Privacy Policy
CONCORD PRIVACY POLICY
Last Updated on February 8, 2024
Your privacy is governed by this Privacy Policy as well as our organization-wide Privacy Statement.
This Privacy Policy is part of the Terms of Service ("Terms") for Concord, including Concord Deutsch, Concord Français, Concord Português, and Concord Español (the "Service"), a website and Internet-delivered software program owned and operated by The First Church of Christ, Scientist ("TFCCS"). By using the Service, you consent to the collection and usage of information as described in this Privacy Policy.
In this Privacy Policy, capitalized terms have the meanings given them in the Terms or in this Privacy Policy.
- "Your Data" means information, images, data, text, messages or other materials made available, collected, or stored by You as a user of the Service, other than Content, Registration Information, Customer Service Communications, or Log Information.
- "Personal Data" means any information that We possess that can be used to distinguish or trace the identity of a Service user.
Your privacy is important to Us. Therefore, We are committed to respecting Your privacy and the confidentiality of Your Data and Personal Data. This Privacy Policy is designed to assist You in understanding how We use and safeguard the information You provide in using the Service.
1. What information do We collect?
In order to provide You with access to the Service, We may gather and process some or all of the following information. Any of this collected information may include Personal Data.
Registration Information: any information provided when voluntarily registering for use of the Service, including, but not limited to, username, password, and email address.
Payment Information: any information provided when paying for subscriptions to the Service, in order to execute automatic payment transactions with Your credit card.
Your Data: any text, information, data, or other materials made available, collected, or stored in the Service by You as a user of the Service, other than Registration Information, Customer Service Communications, or Navigation and Analytics Information.
Customer Service Communications: any information that is reported to Us about the operation of the Service, including bug reports or requests for enhancements.
Audit Logs and Aggregate Data: The Service collects information that helps Us to provide You with a better and more reliable service. This information includes Audit Logs that record basic information about Your interactions with the Service. These Audit Logs include the following information:
- Timestamp of request
- Session ID (transitory)
- Email address
- Location — the URL of the location on the Service that is being accessed
- Action taken — this does not include the details of the action, just the nature of the action taken. For example: that a search was performed or a citation was added to a list. Specific details about what was searched or to which list the citation was added is not captured in these logs.
- Time action took to execute
- Error code
- IP address
- Browser data:
- User Agent
- URL
- Referer – what site You previously came from
- Type of browser
- Name of browser
- Family of browser
- Company — browser maker (i.e. Google, Apple, etc.)
- Operating System (OS)
- OS Family
- OS Company
Only if You opt in, We collect Aggregate Data through Performance Cookies, using a third-party analytics service to help us improve the Service. This data cannot be used to identify an individual user, and includes:
- Search terms, citations looked up, and which search results were clicked on
- Use of the dynamic table of contents and indexes
- If applicable, hymns played
- Citations added to a list, including list name
- Citations copied to clipboard
- Number of visits to each area of the site
- Timing information including login/logout timestamps, how long between actions taken, time per visit
- Cross-product information
- IP Address
- Geographical information
- Browser information
- Mobile device data including carrier, device, manufacturer
- Many others….
Again, We will not collect Aggregate Data (through Performance Cookies) unless You opt in.
2. How do We use this information and for what purpose?
We may use the information defined in this Privacy Policy to:
- Provide the Service and customer support.
- Verify Your account.
- Troubleshoot problems.
- Enforce Our Terms of Service or resolve disputes.
- Notify You about changes and updates to the Service.
- Customize, measure, and improve the Service content and layout only if You opt in to Aggregate Data collection (see section Audit Logs and Aggregate Data).
- Share with TFCCS and The Christian Science Publishing Society (CSPS), an activity of TFCCS:
- Summarized Aggregate Data, only if You opt in to Aggregate Data collection. We require TFCCS and CSPS departments and Our service providers to use Your Aggregate Data in accordance with this Privacy Policy.
- Personal Data, only if You opt in to Marketing from other Church products. This sharing may include Personal Data, and may be combined with data about Your other interactions with TFCCS and its service providers, including Your subscriptions, product purchases, website visits, or other communications.
