.
2. Access to update member data is limited to:
   1. those who need to perform this function
   2. the member him/herself
3. Access to view sensitive member data (i.e., physical address, phone number and email) is available on a need to know basis.
4. Sensitive member data will not be sold or provided to any other organization.
5. Extracts of sensitive member data (e.g., volunteer lists with phone numbers & email addresses, mail lists for 3rd party use such as mailing of post cards/brochures) shall be handled in a secure manner and shall be properly destroyed (e.g., shredded or deleted) when they are no longer needed.

The following are procedures:

1. When the source of member data is via the website, the webmaster and the Director of Communications shall be responsible for ensuring that the process is secure. When the source of member data is via a manual process (i.e., data is maintained outside of the website), the database manager and the Director of Membership shall be responsible for ensuring that the process is secure.
2. When the source of member data is via the website, the member has the opportunity via secure login to manage the accuracy of his/her data in regards to name(s), address, phone number(s), email address(es), chapter affiliation, listserv preference, newsletter preference, and member directory participation. It can also be updated by the database manager, authorized database committee members, and authorized software supporters. When the source of member data is via a manual process, the database manager will make all changes.
3. When the source of member data is via the website, a login shall be required to access member data and access to functions that extract member data shall be controlled via an authorizations file maintained by the webmaster. The webmaster is informed of new authorizations or changed authorizations by either the President, the Secretary or the Director of Communications.When the source of member data is via a manual process, the database manager shall provide the requested data.
4. Board members and committee members are required to keep sensitive member data confidential and to properly destroy it when it is no longer needed.
5. A membership directory is available to members on the website via secure login; sensitive data is not displayed is the directory. Those that wish to participate (member can choose) can use private messaging to initiate contact with other members in the directory. Private messages protect the privacy of the member being contacted as their email address is never revealed. Only if they reply is their email address shared with the initiator.
6. The following statement shall be posted on the website’s member sign in page and the word “cookies” shall be hotlinked to the policy on cookies:

“This website uses your membership data only when you are logged in. Once logged in, the website uses this data and cookies to provide special privileges (such as the latest newsletter access or the member directory) and to improve your online experience by prefilling forms such as the membership renewal form or the rescue signup form.”

Confidential Internal Documents

Pursuant to the bylaws of the Society, “The Secretary shall keep records of the proceedings of the BOD meetings and any official business that takes place in general membership meetings of the Society, and be responsible for all such past records of the organization except those in possession of the treasurer. The Secretary shall prepare such directives, correspondence, and other documents as are needed and authorized by the BOD. He/she shall keep the official copy of current by-laws, policies, standard operating procedures (such as financial policies and procedures, style and identity guide, committee descriptions, etc), and provide such on request.”

The following are policy statements:

1. Access to confidential documents is via a secure process.

The following are procedures:

1. When documents are stored on the website, the webmaster and the Director of Communications shall be responsible for ensuring that the process is secure. When documents are stored offline, the Secretary shall be responsible for ensuring that the access is secure.
2. When documents are stored on the website, a login shall be required to access them and access to them shall be controlled via an authorizations file maintained by the webmaster.
3. Board members and committee members are required to keep confidential documents secure and to properly destroy copies of them when no longer needed