Privacy Policy

The YMCA of Metropolitan Los Angeles (the “Association”) is committed to protecting the privacy of its members and donors and maintaining their personal information in confidence. As an expression of the Association’s commitment to protect the personal information of its members, employees, and volunteers the following Privacy Policy (“Policy”) has been adopted.

This Privacy Policy will advise you about the Association’s guidelines concerning the use of your personal information, including the reasonable efforts we make to protect your personal information in accordance with these guidelines and about what choices you have concerning the Association’s use of such information. Please read this Policy carefully.

Please refer to this Policy regularly. The Association may need to change this Policy from time to time to address new issues and reflect changes on our website. Changes will be
posted to the Association’s website and will update the “last updated” date at the top of this page so that you will always know the Association’s policies regarding what information is gathered, how information is used, and whether the Association will disclose that information to anyone.

The Association collects information from members in multiple database(s) for the purposes of billing; supporting the progress of its members toward their goals; encouraging the involvement of the whole family; and providing information on upcoming Association events and program opportunities. Member information is also aggregated in certain ways to help staff and the Association’s Board determine how well it is serving the community and how it can improve its operations.

Scope of Privacy Policy:

This policy applies to the Personal Information (“PI”) which you provide to the Association either through our websites, in person, or otherwise. This Policy does not apply to your use of unaffiliated sites to which our websites link.

This Privacy Policy applies to all current and former members, employees, volunteers, and donors (“members”), as well as to all persons who have offered personal information to the Association as prospective members or employees.

Collection of Personal Information (PI):

The Association collects PI from you through a variety of methods. This information may include your name, home address, email address, date of birth, demographic information, health information and other information that we may need to collect in connection with certain events, including, but not limited to:

  • Registration for, or participation in, events, classes, camps, and other activities;
  • Registration for surveys, forums, content submissions, chats, bulletin boards, discussion groups, requests for suggestions, or other services or activities offered on the Association website;
  • Answering your inquiries about the Association website, organization, membership, or other services or activities;
  • Registration as a member, donor, and/or volunteer.

We collect personal information without limitation through the use of the following types of methodology:

“Cookie” technology: A cookie is an element of data that a website can send to your browser, which may then store it on your system to help enhance your experience in using our sites and to provide us with technical information about your site usage.

IP address tracking: An IP address is a number that is assigned to your computer when you are on the Internet. When you request pages from our sites, our servers log your IP address.

Web beacons: A Web beacon, or “clear gif”, is a small graphic image on a webpage or web- based document that a website can use to determine information about a user.

Personal information might include, but is not limited to the browser you use, the type of computer, technical information about your means of connection to our sites (such as the operating systems and the Internet service providers utilized), and other similar information. Our systems may also automatically gather information about the areas you visit and search terms you utilize on our sites and about the links you may select from within our sites to other areas of the World Wide Web or elsewhere online.

Do Not Track (DNT) is a privacy preference that users can set to prevent web services from collecting information about their online activity. We do not respond to DNT signals.

Use and Disclosure of Personal Information (PI):

If you do provide the Association with PI for an activity, event, or service, it may use it to conduct such activity, event, or service and future Association activities that may be of interest to you. The Association may contact you based on the information you provide online or offline.

The Association shares member and donor information with financial institutions, government agencies, and companies working on behalf of the Association only as needed to conduct Association operations or other support services. We also may share your information with other YMCA Associations and with the YMCA of the USA, which is a national resource office for the YMCA of Metropolitan Los Angeles and other local YMCAs, to help improve the overall network of YMCAs. The Association may also provide PI to regulatory authorities and law enforcement officials in accordance with applicable law or when we otherwise believe in good faith that the provision of such information is required or permitted by law, such as in connection with the investigation or assertion of legal defenses or for compliance matters.

The Association will not sell, rent or lease your personal information to others, including information provided about children.

You may update your personal information at any time. Please notify the Executive Director at your Association center of any concerns you may have regarding the privacy of your records.

The Association and each of its community locations are committed to keeping any and all Personally Identifiable Information (“PII”) confidential and secure. Your PII includes personal information, such as your name, address, birth date, social security number (employees only), employer, payment history, bank information, and program and donor involvement.

How we Protect Your Privacy:

The Association maintains procedural, electronic, and physical safeguards to protect the PI of its members, donors, and volunteer staff, including, but not limited to, the following:

Procedural Safeguards:

  • The Association permits access to PI only by authorized employees and volunteers with a need to have access and who are trained in the proper handling of member information. The Association removes employee and volunteer access to systems as part of the employee separation process.
  • The Association requires all outside vendors and contractors who may be retained to perform services for the Association to conform to Association privacy standards and/or sign strict confidentiality agreements. In the rare and limited circumstances when a retained service provider is required to use PI to complete its assignment, the service provider is strictly prohibited from using this information for any other purpose.
  • The Association uses outside vendors to conduct periodic network security audits to help prevent security breaches.
  • The Association follows published document management procedures providing for the timely destruction of outdated personal information.

