Atlanta Community Support Project

Privacy Policy


Welcome to the Atlanta Community Support Project (“ACSP”) privacy policy. ACSP respects your privacy and is committed to protecting your personal data.


1.  Intro


This privacy policy tells you how ACSP uses personal data when you visit the ACSP website, atlcommunitysupport.org (“Site”), or interact with us. It applies regardless of where you are when you visit the Site, which state you live in, or how you interact with us (filling out forms, emailing us, attending events, interacting on social media, etc.).


It is important that you read this – and every privacy policy you encounter – carefully, along with any other privacy notices we make public or available to you, so that you are fully aware of how and why your data is being used.


2.  ACSP’s website and body of work


ACSP is classified as a 501(c)(3) nonprofit charity organization under federal law and as a Georgia Nonprofit Corporation under state law. Our address is 1445 Woodmont Ln. NW, Suite 442, Atlanta, Georgia 30318. Our mission is to resource those of us impacted by poverty and incarceration by disseminating toolkits, research data, and resources that help us all better advocate for ourselves and each other. We also resource other nonprofits, organizing leaders, policy leaders, public defenders and pro bono attorneys working towards decarceration and racial justice alongside us and in our communities. This Site is intended for informational and public education purposes. ACSP does not provide direct services, is not a law firm, and does not give legal advice. This Site is not intended for or directed toward children and we do not knowingly collect, maintain, or process any data relating to children.


3.  ACSP’s stance on data privacy protection


ACSP does not have a designated data controller on staff, nor do we contract out the role of data controller or privacy officer. Instead, we are a very small team that is largely exempt from data privacy laws in the U.S. We operate in the State of Georgia, which is one of the few which does not have a comprehensive data protection law. Our founding director oversees the creation and maintenance of all of our data privacy practices, and ensures compliance with the data protection standards we, ourselves, set forth by ACSP’s Bylaws and other governing documents. Our values and these written standards require us to aim for higher levels of data safety than U.S. laws and regulations require, especially of nonprofits. ACSP strives to take a global-minded, best practices approach when it comes to technology and data. To that end, our principles and procedures are mostly derived from those laid out in the General Data Protection Regulation (GDPR).


ACSP acknowledges that people affected by poverty and criminalization are more susceptible to digital coercion, predatory data-mining, and identity theft, and that these corrupt practices have routinely furthered financial exploitation, poverty, and social stigma within our community. It is our goal to be a leader in data privacy best practices in the nonprofit sector, and especially where work is being led and carried out by directly-impacted leaders.


4.  Data we do/don’t collect

 

We collect certain types of information about our Site visitors and community members, and refrain from collecting others. This personal data falls into these categories:


Contact Data. This includes your name, email address, phone number, name or your organization, employer, or other groups with which you are affiliated, title, social media handles, and any other information you voluntarily give us. This includes data you provide to ACSP voluntarily through our ‘Connect with us’ form. This is an embedded Google Form, and the data you input and submit is written directly to a Google Sheet, housed in a protected folder on the ACSP Google Workspace drive. This data is then transferred to a contact Pipeline in Streak, also housed securely in a Gmail account in the ACSP Google Workspace.


Technical data. This is your internet protocol (IP) address, operating system and type of device(s) you use to access our Site, type and version of your web browser, time zone setting, time zone location, and any other bits of data collected by Google Analytics that ACSP has access to.


Financial Data. ACSP uses Donorbox, PayPal, and Venmo to process tax-deductible donations, and Melio to process contractor payments and reimbursements. All online donations, payments, and reimbursements from us are made in accordance with Payment Card Industry (PCI) data security standards (which are pretty high) and your billing and account information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Your credit card and financial account details are sent directly from your browser to these processors; ACSP never sees your financial or billing info. All of the tokens that PayPal requires to process donations from our Site are managed by Donorbox, and the Donorbox ‘form’ you see on our Site is, in fact, an embedded frame.


Invoice and Reimbursement Data. This includes any info you send to us using one of our custom Jotforms in order to invoice us for work performed as a contractor or request a reimbursement for costs associated with your work (paid or volunteer) with ACSP.


Usage Data. This is any technical info about how you use the Site, which might include your getting to the Site by clicking on an external link, your length of visit, page views, website navigation paths, timing, frequency and pattern of your Site use, and any other information about how you use or interact with our Site. Sometimes this is collected via cookies or tracking technologies. ACSP is actively working on implementing a high level of privacy configuration for session tracking, which mostly means we only want to utilize cookies which enable the Site to function effectively, but that we intend to offer Site visitors robust opt in/out choices in the near future.