- Where You expressly opt in to receiving Our messages, email You targeted marketing and promotional offers from the Office of the Publisher’s Agent (OPA), Mary Baker Eddy’s Writings, TFCCS, and CSPS. You may change Your preferences or unsubscribe from these email messages through the link provided in such communications.
We may also need to request specific information from You to help Us confirm Your identity and ensure Your right to access your Personal Data (or to exercise any of Your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
Additionally, We may use Your information as described below.
Registration Information
We ask for Registration Information in order to verify Your identity and to enable Your use of the Service.
We use Your email address as Your username for the Service which is required for You to store your lists and notes in the Service. We respect the privacy of personal e-mail accounts, and We will store Your e-mail address just as securely as Your other data and Personal Data. Your Registration Information will not be passed to unaffiliated third parties for their marketing purposes. We will use Your e-mail address to send You messages about:
- Issues with the Service or Your account
- News about the Service
- If You opt in, other products the Office of the Publisher’s Agent offers. You may opt-out of receiving promotional email messages from the Office of the Publisher’s Agent through the link provided in such communications.
- Any claims related to Your use of the Service, like violating the Terms or infringing third-party rights
Payment Information
For payment transactions, We use third-party banking organizations and other providers of payment services. These services will collect necessary payment processing information in order to process Your payments. You are providing the necessary payment processing information directly to such provider(s).
Your Data
Your Data, such as lists, notes, and search history stored in the Service, is treated as private information. We take the privacy of the data You store in the Service seriously. We have implemented a number of security, policy, and procedural protections to protect Your Data from unauthorized access. (You can read more about those protections here: Concord Security and Strong Password).
We will not access Your Data unless: a) if in the course of providing support to Your account, You explicitly grant Us permission to access Your account; b) We are required to by law; c) We need to review the contents of Your account in response to a legal action involving Your specific account. In these circumstances, We may be required to disclose and/or destroy any or all of Your Data from the Service. And We will destroy any copies of Your Data once those copies are no longer needed for the stated purpose.
In order to improve the quality of the Service, We invite subscribers to opt-in to data analytics or the use of Performance Cookies (see Cookie Settings). Data analytics is used by Us to make the Service easier to use. By analyzing feature usage We can identify areas of the Service that need improvement. The analytics are necessary for Us to gain this insight. However, if You opt-in, some of Your Data will be captured in Our analytics tool, but in a form that is highly summarized and not directly associated with a specific user. If You are concerned about Our analytics tool collecting and analyzing Your Data in this aggregate manner, please do not opt-in.
Although We treat Your Data as private, the Service should not be used by You to store regulated data, such as Your or another’s Personal Data, health information, or financial information, and You should not submit such data to the Service.
We strongly discourage Christian Science practitioners and nurses from storing patient information in the Service.
Customer Service Communications
Information, which is voluntarily submitted in the course of support or via feedback, is used for the purposes of reviewing this feedback and improving the Service. On occasion We may reach out to You to request using Your feedback in marketing the product on Our website or in other communications. We will not share Your feedback without Your permission, and You may request that We anonymize the feedback. Further, We may from time to time ask You to provide information on Your experiences, which will be used to measure and improve quality. You are at no time under any obligation to provide such information. Where You provide it, We may use Your contact information to communicate with You about Your feedback. Otherwise, We will not use Personal Data from Your feedback without Your explicit permission.
Audit Log and Aggregate Data
We use Audit Log data, which includes email addresses (account login information) to monitor the performance and successful operation of the Service. We may use Audit Logs to troubleshoot issues that arise with the Service; only a very small number of authorized users have access to the Audit Logs. Any Audit Log information We retain is kept in summary form for statistical purposes and it is not associated with individual users. You are not able to opt-out of the collection of Audit Log information.
