NextRightThing.org & Next Right Thing, Inc.
Privacy & Information Security Policy
Privacy and the the Website/Service/Software Service
HOW DO WE PROTECT THE SECURITY AND QUALITY OF THE INFORMATION AND FILES STORED ON THE the Website/Service/Software SERVICE?
The Website/Service/Software has been designed to offer the best-in-class security architecture by strong encryption applied exclusively at the client in combination with world-class challenge/response authentication.
Data you place on the Website/Service/Software service may be encrypted before it leaves your computer. This data remains encrypted as it travels to our servers and is not accessible to Next Right Thing or anyone with access to the Website/Service/Software servers. Then, only after it is downloaded by you or those you specifically invite to access your the Website/Service/Software information is it decrypted for use.
We believe that the Website/Service/Software is so secure that information you place on the the Website/Service/Software service are just as secure, if not more secure, than the data stored on servers in your private LANs.
The Website/Service/Software's connection authentication and data encryption components are described briefly here. For a more thorough description, please contact us for the Website/Service/Software Security White Paper.
Connection Authentication. When a the Website/Service/Software client computer connects to the the Website/Service/Software server, Connection Authentication can validate that both are who they say they are. This means that someone else cannot pretend to be a the Website/Service/Software server or client, tricking the Website/Service/Software software into sending it your data. And vice-versa -- no the Website/Service/Software client that you haven't invited to the drive can trick the Website/Service/Software server into sending it data. This authentication is performed through a challenge/response protocol using the RSA Public/Private key pairs of both parties. Every new connection made must successfully complete the challenge protocol. Data Encryption. the Website/Service/Software encrypts your data using RSA 128 bit RC5 data encryption keys. Your data is encrypted with these keys on your the Website/Service/Software client just before it is sent on the wire to the the Website/Service/Software server. Once on the server, it remains protected. At no point after leaving your computer can anyone view the clear text version of your files. Most importantly, we employ a unique encryption key management system so that the usable keys are only available on the client machines. Only the client computer can download and then decrypt the data. Since the usable keys are not available anywhere on the web, no one can view your data by looking at the data contained there. Even the names of your files are changed on the server to meaningless strings so as not to hint at their content.
Privacy and the Next Right Thing Websites
WHAT PERSONALLY IDENTIFIABLE INFORMATION DO WE OBTAIN FROM YOU? WHEN DO WE OBTAIN SUCH INFORMATION?
If, upon visiting our Website, your use is limited to browsing our informational content, we will not require that you provide us with any personally identifiable information.
However, we may request personal information from you at other times. For example:
If you purchase products or services or place orders on our Website, we will ask that you provide us with certain personal information, including your name, credit card number, expiration date, password, e-mail address, mailing address, and telephone If you use the the Website/Service/Software service, we will ask that you provide us with your name, password, e-mail address, mailing address, and telephone number. If you want to enter any contests or promotions sponsored by us [or by one of our business partners], we will need your name, e-mail address and other information as may be required by the rules of the specific contest. If you choose to participate in a customer survey conducted by us or by one of our business partners, we may ask for your name, e-mail address and other information as may be required by the particular survey. If you report a problem or submit a customer review, we will ask that you provide your name and e-mail address, although you can choose not to have your name and/or e-mail address submitted to us. Should you contact us for any reason other than to report a problem and/or submit a review, we may also keep a record and/or copy of your correspondence with us.
HOW DO WE USE YOUR INFORMATION?
Our primary use of your information is to administer, maintain and improve your experience on our Website generally as well as provide you with customized, personalization services and interactive communications.
We may from time to time send you e-mails regarding our Website and special promotions. Also, we occasionally may send you direct mail about products or services that we believe may be of interest to you. We use your financial information (e.g., your credit card number) only to verify your credit and to bill you for products purchased on our Website. We also use your contact information as necessary to send you the products that you have purchased on our Website. When you enter any contests or promotions sponsored by us or by one of our business partners, we may use your e-mail address to send you status updates. We use your IP address to help diagnose problems with our server and to administer the services offered on our Website. We also use your IP address to help identify you and to gather broad demographic information that we may share with our business partners, but only in the aggregate without any of your personally identifiable information. We may research the demographics, interests and behavior of our customers based on the information provided to us upon registration, during promotions and contests, from our server log files, from cookies and from surveys. Our research may be compiled and analyzed on an aggregate basis. We may share this aggregate data with business partners, but only in the aggregate, without any of your personally identifiable information.
PRIVACY POLICIES OF Next Right Thing's PARTNERS
DO WE SELL OR RENT YOUR PERSONALLY IDENTIFIABLE INFORMATION?
No, as a general rule, we do not sell or rent your personally identifiable information to any one. If and whenever we intend to share your personally identifiable information with a third party (other than to a business partner as provided herein), you will be notified at the time of data collection or transfer, and you will have the option of not permitting the transfer. However, we may from time to time rent or sell demographic information in the aggregate that does not contain your personally identifiable information.
WITH WHOM DO WE SHARE INFORMATION?
We generally will not disclose any of your personally identifiable information except when we have your permission to do so or under some special circumstances described below.
As noted previously, we may from time to time partner with other companies to offer co-branded services as well as sweepstakes, contests and promotions. Any information that you provide in connection with the co-branded services or any jointly sponsored sweepstakes, contests or promotions will become the joint property of Next Right Thing and its business partners. We may also disclose other personal information about you to our business partners, but only if we have obtained your permission to make the disclosure before data collection or before transferring the data. We may, from time to time, offer you the opportunity to receive materials or special offers from third parties. If you want to receive this information, we may (but only with your permission) share your name and e-mail address with them. Under confidentiality agreements, we may match user information with third party data. We also may disclose aggregate demographic and/or user information and statistics in order to describe our customer base to prospective partners and other third parties, and for other lawful purposes. We may disclose your personally identifiable information without your prior permission in special cases. For example, we may have reason to believe that disclosing the information is necessary to identify, contact or bring legal action against someone who may be violating the User Terms and Conditions, or may be causing intentional or unintentional injury or interference to the rights or property of Next Right Thing or any third party, including other customers. Also, we may disclose or access your personally identifiable information when we believe in good faith that law or regulation requires disclosure.
DO YOU HAVE CHOICES ABOUT COOKIES?
Yes, you have several choices with respect to cookies. You can modify your browser preferences to accept all cookies, to notify you when a cookie is set, or to reject all cookies. However, if you choose to reject all cookies, you may not be able to participate in promotions, or purchase any products or services, offered by us if registration is a requirement of participation or purchase.
HOW CAN YOU UPDATE, CORRECT OR DELETE YOUR PERSONALLY IDENTIFIABLE INFORMATION?
You may edit your personally identifiable information and your password at any time by sending an e-mail to support@NextRightThing.org and describing the changes to be made.
HOW DO WE PROTECT THE SECURITY AND QUALITY OF YOUR PERSONAL INFORMATION POSTED TO OUR WebsiteS?
We have also taken steps to help protect the integrity of your personal financial information when you complete a purchase transaction on our Website. Specifically, we use VeriSign and Secure Sockets Layer (SSL) software to facilitate confidential online business transactions. VeriSign and SSL help prevent your credit card number, name, address and telephone number from being read by unauthorized persons as this information is transmitted over the Internet. Also, we transfer your personal information to our secure server as soon as we receive your order.
WHAT ELSE SHOULD YOU KNOW ABOUT YOUR ONLINE PRIVACY?
If you have any questions or comments about this Privacy Statement or the practices of our Website, please feel free to e-mail us atsupport@NextRightThing.org.
(Last modified August 2012)