Aggregate Data. ACSP has access to (via Google Analytics) aggregated data, such as statistical data and even demographics, in some cases. Aggregated Data may be derived from your personal data but, as long as it’s not combined with other data to identify you, it’s not considered personal data under U.S. law because it does not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to determine the percentage of users accessing the Site from Georgia.


Research Data. As part of ACSP’s various research initiatives, we collect and compile data from publicly available records and databases. It is completely lawful for us to do so, though we recognize the vulnerability of collecting the data of criminalized people (as mentioned above). To that end, we do everything we can to ensure even public record data is collected, processed, and stored in an ethical manner. This means making sure our researchers are CITI Certified in Human Subjects Research, even when not required to be. It means encrypting the servers and documents in which we store research data. It also means anonymizing data in a way that prevents anyone from ever associating it with a particular person. Because research data is used for statistical purposes indefinitely, all data is anonymized before any coding or sharing happens.


Special Data Categories. ACSP does not routinely collect any special categories of personal data about its Site visitors or members. Special data categories include data that reveals racial or ethnic origin, age or gender identity, political opinions, religious or philosophical beliefs, union membership, genetic or biometric data, health data or data concerning your sex life or sexual orientation, HIV status, info about arrest or criminal conviction history or carceral status. If we obtain or maintain any special data about you, it is because you voluntarily communicated that data to us.


Marketing. At this time, ACSP does not send any direct marketing or utilize any third-party marketing services (such as ConstantContact or Mailchimp) — at all! We use Streak, a CRM tool integrated with Gmail, in order to effectively organize our member lists and get information out to the right people at the right time. Every email you receive from us comes directly from an ACSP email account to one email account, yours. That’s why our emails don’t go to your spam or promotions folders, like other organizations’ do.


If we change our minds about not using direct marketing, if we choose to implement other data collection practices, or change the way we do any of the aforementioned things, those decisions will always be transparently updated, in a timely manner, for you in this privacy policy.


If you choose not to share certain personal data with us, or refuse certain contact permissions, forms might not work correctly and we may not be able to interact with you smoothly, as intended. But refusing to share personal data is a right and ACSP respects that.


5.  How we collect your data


There are different ways ACSP collects data, which include but are not limited to:


        • you connecting with us by filling out the form on our Site, writing to us (email or physical mail), or calling, whether it be to make an inquiry or request for resources or to ask to be added to our member or mailing list(s);
        • donating to ACSP;
        • reaching out or donating from or on behalf of a partner or sister organization;
        • engaging with us at an event;
        • engaging with us on social media;
        • doing contract work with us or seeking reimbursement for costs associated with your paid or volunteer work with ACSP;
        • submitting an attorney review;
        • interacting with our Site in any way;
        • clicking on a link to our Site from another website;
        • us reaching out to your company, agency, or organization and you responding;
        • us researching convictions in Atlanta Municipal Court, state and superior courts throughout Georgia;
        • researching people serving disproportionate sentences in Georgia;
        • you participating in one of our surveys,
        • showing up to a Community Call; or
        • you otherwise contacting us (including by mail, phone, email, or via a form on our Site, a form emailed to our networks, or listed in any of our resource materials, via live chat or social media, publicly or in a direct message).


    When you communicate with us online, certain third party vendors ultimately have access to some or all of these communications and data related to them. These include but may not be limited to Google, APlus, Squarespace, Donorbox, Twitter or X, Instagram, LinkedIn). Because we are not a law firm and do not have attorneys on staff, no communication with ACSP is considered privileged.


    We may receive personal data about you from various lawful sources, including: Contact Data from other individuals, listservs you were voluntarily added to based on a personal or professional affiliation, public databases or records, those who submit attorney reviews, organizations, data partners, or providers of technical, payment and fraud prevention and delivery services; Technical Data and/or Usage Data from analytics (such as Google) and search information providers; and data from any third parties who are permitted by law or have your permission to share your personal data with us, such as social media platforms like LinkedIn, Twitter or X, and Instagram.


    6.  How we use your data

     

    We will only use your personal data when the law allows it, and when we think it’s ethically okay for us to do so. This means only using your data in ways that advance ACSP’s mission, and never using it in ways that go against our values.