We use Aggregate Data, collected through Performance Cookies and other browser technologies, to analyze how Our customers use the Service. This helps Us to improve the Service. This data is naturally much more detailed than Audit Log data, however We use it only in a summarized, aggregate form. For example, We may aggregate all users’ click data to calculate the percentage of users accessing a specific website feature. It is not Our policy to use Aggregate Data to identify users. However, if in the course of analyzing Aggregate Data We end up directly or indirectly identifying a user, We treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
List Sharing Function
Concord paid subscribers can use the "Send List" feature within a Concord list to create and send a "point in time" copy of that list to one or more recipients through email. Concord can email a list to up to 10 recipients, or the sender can generate a URL for the list, which can then be shared via text, apps, email, or websites. The shared list may include citations, links, notes, minimal formatting, but images will be automatically excluded from any list shared. If the sender makes further edits to a list they have previously shared, those edits will not automatically be shared with the recipient(s). The sender would need to re-share that updated list with the recipient(s). The recipient of the shared list is able to import the list into Concord Guest Access or their Concord account. Changing or modifying the imported list will not have any bearing on the sender’s original list.
The data you share with this function is created in a list independent of your account holding Your Data. Any data you have included in or as part of this shared list becomes viewable to anyone with whom you’ve shared it and, therefore, this copy of the data is not protected by the system as described above.
3. To whom do We disclose Your Personal Data?
We will not sell, rent, or trade to any third party Your Data or any of the Personal Data collected in Registration Data, Payment Data, Your Data, Customer Service Communications, Audit Logs and Aggregate Data.
We will only disclose Your Data or Personal Data:
- to Our service providers in order to provide You the Service, or
- as directed by You when you use the "Send List" feature within Concord to share a specific list, or
- to law enforcement or government authorities to satisfy any applicable law, regulation, legal process, or enforceable governmental request or in the event We need to respond to a legal action involving Your specific account.
In any of these circumstances, We may be required to disclose and/or destroy any or all of Your Data from the Service. And We will destroy any copies of Your Data once those copies are no longer needed for the stated purpose. Additionally, we require Our service providers to handle Your Data according to this Privacy Policy.
For subscription payments, Your credit card information is handled by a third-party payment processor. TFCCS does not have access to Your payment information. Our payment processors comply with all regulations regarding the handling of Your payment information.
Information collected by Us may be stored and processed in any country in which We and Our service providers maintain facilities. By using the Service, You consent to the transfer of information outside the country where You reside and/or from which You use the Service.
4. How do We protect Your Data and Personal Data?
We take reasonable administrative, technical, and physical security measures to protect against the unauthorized access, destruction, or alteration of Your Data and Personal Data, which will remain in the Service until You delete it or We decide to terminate the account per the Terms and this Privacy Policy. More details about the security measures We take with the Service are available here.
Although We encrypt Your Data and password and encrypt the traffic between Our servers and Your browser, You should be aware that Internet communications are not always secure. Please consider this as You enter Your Data into the Service.
Also, keep in mind that Our security measures may be rendered ineffective if You fail to maintain the confidentiality of Your username and password. By using the Service, You accept full responsibility for any harm resulting from Your failure to maintain such confidentiality.
5. How long is Your Data and Personal Data kept by Us?
We will retain Your information for as long as is necessary to:
- Provide the use of the Service
- Communicate with You regarding the Service or other services that We offer
- Comply with applicable laws, regulatory requests, and orders from competent authorities
- Enforce Our Terms
- Fulfill any of the other purposes detailed in this Privacy Policy
Registration Data
We store Your Registration Data for as long as You have an account with the Service. To remove Your Registration Data, along with Your Data, use the Delete Account function in the Service. Be aware that using the Delete Account function is permanent and Your Registration Data and Your Data cannot be recovered.
Payment Data
For subscription payments, We store Your Payment Data with Our service providers as long as You have an account with the Service.
Your Data
We will store Your Data as long as You have an active subscription or account to the Service. If you cancel your subscription or account, We will store Your Data for up to a full calendar year from the time You last accessed your account. If you do not log into your account for twelve months after cancellation, We may delete Your Data at our discretion without notice. At any time, You may delete Your Data by using the Delete Account function in the Service. Be aware that using the Delete Account function is permanent and your Registration Data and Your Data cannot be recovered.
Customer Service Communications
Your Customer Service Communications may be stored indefinitely by the Service or Our service providers.
Audit Logs and Aggregate Data
Audit Log data is deleted from the primary Concord server after 14 days. If needed, it may be recovered from backup for up to 90 days.
