Privacy Policy

Who we are

Our website address is https://thinkvisionary.com.

What personal data we collect and why we collect it

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

We may share your personal information in the following situations:

• With Service Providers: We may share your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
• For business transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• With Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates other subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
• With business partners: We may share your information with Our business partners to offer you certain products, services, or promotions.
• With other users: When you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
• With Your Consent: We may disclose your personal information for any other purpose with your consent.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service. Your information, including Personal Data, is processed at the company’s operating offices and in any other places where the parties involved in the processing are located. Information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Your contact information

Additional information

How we protect your data

We have security measures in place to help protect against the loss, misuse, and alteration of the data under our control. When the website is accessed using Internet Explorer version 11 or higher, or a comparable internet browser, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that the data are safe, secure, and available only to you.

What data breach procedures we have in place

Purpose

The purpose of the policy is to establish the goals and the vision for the breach response process. This policy will clearly define to whom it applies and under what circumstances, and it will include the definition of a breach, staff roles and responsibilities, standards and metrics (e.g., to enable prioritization of the incidents), as well as reporting, remediation, and feedback mechanisms. The policy shall be well-publicized and made easily available to all personnel whose duties involve data privacy and security protection.

 

The Visionary Group Information Security’s intentions for publishing a Data Breach Response Policy are to focus significant attention on data security and data security breaches and how Visionary’s established culture of openness, trust, and integrity should respond to such activity. The Visionary Group Information Security is committed to protecting Visionary’s employees, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.

Background

This policy mandates that any individual who suspects that a theft, breach, or exposure of The Visionary Group’s Protected or Sensitive data has occurred must immediately describe what occurred via e-mail to info@thinkvisionary.org, by calling 800-995-9186, or through the use of the help desk reporting web page at https://thinkvisionary.com. This e-mail address, phone number, and web page are monitored by the ’s Information Security Administrator. This team will investigate all reported thefts, data breaches, and exposures to confirm if a theft, breach, or exposure has occurred. If a theft, breach, or exposure has occurred, the Information Security Administrator will follow the appropriate procedure in place.

Scope

This policy applies to all who collect, access, maintain, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle personally identifiable information or Protected Health Information (PHI) of members. Any agreements with vendors will contain language similar that protects the fund.

 

Policy Confirmed theft, data breach, or exposure of Protected data or Sensitive data

As soon as a theft, data breach, or exposure containing Protected data or Sensitive data is identified, the process of removing all access to that resource will begin. The Executive Director will chair an incident response team to handle the breach or exposure.

 

The team will include members from:

• IT Infrastructure
• IT Applications
• Finance (if applicable)
• Legal
• Communications
• Member Services (if Member data is affected)
• Human Resources
• The affected unit or department that uses the involved system or output or whose data may have been breached or exposed
• Additional departments based on the data type involved, Additional individuals as deemed necessary by the Executive Director

 

Confirmed theft, breach, or exposure of The Visionary Group data

 

The Executive Director will be notified of the theft, breach, or exposure. IT, along with the designated forensic team, will analyze the breach or exposure to determine the root cause.

 

Work with Forensic Investigators

As provided by cyber insurance, the insurer will need to provide access to forensic investigators and experts that will determine how the breach or exposure occurred; the types of data involved; the number of internal/external individuals and/or organizations impacted; and analyze the breach or exposure to determine the root cause.

 

Develop a communication plan

Work with The Visionary Group communications, legal and human resource departments to decide how to communicate the breach to:

1. a) internal employees
2. b) the public
3. c) those directly affected

Ownership and Responsibilities

Roles & Responsibilities:

• Sponsors – Sponsors are those members of The Visionary Group community that have primary responsibility for maintaining any particular information resource. Sponsors may be designated by any Executive in connection with their administrative responsibilities, or by the actual sponsorship, collection, development, or storage of information.
• Information Security Administrator is the member of The Visionary Group community, designated by the Executive Director or the Director, Information Technology (IT) Infrastructure, who provides administrative support for the implementation, oversight, and coordination of security procedures and systems concerning specific information resources in consultation with the relevant Sponsors.
• Users include virtually all members of The Visionary Group community to the extent they have authorized access to information resources and may include staff, trustees, contractors, consultants, interns, temporary employees, and volunteers.
• The Incident Response Team shall be chaired by Executive Management and shall include, but will not be limited to, the following departments or their representatives: IT-Infrastructure, IT-Application Security; Communications; Legal; Management; Financial Services, Member Services; Human Resources.

 

 Enforcement

Any of The Visionary Group personnel found in violation of this policy may be subject to disciplinary action, up to and including termination of employment. Any third-party partner company found in violation may have their network connection terminated.

 

Definitions

Encryption or encrypted data – The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text;

Plain text – Unencrypted data.

Hacker – A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s).

Protected Health Information (PHI) – Under US law is any information about health status, provision of health care, or payment for health care that is created or collected by a “Covered Entity” (or a Business Associate of a Covered Entity), and can be linked to a specific individual.

Personally Identifiable Information (PII) – Any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered

Protected data – See PII and PHI

Information Resource – The data and information assets of an organization, department, or unit.

Safeguards – Countermeasures, controls put in place to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Safeguards help to reduce the risk of damage or loss by stopping, deterring, or slowing down an attack against an asset.

Sensitive data – Data that is encrypted or in plain text and contains PII or PHI data. See PII and PHI above

What third parties we receive data from

We may receive data from third parties such as analytics providers such as Google, advertising networks such as Facebook, search information providers, and providers of technical, payment, and delivery services, such as data brokers or aggregators.

We may also receive data from your organization if you have booked a course with us.

What automated decision making and/or profiling we do with user data

This Policy applies between you, the user of this website, and The Visionary Group, the owner and provider of this website. This Policy applies to our use of any Data collected by us concerning your use of the website.

Automated Decision-Making (ADM): when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing.

Automated Processing: any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular, to analyze or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. Profiling is an example of Automated Processing.

Industry regulatory disclosure requirements

Disclosures are only made for legal or regulatory disclosure requirements and are subject to the terms and conditions of the confidentiality agreement.