Saint Thomas Chori School students using laptops on a stairwell

Privacy Policy

The Saint Thomas Choir School is located at

202 West 58th Street, NY, New York 10019

This privacy notice tells you what personal data and non-personal data we may collect from you as you use this website and its services. It includes how the data is collected, protected and in some limited cases, shared with other parties. You can also make requests to access, change and delete personal data that has been collected.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this Policy.

Data Collection

Legal basis for collecting and processing your personal and non-personal data

When you load a page on choirschoo.org, data is collected for the technical operation of the website, such as security protocols looking for malicious activity that could lead to defacement or a data breach. We thereby have a legitimate interest in monitoring the site’s performance in order to provide a positive experience for visitors. The legal basis for other data collection, such as names and email addresses you submit when requesting more information or starting the application process, is based on the consent you provide when you elect to use a contact form or initiate another direct interaction.

We Collect Your Personal Data in the Following Ways

Automatic Collection

We automatically receive information from your web browser or mobile device. This information may include the name of the website from which you entered our website, if any, as well as the name of the website you’ll visit when you leave our website, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use all this information to analyze trends among our users to help improve our website. From time to time, Saint Thomas Choir School may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

Contact Forms

The contact form asks for your consent to transmit personal data such as your email address and name in order to facilitate communication. That data is stored in our database and may also be sent to the appropriate staff member as email using Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include confidential or sensitive information within an email.

Concluded conversations will be deleted from those inboxes after 60 days. None of this personal information will be used for marketing purposes.

Analytics

Our website uses Google Analytics to collect information about the use of our website, but not to collect any personal data. When you load the site, your IP address is anonymized so that it cannot be used to trace you as an individual while still allowing us gather information about how users interact with our site. Google Analytics will still place cookies on your computer to track metrics like visit duration, but it does so without including personal information.

All activity falls within the bounds of the Google Analytics Terms of Service. For more information on how Google collects and processes your data, visit https://www.google.com/policies/privacy/partners/. Or to opt-out of Google Analytics across all websites, consider using the tool at https://tools.google.com/dlpage/gaoptout

Security

We use security plugins like Wordfence to prevent hacks, break-ins, etc. Those plugins necessarily look at your IP address to ensure that you’re not engaged in malicious activity, as well as block IP addresses as that violate security rules. Wordfence does analyze the activity of IP addresses to look for larger security trends and risks across the internet, and as such we consider Wordfence and their parent company, Defiant, Inc., to be a third party data processor.  Contact us if you need the data they process to be removed.

Data Integrity

Servers

This site is hosted by SiteGround, based in the United States. Any data originating or stored on the site, including any personal information submitted by users, will be stored and/or processed in the United States. Data is hosted from a secured environment, and backups are only accessible by the site owner and administrators.

We use Secure Sockets Layer (SSL) software to encrypt the information you enter on our Site in order to protect its security during transmission to and from our Site.

Data Breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Internal Data Retention

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.