Skip to content
NYC Quakers

Privacy Policy

Here's our current draft of our privacy policy for comments.

Privacy Policy

The New York Quarterly Meeting of the Religious Society of Friends (NYC Quakers)

Introduction

NYC Quakers is committed to upholding high standards of data privacy and protection. Our approach to data privacy is rooted in Quaker values of simplicity, integrity, and respect for the individual. We strive to handle all personal data with care, ensuring it is used transparently and responsibly to benefit our community.

Key Principles

Simplicity and Transparency

  • We collect only the data that is necessary to fulfill our organizational purposes.
  • We use clear and straightforward language to explain our data practices.
  • We are open about how we use and share personal data.

Integrity and Stewardship

  • We handle personal data with respect and responsibility.
  • We implement security measures to protect personal data from unauthorized access, alteration, or loss.
  • We regularly review our data practices to ensure they align with our values and legal obligations.

Respect for the Individual

  • We honor the privacy rights of individuals, including the rights to access, correct, and delete personal data.
  • We use personal data only for purposes that benefit the individual and our community.
  • We seek explicit consent from individuals before using their data in new ways.
     

Data Collection and Use

Types of Data We Collect

  • Contact Information: Names, addresses, phone numbers, email addresses
     
  • Membership Data: Membership dates, transfer records, committee participation and roles
     
  • Financial Information: Donation records, payment details
     
  • Communication Preferences: Newsletter subscriptions, preferred contact methods
     
  • Interests and Involvement: Activity preferences, areas of interest
     
  • Community Documentation: Photos and recordings from events
     
  • Biographical Data: Dates of birth and death, names of children (if applicable)
     

Retention Periods

  • Membership records: Permanent (part of historical record)
     
  • Financial records: 7 years (required by law)
     
  • Communications preferences: Retained until updated or withdrawn
     
  • Community documentation and photos: 5 years, or in perpetuity for archival or educational use (see note on rights below)

Purpose Limitation

We use personal data only for:

  • Community communications and support
  • Membership administration
  • Financial recordkeeping
  • Historical documentation
  • Outreach and engagement (e.g., website, newsletters, social media)

Photography and Media at Events

We regularly document our events through photography and video, which may be used in newsletters, social media, printed materials, and our website.

  • Notice will be provided at events where photography or recording is planned (via signage, programs, or verbal announcement).
     
  • Consent for Minors: We require consent from parents or guardians before publishing identifiable images of children.
     
  • Opt-Outs: We make reasonable efforts to accommodate individuals who do not wish to be photographed.
     
  • Removal Requests: Individuals may request that specific photos of themselves or their children be removed from our channels.
     
  • Archival Use: For materials used in historical or educational contexts, removal may be limited by feasibility and preservation needs. We strive to balance individual privacy with archival integrity.

Data Sharing

  • We do not sell or rent personal data to third parties.
     
  • We may share data with trusted service providers who support our operations (e.g., email delivery platforms, accounting software, website hosts).
     
  • These partners operate under confidentiality agreements and are required to maintain similar privacy and security standards.
     
  • If any partners are located outside the U.S., we ensure they meet appropriate legal safeguards for data transfers.
     

Individual Rights and Response Times

Right / Timeframes 

Access

Within 45 business days

Correction

Within 30 business days

Deletion

Within 45 business days

Consent Withdrawal

Within 15 business days

Data Portability*

Within 45 business days

*Upon request and where applicable, we may provide personal data in a machine-readable format.

Security Measures

Technical Controls

  • Industry-standard encryption (in transit and at rest)
     
  • Password protection and access logging
     
  • Regular updates and patching
     
  • Secure, encrypted backups
     

Administrative Controls

  • Access limited to authorized personnel
     
  • Semi-annual access reviews
     
  • Secure disposal of paper records
     
  • On-site physical security

Incident Response and Breach Notification

Legal Framework

We comply with data breach laws, including:

  • New York SHIELD Act: Notification required “without unreasonable delay,” and no later than 60 days
     
  • Other applicable federal and state regulations

Breach Response Timeline Goals 

Phase

Timeframe

Initial Documentation

Within 15 business days of discovery

Assessment

Within 30 business days

Notification (if needed)

Within 60 days of discovery

Investigation/Resolution

Within 90 days

Notification Process

  • Assessed based on: data types, access scope, risk of harm, and legal thresholds
     
  • Notices will include:
     
    • What happened
    • Data involved
    • Actions individuals can take
    • What we’re doing in response
    • Contact info for questions

Small Team Management Approach

  • Backup privacy coordinator identified
  • Pre-drafted notification templates
  • Emergency contact list maintained
  • Emergency budget reserved for expert assistance
  • Checklist-based response guides in place

Implementation and Training

  • Training: Annual privacy and security training for staff and volunteers
  • Audit & Review: Annual privacy audit and biannual security check
  • Documentation:
     
    • Consent records: 7 years
    • Training logs: 3 years
    • Processing activity logs: Updated semi-annually
    • Breach documentation: 7 years
       

Data Benefits and Risk Review

  • All data use is assessed for benefit to individuals and community
  • We avoid data uses that compromise individual welfare or community trust
  • Regular reviews ensure alignment with Quaker values

Compliance & Jurisdiction

We comply with all applicable data protection laws and regulations, including the New York SHIELD Act.

This policy is governed by the laws of the State of New York.

We regularly update our privacy practices to address emerging legal and ethical challenges.

Contact Information

For questions, concerns, or privacy requests, please contact:

Sarah Way

Director of Communications

New York Quarterly Meeting of the Religious Society of Friends

📧 friends@nycquakers.org

Inquiry Type

Response Time

General Inquiries

Within 21 business days

Urgent Privacy Concerns

Within 14 business days

Rights Requests

See Individual Rights above