    Most commonly, we will use your personal data:


          • for research purposes, base-building, and to connect you with resources, services, and vital information;
          • to connect you with directly-impacted people, legal partners and/or allies we trust;
          • to enter into partnerships, MOUs, work contracts, or to process donations (also contracts);
          • where doing so is necessary to achieve our mutual interests, your best interests, or so that you can exercise your fundamental rights; or
          • in order to comply with ACSP’s funding obligations, legal or regulatory obligations (for example, maintaining anonymous Aggregate Data or complying with internal governance recordkeeping requirements).


      Generally, we do not rely on express consent as a legal basis for processing your personal data, other than where the law requires it. Where our legal basis is express consent, you retain the right to withdraw it any time.


      We will only use your personal data for the purposes for which we collected it, unless we reasonably need to use it for another reason that is (a) compatible with the mission of ACSP and (b) within the general scope of the original purpose. We may process your personal data for multiple lawful grounds, providing that this provision is met. Third parties aside, ACSP does not carry out any automated decision making when it comes to your data.


      If you ever have questions about this, or wish to withdraw your consent in us using/processing your data, you can write to External link opens in new tab or windowinfo@atlcommunitysupport.org.


      7.  Advertising and marketing


      We may use your Contact Data, Technical, and/or Usage Data in order to get a better sense of how you fit into the ACSP community and what you might need, or what aspects of our work may be of particular interest to you, and reach out to you based on how we use this data. Traditionally, this is marketing, even though ACSP is not a for-profit business and does not engage in any forms of direct marketing.


      We may send you communications related to a specific issue if you have previously requested information about that issue from us. Though we hope these practices benefit members of our community, you have a right at any time to change your mind and ask us to stop reaching out to you. If you want to see and/or update the Contact Data that we have on file for you, you can simply write to External link opens in new tab or windowinfo@atlcommunitysupport.org and request it.


      ACSP reserves the right to improve our reach, base-building, and mobilization practices by using analytics to target those who might benefit from joining our community, though we do NOT do so currently. When and if we ever do, that may involve using Technical Data or Usage Data from cookies and similar technologies to help us to deliver website and social advertising.


      8.  Cookies & pixels


      Cookies are a background tool that many companies and organizations with an online presence use to improve the performance of their websites for individual users. More often than not, especially in the U.S., cookies are used for targeted advertising.


      There are different types of cookies, generally speaking:


      Required cookies are those needed for a website to work properly. They help site visitors move around and access appropriate features, services, products (for for-profit companies). They make it easy for users to log in and move from page to page, and keep track of search histories and carts, on websites that sell things.


      Functional cookies allow companies and organizations to collect info about the way visitors use their websites, helping them improve performance. These cookies allow some websites to remember users’ choices and provide more personalized suggestions.


      Advertising cookies are used by websites’ marketing and advertising partners to deliver you ads relevant to your interests. They are usually placed by advertising companies with the website owners’ permission. These cookies remember if you have visited a website, and that info is passed along to other organizations, such as direct marketers and advertisers.


      Though ACSP does not itself employ the use of cookies, it’s still possible for your browser/device to be sent cookies from third parties whose embedded content is on our site, such as Donorbox our social media links. Please understand that we have no control over these cookies, operated and maintained by third parties, and that you will have to check their respective websites for info about how to manage the cookies they may use on the ACSP Site.


      Links to the cookie policies of third parties utilized by our Site: External link opens in new tab or windowDonorbox, External link opens in new tab or windowGoogle, External link opens in new tab or windowInstagram, External link opens in new tab or windowLinkedIn, External link opens in new tab or windowTwitter or X.


      Because we use Streak, ACSP emails often contain pixels. Pixels are used to tell the subscriber whether and how many times their emails were opened. This is so that we can determine which of our emails are engaging to our community members. Deleting pixels is as simple as you deleting the email. If you do not want any pixels from Streak to ever be downloaded to your device (from us or any other organization), you should select to receive emails in plain text instead of HTML.


      9.  Disclosures of your data


      ACSP will never share your data with entities in the business of, or which benefit in any way from the sharing, sell, or transfer of private or personal data.


      Every member of the ACSP team — whether working as a staffer, contractor, volunteer, or partner — is required to sign and adhere to strict confidentiality agreements that cover access to any and all of your personal data.


      ACSP may share your personal data in very limited situations, for the purposes set out in this privacy policy and/or the law. These disclosure may include but are not limited to sharing data with:


            • service providers, i.e. technology providers, payment processing, fraud prevention providers, USPS or other mailing services;
            • legal partners who wish to offer you services free of charge;
            • policy partners and funders, who will only have access to Aggregate Data and never your personal data;
            • auditors; and
            • legal entities which compel the disclosure via warrant or subpoena.*


        *In these situations, understand that ACSP will do everything possible to resist disclosure and will always err on the side of protecting the personal data of our community members, utilizing all lawful means to fight any disclosure decisions.