Electronic Safeguards:

  • The Association masks all but the last four digits of your credit card and bank account numbers in our Membership and Donor application screens.
  • The Association uses SSL (secure socket layer) transmission to transmit electronic funds transfer payments to and from financial institutions.
  • The Association does not display any bank or credit card information on any system generated receipts or invoices.
  • The Association ensures that all unattended computers display electronic screensavers to help prevent unauthorized access to personal information. Access is locked out until a proper password is entered.
  • All Association employees and volunteers, upon logon to any networked computer, are prompted with a message that reminds them of the importance of protecting PII.
  • The Association’s automated system policies require employees and volunteers to utilize required multi-factor authentication (MFA) for remote and privileged access.

Physical Safeguards:

  • The Association’s internal audit team periodically audits our centers to ensure that reasonable security practices and internal controls are being followed.
  • All Association locations take adequate measures and implement safeguards to reduce the incidents of theft and to ensure that your personal checks are deposited in the bank.
  • Many centers have security surveillance cameras to discourage theft on the premises and have controlled access into their facilities.
  • The Association keeps the transportation of PI between the centers to a minimum to help reduce the potential for identity theft.

Privacy of Children:

The Association is mindful that young people need special safeguards and privacy protection. We realize that they may not understand all of the provisions of Association policy or be able to make thoughtful decisions about the choices that are made available to our adult members. We strongly urge all parents/guardians to participate in their children’s exploration of the Internet and any online services and to teach their children about protecting their personal information while online.

If we ask for Personally Identifiable Information (“PII”) about children under the age of thirteen (13) on the Association website(s), in person, or through any other mechanism, we will take additional steps to protect the privacy of such information, including:

  • Obtaining consent from the parent or legal guardian of the child before collecting or using the child’s PII;
  • Notifying parent(s)/guardian(s) about what PII is being requested and how that PII will be used and/or shared, such as through this Policy;
  • Limiting the collection of PII about children to no more than is reasonably necessary to accomplish the purpose of the collection; and
  • Giving parents’ access to the PII we have collected about their children and offering them the opportunity to request that such PII be changed or deleted.

Donations:

When you make a payment as a donation, we collect information to process your donation and may use that information to contact you in the future about the Association and its programs. Your payment information is transmitted to us, using a secure Internet method that helps maintain the privacy of this information. During the time your payment information resides on our systems, it is in an encrypted format and can only be accessed by authorized personnel with a decryption key. The Association complies with Payment Card Industry Data Security Standards (PCI DSS) in processing and storing donor payment data and will not sell, rent, or share your donation information with third parties for unrelated purposes.

Security:

The Association takes appropriate administrative, technical, and physical measures to safeguard against unauthorized processing of personal information, and against the accidental loss of, or damage to, personal data. However, the Association cannot provide an absolute guarantee of the security of any of our websites or any other site on the Internet.

Links to Other Sites:

Users may find other content on Association websites that link to the sites and services of other third-parties. We do not control the content or links that appear on these sites. Third- party sites or services, including their content and links, may be constantly changing and may have their own privacy policies and customer service policies. We encourage you to review the privacy policies of any third-party sites or services before providing any of them with your personal information. The Association is not responsible for the privacy practices of such third- party websites, applications or services.

Consent to Transfer:

Association websites are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to the Association will be transferred to the United States, even though the United States has privacy laws that the European Union and other jurisdictions may consider inadequate. By using Association websites, participating in any Association services, and/or providing us with your information, you consent to this transfer.

Choice/Opt-Out:

If you opt-in to receive information from us, you can change your mind later. If at any time you would like to stop receiving such information or opt out of a feature, you may change your options by contacting your local center. While it is not always possible to completely remove or modify information in our databases and servers, the Association will make reasonable efforts to do so upon your request.

California Privacy Rights:

The California “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third-parties for direct-marketing purposes in the preceding calendar year. The Association does not distribute your personal information to outside parties for their direct marketing without your consent.

Updating your Personal Information:

You can update your personal information by using the Association website. Please do not send Social Security numbers or other sensitive information to us via unencrypted email.

Your Rights:

The Association will notify you, either in writing or electronically, if it suspects a security breach of your PII, as mandated by California Civil Code Section 1798.82 (SP 1386).

The Association takes appropriate administrative, technical and physical measures to safeguard against unauthorized processing of personal information and against the accidental loss of, or damage to, personal data, although we cannot provide an absolute guarantee of the security of our site or any other site on the Internet.

The Association may change its Privacy Policy from time to time. If this is done, the Privacy Policy, in its most current version, will be published on our websites. In addition, a printed copy will also be available at all Association branch locations. This Privacy Policy supersedes all prior notices the Association may have provided you.

The Association maintains a copy of its approved Privacy Policy on its website: https://www.ymcala.org/privacy-policy/

How to Contact Us:

You may contact the Executive Director of your local center if you have questions or need additional information.

 

 

Revised March 2026