Privacy Policy

TTO considers that personally identifiable information should be regarded as a most sacred and essential secret of the Order, recognizing that in some circumstances the livelihood, and even safety, of members may be compromised if PII is exposed. PII shall not be gathered without explicit purpose and shall be stored securely at all times.

TTO considers that personally identifiable information should be regarded as a most sacred and essential secret of the Order, recognizing that in some circumstances the livelihood, and even safety, of members may be compromised if PII is exposed. PII shall not be gathered without explicit purpose and shall be stored securely at all times.

Security procedures for the storage of data gathered through forms is the purview of the Office of the Inspector General.

  • Name, and prior names
  • Address
  • Phone
  • Any financial information or government issued ID information
  • Any images of ID, maintained for any reason (e.g. model releases for photography at an annual convention)
  • Email/Social Media, etc. as given for contact purposes to the Order without the intention to disclose

PII does not include

  • Email/Social Media, etc. when solicited with the intent to disclose, e.g. offers to list name and email for business references or networking purposes.
  • TTO Name

 

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Each contact form specifies the reason for submitting the form, and who will receive it. 

Information from Contact forms is held by the Office of the Secretary General, and shared under policies established by the Office of the Inspector General, with other Offices and Officers within TTO on an “as needed” basis.  

Unless otherwise specified at the time of collection we do not share information with outside parties.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We do not currently enable Google Analytics on this website.  

Who we share your data with

We do not share information with other organizations without explicitly informing you.  

Currently serving Body Masters, while affiliates, have a specific relationship with TTO.  The Order may share information with them as if they are officers, on an “as needed” basis.  

How long do we retain your data?

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Form responses are preserved indefinitely.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

How Long do we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Data Breach Procedures

For TTO any breach of private information is a violation of the privacy of community members. Security incidents could arise in a myriad of contexts relating to paper documents and electronically-stored and transmitted information such as theft, misuse of data, and computer- or technology- based violations. They may result in disclosure of personal information, diminished intellectual property, a tarnished reputation in the community, loss of trust, reduction of economic resources and funding opportunities, the loss of volunteer or staff time in responding and reacting to the breaches, and legal sanctions.

TTO places a high priority on the security of its information. It is TTO’s intention to investigate and respond appropriately to each information breach, depending upon the level of potential consequential harm, and legal obligations, related to each particular situation.

  • All individuals and Offices within the TTO are responsible for reporting information breaches and upholding privacy policies and practices.
  • Any alleged breach is to be reported immediately to the Office of the Inspector General.
  • The Inspector General contacts the complainant for information and investigates.
  • If the Inspector General determines no actual breach of private information was made, the Office of the Inspector General documents this determination and the process ends.
  • If the Inspector General determines there was a breach of private information, the Office of the Inspector General works with affected indiviudal or Office to contain the breach. The Inspector General assesses extent and impact of event and also bring in other Offices or outside contractors or Security Consultants.
  • After containing the breach, the Inspector General confers with Office of the Secretary General, and if necessary TTO Legal Counsel to determine whether specific legal protections relate to the breached information and identify the relevant reporting obligations.
  • The Office of the Inspector General drafts standard notification letters to individuals affected by breach and sends letters per applicable legal requirements. The Secretary General presents the matter to the Executive Committee for ethical review to insure that in addition to meeting legal standards the high ethical standards of TTO have been met.
  • A breach incident is closed when the Office of the Inspector General drafts a Breach Report, an internal record which shall be presented to the Office of the Secretary General and the Executive Commitee. The report should contain, at minimum:
     – Date and time the breach was detected
     – Physical location, system, and university services involved in breach
    – Office or individual responsible for the system or service
     – Type and scope of data which was compromised
     – Brief overview of the vulnerability that contributed to the breach
     – Potential impact to individuals operations and resources
     – Summary of response activities

TTO attempts to instruct its affiliate Local Body masters in high standards of data security, however they are neither privacy specialists, lawyers, nor in most cases IT Security Specialists.

TTO is responsible only for the appropriate use of information specifically passed to Local Body Masters, by TTO, which would normally be considered private as part of the ongoing management processes of the organization.  Such disclosure is comparatively rare. 

While it attempts to promote the highest standards, TTO cannot be legally responsible for misuse of email or other contact information when you have given explicit consent, to share your contact information with Local Body Masters.

While it attempts to promote the highest standards, TTO suggests that you ask questions and use caution when presenting your personal information to Local Body Masters.  

If you have questions about the reason a Local Body Master needs your information, or are concerned that your information has been inappropriately used, contact the Office of the Inspector General through the links below immediately.