MASC PRIVACY POLICY

The Mid Atlantic Safety Council (MASC) is committed to protecting the privacy and security of personal information we collect from our members, students, clients, and partners. This policy explains how we collect, use, store, and protect your information in compliance with applicable privacy and data protection laws.

Who are we?

We are Mid Atlantic Safety Council (MASC). The processing explained in this policy may be carried out by MASC.

When collecting information about our customers or visitors of our website, we are, under United States data protection laws, qualified as "data controller". This means that we are responsible for deciding how we hold and use personal data about you.

How do we collect your data?

We collect information about you when you register for an account, sign up for a class, take classes, sign up for our newsletter, or send us an email.

We collect information by automated means. When you creates accounts, register and enroll in classes, take our online courses, or sign up for and read our newsletter, we automatically collect information about you via forms, cookies, and other similar technologies. These are small files associated with information that your browser or our servers will save and return as part of your use of the website and the services for purposes such as saving your login session between visits, recording metrics regarding online training, tracking your use of the website, and for audience measurement purposes.

What data do we collect?

We collect two types of information about you: personal data and non-personal data.

Personal data. This is information that lets us know who you are. This includes the information you provide us when registering for accounts, signing up for our newsletter, or enrolling in courses. This information may consist of your full name, company name, email address, postal address, phone number, employer/company name, billing address, job title or role, course access logs and login activity, training records and certifications, safety compliance documentation, and other contact information you share with us, depending on which MASC services you are using. Your login credentials are also personal data. This category also includes information tied to your identity that you provide us with through other means, such as emails to our support team.

The data you submit should not include any sensitive personal data, such medical records or particulars connected with applications for care or treatment associated with private individuals.

Non-personal data. This is information that doesn’t let us determine your identity. This generally comes from your use of the services after registering on our website. Non-personal data includes information that could personally identify you in its original form, but that we have modified (for instance, by aggregation).

How do we use your data?

We use the information we collect about you to provide services to you. As part of that purpose, we use your data:

1. to create and maintain your account
2. to provide safety training services
3. to maintain membership records
4. to verify contractor and employee safety compliance
5. to process payments and invoices
6. to communicate updates, notices, and reminders about courses and services
7. to comply with OSHA, MSHA, and other regulatory requirements
8. to provide our services and facilitate performance, including verifications relating to you and for email verifications
9. to maintain logs of your use of the platform
10. to respond to any requests you may submit for support or sales information, or similar communications
11. to communicate with you about our services (for example through newsletters, marketing emails, announcements or special offers)
12. for billing and collection purposes
13. for the investigation, prevention and management of fraud and for breaches of our Terms of service
14. to enable third parties to provide services to us
15. for owner sites that request proof of completed training
16. personalize, assess, and improve our services, content and materials and for audience measurement purposes
17. to comply with applicable laws to which we are subject.

We may use your non-personal data to enhance the services, for instance through web analytics or troubleshooting. We may also use aggregated or depersonalized information to promote our services, such as by citing usage statistics.

MASC does not sell personal information to any third party. Information may be shared only when necessary to:

1. Issue certifications to regulatory agencies (e.g., MSHA, OSHA)
2. Verify training status for your employer or authorized worksite
3. Process payments securely through third-party payment processors
4. Comply with legal obligations or government requests

What are our purposes and legal basis for collecting your personal data?

We collect your personal data because we need it to perform a contract we have signed with owner sites or because you have taken steps to complete training (for instance, when you register for an account or register for classes). Otherwise, we collect personal data based on your consent for that specific purpose, and in limited purposes under legitimate interests (for example, for verification of data and payment details).

With whom do we share personal data?

Except for the limited circumstances we describe here or in an applicable agreement or our Terms of service, we do not share your personal data with third parties. When we need to provide your personal data to third parties, we will only share it to the extent necessary to provide you with our services, and we ensure that we have in place data protection requirements with these third parties (including standard contractual clauses as well as the requisite technical and organizational measures).

We may also share your personal data as required or permitted by law and as to optimally provide our services through third party providers as described below.

Hosting Services: We host the website and operate the platform using third parties, including AWS® and SCORM Cloud. Your data will be hosted and/or processed from their data centers.

Payment Providers: We use Stripe® to process subscription payments, and therefore provide them with the personal data required to charge your credit card and maintain any payment mandate information as law requires.

Website functionalities and optimization: We may use third-party services either embedded into our website (such as iContact, Mailgun, and Google® Analytics) or outside of it (such as GitHub®) to communicate with you or to enhance the function of the website and the services, and for product development and optimization.

While we provide these third parties with no more information than what is necessary to enable them to provide the services to us, any information that you provide these services providers independently is subject to their respective privacy policies and practices.

In no case do we sell, share or rent out your contacts to third parties, nor use them for any purpose other than those set forth in this policy.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities or regulatory bodies, including to meet law enforcement requirements, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission.

Additionally, we will provide information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

For how long do we retain your personal data?

We keep your personal data for as long as is necessary to provide our services, maintain accurate training and compliance records, and meet legal and regulatory requirements.

If you would like us to cease all of the described uses of your personal data, you may delete your account at any time from the Account Settings section of our Dashboard or send us a formal request to delete the account(s) on your behalf. This will delete your personal data from our records (within a maximum of ninety (90) days), and we will make no further use of it. We may, however, retain copies of your personal data in backups for legal retention purposes and/or for our own legitimate business purposes.

What are your rights in connection with personal data?

In accordance with Data Protection laws, you have the right to:

1. Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no legitimate reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
4. Withdraw your consent and opt-out from our communications. We will honor your opt-out within 14 days. Please note that you cannot unsubscribe from service-related messages if you remain a customer.
5. Object to processing of your personal data, for example, if we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis.
6. Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
7. Request the transfer of your personal data (right to data portability).

If you want to exercise any of the above rights, please email our privacy team at wilmington@ma-sc.org.

Security

The security and integrity of your personal information is very important to us. We follow industry accepted standards to protect the personal information submitted to us, both during transmission and once it is received. We ensure the appropriate electronic, physical and managerial procedures are in place with a view to safeguarding and preserving all the data handled. Our infrastructure is located in secure servers with restricted access. Each of these locations adhere to strict physical and procedural controls which are frequently audited.

Remember, though, that some parts of the services are public and that email, by its nature, is not a reliably private means of communication. If you voluntarily provide personal data in a public area of the website, unrelated parties online will be able to view it and collect it. If you don’t want to make this information publicly available, you shouldn’t post it.

Changes

The information provided in this policy may be modified to address new issues or changes. If we make significant changes, we may notify you by other means (for instance, by email or with a banner on the website) prior to the change becoming effective. Any changes we make will take effect 30 days after the update date noted above. If you object to the changes, you may choose to close out your account(s) with us before the new effective date to delete your account(s) and related information from our records.

Contact us

If you have questions about this Data Privacy Policy or your personal information, please contact Mid Atlantic Safety Council at 3904 Oleander Dr, Wilmington, NC 28403, email us at: wilmington@ma-sc.org, or phone 910-762-9557.