        By maintaining and operating this public Site, ACSP also inadvertently shares Technical Data and Usage Data with third parties connected to advertising, retargeting and analytics, such as Google Analytics.


         10.  Data protection


        ACSP has put into place digital security measures and data privacy protection practices most nonprofits never do. We believe these measures and practices will prevent your personal data from being exposed, altered, disclosed, used, or accessed in an unethical way. In addition to training, having continued conversations, and requiring strict confidentiality compliance of all ACSP team members, we also limit access to your personal data to a purely need-to-know basis. Anyone accessing or processing your personal data will only be allowed to do so based upon our explicit instructions.


         11.  Third-party links


        Our Site includes links to third party websites, applications, and platforms. By clicking on those links, you are enabling third parties to collect and/or share your data in ways ACSP may not agree with. We are not responsible for their privacy practices. When you leave the ACSP Site, we challenge you to read the privacy policies of some of the websites you visit. It’s your data and you have the right to protect it.


        12.  Data retention


        We only keep data for as long as necessary to fulfill the purposes for which we collected and stored it in the first place. By law we have to maintain certain data, especially that of our donors, partners, and contractors, for a certain period of years. This is mainly for tax purposes, but sometimes for internal governance purposes.


        13.  Legal rights


        Rights relating to your data are dependent on where you live. As of 2024, only 13 states have comprehensive data protection laws. Most states have statutory loopholes (in various Code sections) that put the personal data of criminalized people more at risk than others.


        In the U.S., there are several federal laws and regulations intended to protect personal data in different ways. Most of these do not apply to ACSP or to how you will interact with our Site. But in keeping with our mission of providing community members with resources that help you better advocate, we’re listing them all here. They include: Health Insurance Portability and Accountability Act (HIPAA), 45 CFR Parts 160, 162, and 164; Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. §§ 6801-6809; Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501-6506, 16 CFR Part 312; Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq.; Federal Trade Commission Act (FTC Act), 15 U.S.C. §§ 41-58; Electronic Communications Privacy Act (ECPA), 18 U.S.C. §§ 2510-2523, 2701-2712, 3121-3127; Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030; Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, 34 CFR Part 99; Privacy Act of 1974, 5 U.S.C. § 552a; Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), 15 U.S.C. §§ 7701-7713, 16 CFR Part 316; Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, 47 CFR § 64.1200; Driver's Privacy Protection Act (DPPA), 18 U.S.C. §§ 2721-2725; Genetic Information Nondiscrimination Act (GINA), 42 U.S.C. § 2000ff et seq.; Financial Privacy Rule under the Dodd-Frank Act.


        Again, data rights are subject to certain rules, exceptions, and limitations about how and when they can be exercised, and they depend on where you reside. For instance, you may have some or all of these rights:


              • The right to be informed about how your personal data is used;
              • The right to access your data, or make a ‘data subject access request’ for a copy of the personal data a website or entity holds about you;
              • The right to make an entity correct personal data about you that may be incomplete or wrong;
              • The right to erasure, or the ‘right to be forgotten,’ allows you to ask an entity to delete the personal data they have about you;
              • The right to restrict the processing of your personal data;
              • The right to data portability, or to ask an entity for a copy of your personal data in a common format (like a .csv file);
              • The right to object to an entity processing your personal data;
              • The right to know more about an entity’s automated decision making and profiling practices; and
              • Rights regarding the sale or sharing of your personal data.


          Regardless of whether or not you legally have these rights, ACSP strives to meet a higher bar in terms of data privacy, and so we aim to respond to any requests made regarding your personal data within one (1) month’s time of receiving it via email at External link opens in new tab or windowinfo@atlcommunitysupport.org or via mail at our physical address, 1445 Woodmont Ln NW, Atlanta, Georgia 30318.

           

          14.  Data accuracy


          Unlike private companies and other entities, ACSP maintains data about our community members in order to better serve you. It is important that the data we hold about you is accurate and current. We encourage everyone who visits this Site to keep us informed if your personal data changes. You can do this by filling out the Connect Form or by writing to us at External link opens in new tab or windowinfo@atlcommunitysupport.org.


          15.  Changes to this policy


          ACSP makes it a priority to keep this privacy policy updated as best as we possibly can.


          This privacy policy was last updated on July 27, 2024.