Aggregate Data is stored indefinitely by the Service or our service providers.
6. What are cookies and related electronic technologies, and how do We use them?
To find out how We use cookies, and to opt in to using Performance Cookies, please visit Our Cookie Policy.
In addition to cookies, the Service also uses local browser storage. This storage is used to keep track of reading position within the book text. This data allows a user to close their browser, open it later, and return to the exact same position in the book text.
- bookScrollPosition (segment) – scroll location within a book segment
- closestLineOrVerse – stores the closest line or verse in that segment
- currentCitation – stores the citation of the current selected text
- segmentNumber – stores the current segment number
- ucname – stores the encoded name of the book
We also may include web beacons in email messages or newsletters to determine whether You opened them. Web beacons allow Us to understand the time and date of when You have opened an email and when You have utilized a link within the email to visit a website. Our web beacons do not collect Personal Data. If You wish to disable web beacons, You should do so by turning images "off" in Your email client. Please see Your email client for more information.
As We adopt additional technology, We may also gather additional information through other methods. This Privacy Policy will be updated when we adopt technology that impacts Your privacy.
7. How far does Our responsibility extend?
This Privacy Policy applies solely to data collected by the Service. We do not exercise control over nor do We accept responsibility or liability for other users or websites. Other TFCCS and CSPS sites have their own Terms and Privacy Policies that may differ from those that govern the Service.
8. Users from outside the United States
This Service is hosted in the United States and is governed by United States law. If You are using the Service from outside the United States, please be aware that Your information may be transferred to, stored and processed in the United States where Our servers are located and Our databases are operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in Your country. By using the Service, You consent to Your information being transferred to Our facilities and to the facilities of those third parties with whom We share it as described in Our Privacy Policy.
9. Children
The Service does not knowingly collect Your Data and Personal Data from children under the age of 16 without parental consent. During registration We ask users whether they are under the age of 16. We request this information in order to comply with various international privacy and protection regulations. Users younger than 16 will be required to provide contact information for a parent or guardian and will not be granted access to the Service until the parent or guardian provides consent. To consent to the processing of children’s data, parents or guardians will be asked to: a) verify that they are a legal parent or guardian of the account holder; b) consent to the account holder’s use of the Service and the collection of the account holder’s Personal Data for registration purposes; c) consent (opt in) to having account holder data being included in Aggregate Data; d) consent (opt in) to receiving targeted marketing and promotional offers from OPA, TFCCS, or CSPS. Steps a) and b) are required in order to use the Service. Steps c) and d) are optional, though helpful to the Service. If the parent or guardian consents, the account holder will be granted access, and the Service will store the date of consent, the parent or guardian’s email address, the terms of consent, and the parent or guardian’s opt-in choices made regarding data collection. If it is learned that any of the above information has been collected without parental consent, that information will be deleted from the Service’s database as quickly as practical or the child’s parent or guardian will be contacted for consent. Parents or guardians may request the termination of their children’s registrations or subscriptions at any time.
We recommend minors ask a parent for permission before sending personal information over the Internet. We encourage parents to teach their children about safe Internet practices and to be involved in their children’s online activities.
If You are a parent and have questions about such information, email Us at concord@csps.com or call 617-450-2700.
10. California Do Not Track (DNT) Disclosure
The Service responds to DNT signals. DNT differs from cookies. For more information about DNT, go to https://allaboutdnt.com/. For information about cookies, please see the section above on "What are cookies and related electronic technologies, and how do We use them?"
11. No rights of third parties
This Privacy Policy does not create rights enforceable by third parties.
12. Can this Privacy Policy be modified?
We reserve the right to change this Privacy Policy at any time. If we make any material changes to the Privacy Policy, we will post the updated Privacy Policy here and notify you by e-mail or by means of a notice on the Service. Please check this page periodically for changes. Your continued use of the Service following the posting of changes to this Privacy Policy will mean you accept those changes.
13. What rights do You have and how can You contact Us?
If You would like to exercise Your right to view, correct, complete, or remove Your Personal Data, please contact Us at dataprotection@csps.com. Upon verification of Your identity, We will attempt to quickly fulfill Your request.