Privacy Statement

R.O.S.E. Resources/Outreach to Safeguard the Elderly (“R.O.S.E.,” “us,” “we” or “our”) created this
Privacy Statement to ensure the confidence of visitors (“you” or “your”) to roseadvocacy.org (the
“Site”) and to demonstrate our commitment to fair information practices and the protection of
privacy. This privacy statement has been compiled to better serve those who are concerned with how
their personally identifiable information (“Personal Information”) is being used online. Please
read our privacy statement carefully to get a clear understanding of how we collect, use, protect
or otherwise handle your Personal Information through the Site.
This Statement applies to information we collect:
• On the Site; and
• From email, text, and other electronic messages between you and the Site. The Statement does not
apply to information collected by:
• Qgiv on our donation page, which is governed by Qgiv’s privacy policy located here:
https://www.qgiv.com/privacy-policy;
• R.O.S.E. from you offline or through any other means, including on any other website operated by
us; or
• Any third party, including through any application or content (including advertising) that may
link to or be accessible from the Site.
Please read this Statement carefully to understand our policies and practices regarding your
information and how we will treat it. If you do not agree with our policies and practices, your
choice is not to use the Site. By accessing or using the Site, you agree to this Privacy Statement.
This Statement may change from time to time. Your continued use the Site after we make changes is
deemed to be acceptance of those changes, so please check this Statement periodically for updates.
1. Categories of Personal Information That We Collect.
Personal Information is data that can be used to identify or contact a single person. We collect
information that identifies, relates to, describes, references, is capable of being associated
with, or could reasonably be linked, directly or indirectly, with a particular consumer or device
(“Personal Information”). In particular, we have (or have not as indicated) collected the following
categories of personal information from individuals within the last twelve months, or anticipate
collecting this type of information in the next twelve months:

Category Examples Collected
(Yes or No)

A. Identifiers.

B. Personal information categories listed in the California Customer Records statute (Cal. Civ.
Code
§ 1798.80(e)).

C. Protected classification characteristics under state or federal law.

D. Commercial information.

E. Biometric information.

F. Internet or other similar network activity.
G. Geolocation data.
H. Sensory data.
I. Professional or

A real name, online identifier, Internet Protocol address, email address.
A signature, Social Security number, physical characteristics or description, address, telephone
number, passport number, driver’s license or state identification card number, insurance policy
number, education, employment, employment history, bank account number, credit card number, debit
card number, or any other financial information, medical information, or health insurance
information.
(Some personal information included in this category may overlap with other categories).
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed,
marital status, medical condition, physical or mental disability, sex (including gender, gender
identity, gender expression, pregnancy or childbirth and related medical conditions), sexual
orientation, veteran or military status, genetic information (including familial genetic
information).
Records of personal property, products or services purchased, obtained, or considered, or other
purchasing or consuming histories or tendencies.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to
extract a template or other identifier or identifying information, such as, fingerprints,
faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and
sleep, health, or exercise data.
Browsing history, search history, information on a consumer's interaction with a website,
application, or advertisement.

Physical location or movements.

Audio, electronic, visual, thermal, olfactory, or similar information.
Current or past job history or performance evaluations.

Yes Yes

Yes

No No No

22399-22399-00001\\MCS\\MCS\\5194639.1

employment- related information.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C.
Section 1232g, 34 C.F.R. Part
99)).
K. Inferences drawn from other personal information.

Education records directly related to a student No maintained by an educational institution
or party
acting on its behalf, such as grades, transcripts, class lists, student schedules, student
identification codes, student financial information, or student disciplinary records.

Profile reflecting a person's preferences, No characteristics, psychological trends,
predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

More specifically, we collect the following types of information from you from the Site:
(1) Contact Data which includes your name, address, telephone number, payment information, and
email addresses;
(2) Online Tracking information, which is described below; and
(3) Your browsing history when logged into our website.

2. How We Collect Personal Information From You.

You directly provide us with most of the data that we collect from you. We collect Personal
Information from you when you enter information on our donation page, which is powered by and
governed by Qgiv. We collect data when you:

(1) Make a donation; and
(2) Use or view the Site (see Section 3, below).

