Privacy Controls
Privacy Statement
MITOC is committed to supporting the privacy of all who participate in the club. This Privacy Statement explains how we handle and use the personal information we collect about anyone who uses this site.
We strive to collect the least amount of information necessary and give you
control over how that data is used.
We do not sell your data.
We do not share your information without informed consent.
We do not track you.
What personal information we collect
While specific information may vary for particular individuals, we may collect, use, store and transfer different kinds of personal information about you. We collect your name, email address, emergency contact information. We also collect a record of which trips you sign up for, as well as a record of which you participate on. You have the option (but no obligation) to also supply information about your car as well as any emergency information you wish to share with leaders.
You can manage the data you share and/or download data MITOC stores about you.
How we collect personal information about you
The personal information we collect is almost entirely supplied by you when using this site. When you pay dues or sign a waiver, we keep a record of that action. Similarly, we collect basic information when you complete and submit forms requesting that information.
Cookies
We place a very small cookie in your browser when you use this site. The cookie is used only to manage your session. This cookie keeps you logged in and protects you against CSRF attacks (somebody else pretending to be you on this site).
- We do not use cookies to track your activity in any way.
- We do not use third-party cookies.
How we use your personal information
Related: Personal Information, Privacy
We use your personal information for a number of legitimate purposes all in support of the Institute and its mission.
When you attend a MITOC trip, we supply trip leaders with the details of any MITOC items that you may have rented from the office.
We will occasionally share your name, email address, and car description with other participants for trip-planning purposes. Your name and email address are displayed ubiquitously throughout the system, but never on a public-facing page. Your cell phone number is visible to trip leaders.
In the event of an emergency, your medical information may be used to:
- Render first aid
- Notify an emergency contact
- Describe a missing trip's cars to search-and-rescue teams
We are required to share your name, email address, and cell phone number with Student Organizations, Leadership and Engagement for official club trips.
Only trip leaders can see your medical information. No other participants can see your medical information.
If you have concerns about any of these purposes, or how we communicate with you, please contact us. We will always respect a request by you to stop processing your personal information (subject to our legal obligations).
When we share your personal information
By using this site, you share some information with the following companies/services:
Sentry
Any time something goes wrong while you're using this site, Sentry notifies us of the circumstances surrounding the error. Some personal details are shared as part of the error report. For example, Sentry stores what kind of browser you were using and which page you were viewing at the time of the unexpected error. This information helps us understand of the issue and resolve the underlying problem. Information that Sentry collects is automatically deleted after a number of weeks. You are encouraged to read about your rights in Sentry's privacy policy.
Gravatar
We make use of Gravatar to show a profile image for users in our system. When you use this service, we share an MD5 hash of your email address (not your actual email) with Gravatar. If you have an account with Gravatar, your chosen profile image will then be displayed. See Gravatar's privacy policy for more information.
You can opt out of sharing your hashed email with Gravatar at any time.
DocuSign & CyberSource
When you sign a waiver or pay your membership dues each year, you use DocuSign and Cybersource, respectively. Both these services are provided by the Massachusetts Institute of Technology (MIT).
How your information is stored and secured
MIT uses risk-assessed administrative, technical and physical security measures to protect your personal information. Your information lives in a Postgres database (behind a Virtual Private Cloud) administered by Amazon Web Services. Direct database access is restricted to MITOC's elected webmasters.
How long we keep your personal information
We automatically remove all participant-supplied medical information after 6 months of activity. You can remove most profile information at any time. Legal waivers, any monetary payments to the club, and any participation on past trips are retained indefinitely.
Rights for Individuals in the European Economic Area (EEA) or United Kingdom (UK)
You have the right in certain circumstances to (1) access your personal information; (2) to correct or erase information; (3) restrict processing; and (4) object to communications, direct marketing, or profiling. To the extent applicable, the EEA’s General Data Protection Regulation (GDPR) provides further information about your rights. You also have the right to lodge complaints with your national or regional data protection authority.
If you are inclined to exercise these rights, we request an opportunity to discuss with you any concerns you may have. To protect the personal information we hold, we may also request further information to verify your identity when exercising these rights. Upon a request to erase information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future, as well as any information necessary for MIT archival purposes. We may also need to retain some financial information for legal purposes, including US IRS compliance. In the event of an actual or threatened legal claim, we may retain your information for purposes of establishing, defending against or exercising our rights with respect to such claim.
By providing information directly to MIT, you consent to the transfer of your personal information outside of the European Economic Area to the United States. You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA.
You are under no statutory or contractual obligation to provide any personal data to us. The controller for your personal information is MIT.
If you are in the EEA or UK and wish to assert any of your applicable GDPR rights, please contact dataprotection@mit.edu. You may also contact MIT’s representatives listed below:
MIT Representative in the European Economic Area
J-PAL Europe: 48 Boulevard Jourdan, 75014 Paris, France
MIT Representative in the United Kingdom
MIT Press UK: 71 Queen Victoria Street, London, United Kingdom, EC4V 4BE
Updates to this policy
We may change this Privacy Statement from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our MIT websites or by contacting you directly.