3. Other Data We Collect, And How We Collect It.

In addition to Personal Information, we may collect information about your internet connection, the
equipment you use to access the Site, and details about your usage of the Site, including your
browsing patterns. This information is collected using automatic data collection technologies and
may also include:

22399-22399-00001\\MCS\\MCS\\5194639.1

• Details of your visits to the Site, including traffic data, location data, and other
communication data and the resources that you access and use on the Site.
• Information about your computer and internet connection, including your IP address, operating
system, and browser type.
We will retain and evaluate information on your recent visits to our website and how you move
around different sections of our Site for analytics purposes to understand how people use our Site
so that we can make it more intuitive. We will also keep a record of the articles on our Site that
you have clicked on and use that information to target advertising on this Site to you that is
relevant to your interests, which we have identified based on articles you have read.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your
computer. You may refuse to accept browser cookies by activating the appropriate setting on your
browser. However, if you select this setting you may be unable to access certain parts of the Site.
Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue
cookies when you direct your browser to the Site.
• Flash Cookies. Certain features of the Site may use local stored objects (or Flash cookies) to
collect and store information about your preferences and navigation to, from, and on the Site.
Flash cookies are not managed by the same browser settings as are used for browser cookies. For
information about managing your privacy and security settings for Flash cookies, see Choices About
How We Use and Disclose Your Information.
• Web Beacons. Pages of our Site, and our e-mails, may contain small electronic files known as web
beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Us, for
example, to count users who have visited those pages or opened an email and for other related
website statistics (for example, recording the popularity of certain website content and verifying
system and server integrity).
4. Use Of Cookies

a. What Types of Cookies We Use
Cookies are different depending on each site that you access. Generally speaking, a cookie is
information that is stored on your computer or mobile device by the Site.

For the purpose of our Site, we use the following types of cookies:

Cookie Name Purpose Duration Cookie Type
_ga Google Analytics Two years Essential

22399-22399-00001\\MCS\\MCS\\5194639.1

_gat_gtag_UA_213072087_1

Google Analytics

Session

Essential

_gid

Indexing cookie

24 hours

Essential

Third party applications on the Site, and specifically Qgiv, may use additional cookies.

b. How You Can Manage Your Cookies

Depending on which browser you are using will dictate how to manage your cookies. All standard
browsers will allow you to elect to not accept cookies. If you make such a setting within your
browser, there is a chance that our Site will not work or will not work as efficiently as it would
if you allowed cookies.

5. How We Store Your Data.
Entries on the donations page of the Site are made through Qgiv. The information you provide on the
donation page is governed by Qgiv’s privacy policy located here:
https://www.qgiv.com/privacy-policy. Qgiv provides us with your name, address, telephone number,
email address, type of payment method used and the last two digits of the payment method you use.
We temporarily store that data on the cloud through Microsoft’s email service and on our local
computers in Phoenix, Arizona.

We generally keep your Personal Information on our local computers indefinitely.

6. How We Use Your Data.

We use Contact Data to contact you if you opt in to be contacted. This may include sending you
periodic emails regarding topics related to our mission. We may also use your information for
internal purposes, such as auditing, data analysis, and research to improve our products, services,
and customer communications. With your specific consent, we may also use your information for any
other identified or stated purpose at the time of that consent.

7. Third Party Collection of Personally Identifiable Information.

We approve third parties to collect certain information from the Site for the purpose of
integrating those third-party tools with the Site. We utilize Google Analytics. We use Mailchimp to
manage email marketing subscriber lists, so Mailchimp receives your name and email address when you
submit that information to us. Consult those third party websites to learn about their privacy
policies.

22399-22399-00001\\MCS\\MCS\\5194639.1

8. Disclosure of Personal Information to Third Parties
We do not disclose your personal information to third parties. However, when you fill in your
personal information on our donation page, you are disclosing that information to Qgiv.

We may disclose your personal information:
• To comply with any court order, law, or legal process, including to respond to any government or
regulatory request.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety
of R.O.S.E., our customers, or others.

9. Data Protection Rights – EU residents only
This Section 9 of the Privacy Statement only applies to residents of the European Union whom are
identified as covered by the GDPR, including those persons identified at
https://gdpr.eu/companies-outside-of-europe/.

For EU residents, you have the right to be fully aware of all of options to protect your personal
data. Each EU resident who is also a user of the Site is entitled to the following:

a. The right to access – You have the right to request us for copies of your personal data. We may
charge you a fee for this service.
b. The right to rectification – You have the right to request that we correct any information that
we control that you believe is inaccurate. You also have the right to request us to complete the
information you believe is incomplete.
c. The right to erasure – You have the right to request that we erase your personal data that we
control, under certain conditions.
d. The right to restrict processing – You have the right to request that we restrict the processing
of your personal data that we control, under certain conditions.
e. The right to object to processing – You have the right to object to our processing of your
personal data, under certain conditions.
f. The right to data portability – You have the right to request that we transfer the data that we
have collected to another organization, or directly to you, under certain conditions.

We have one month from the date of your request to respond to it. Please make your request in
writing and send it to info@roseadvocacy.org.
10. Data Privacy Rights – NV, ME, CA, NY Residents Only
a. Access to Specific Information and Data Portability Rights

22399-22399-00001\\MCS\\MCS\\5194639.1

You have the right to request that we disclose certain information to you about our collection and
use of your personal information over the past 12 months. Once we receive and confirm your
verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data
portability request).
• If we sold or disclosed your personal information for a business purpose, two separate lists
disclosing:
o sales, identifying the personal information categories that each category of recipient purchased;
and
o disclosures for a business purpose, identifying the personal information categories that each
category of recipient obtained.

b. Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected
from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable
consumer request, we will delete (and direct our service providers to delete) your personal
information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service
provider(s) to:
• Complete the transaction for which we collected the personal information, provide a good or
service that you requested, take actions reasonably anticipated within the context of our ongoing
business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal
activity, or prosecute those responsible for such activities.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et.
seq.) (for California residents only).
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your
relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in
which you provided it.
c. Exercising Access, Data Portability, and Deletion Rights

22399-22399-00001\\MCS\\MCS\\5194639.1

To exercise your rights to access, data portability, and deletion of your personal information from
the Site, you must submit a verifiable consumer request to the Operator by emailing us at
info@roseadvocacy.org.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer
request related to your personal information. You may also make a verifiable consumer request on
behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a
12-month period. The verifiable consumer request must:
• Provide sufficient information that allows us to reasonably verify you are the person about whom
we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate,
and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your
identity or authority to make the request and confirm the personal information relates to you. We
will only use personal information provided in a verifiable consumer request to verify the
requestor’s identity or authority to make the request.

d. Response Timing and Format

We endeavor to respond to a verifiable consumer request within sixty days of its receipt. If we
require more time, we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer
request's receipt. The response we provide will also explain the reasons we cannot comply with a
request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is
excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we
will tell you why we made that decision and provide you with a cost estimate before completing your
request.

e. Non-Discrimination
We will not discriminate against you for exercising any of your California Consumer Privacy Act of
2018 (“CCPA”) rights.

f. Shine The Light Law (CA Residents only)

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the Site who are
California residents to request certain information regarding our disclosure

22399-22399-00001\\MCS\\MCS\\5194639.1

of personal information to third parties for their direct marketing purposes. To make such a
request, please send an email to info@roseadvocacy.org.

11. Data Security.

Secure Sockets Layer, or SSL, is an encryption technology that provides secure communications over
the Internet. It does this by verifying that the server to which you are connected is actually the
one it claims to be. It also encrypts all transactions between the parties communicating.
Encryption is the scrambling of information as it is transmitted over the Internet to protect your
confidentiality. Personal information passing between your computer and/or mobile device and many
of our services is encrypted. This means that while your information is in transit it is scrambled
so that only we can reassemble it in its original text format. The donations page of the Site has
HTTPS automatically enabled. All critical interfaces and functions (i.e. user authentication,
payment transactions (PCI data) and PII related processes are only accessible using at least TLS
v1.2. The Site has a multiple layer security architecture to help protect against 0-day security
issues. Firewalls and intrusion prevention systems are in place to prevent unauthorized access.

Unfortunately, transmission of information through the Internet cannot be completely secure.
Although we do our best to protect your personal information, we cannot guarantee the security of
your personal information transmitted to us through the Site. Any transmission of personal
information is at your own risk. We are not responsible for circumvention of any privacy settings
or security measures contained on the Site.

12. Other Limits to Your Privacy.

We may provide you with links to other websites and may approve other websites to obtain online
tracking information from the Site. We are not responsible for the privacy practices or the content
of such websites. When you utilize the Site, the information that you disclose, including in any
audio instructions, may become public information. We have no control over its use and you should
exercise caution when deciding to disclose your personal information.

13. CAN-SPAM Act.

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for
commercial messages, gives recipients the right to have emails stopped from being sent to them.

If at any time you would like to unsubscribe from receiving future emails, you can email us at
info@roseadvocacy.org and we will promptly remove you from ALL correspondence.

14. Updates and Changes to Privacy Statement.

22399-22399-00001\\MCS\\MCS\\5194639.1

22399-22399-00001\\MCS\\MCS\\5194639.1
We reserve the right to change, update or modify this Privacy Statement. We will post all privacy
changes and, if we have your contact information to do so, we will notify you of any material
change in our privacy practices. Any such change, update or modification will be effective
immediately upon notice. We will maintain prior versions of our Privacy Statement which will be
available for your review.

15. Contact Information
If you have any questions or comments about this notice, the ways in which
R.O.S.E. collects and uses your information described here, your choices and rights regarding such
use, or wish to exercise your rights under the law, please do not hesitate to contact us at:
Phone: 602-445-7673
Email: info@roseadvocacy.org

Postal Address: P.O. Box 50280
Phoenix, AZ 85076-0280

Data Protection Officer: Joyce Petrowski
Last updated: December 2, 2022