Privacy Policy

At Central Florida Community Arts, we are committed to respecting the privacy rights of our members, patrons and visitors.

And, for this reason, we’ve provided the following list of detailed policies, created to protect your personal information, including, but not limited to, name, address, telephone number, e-mail address, purchasing or contribution activity, and credit card information. CFCArts has adopted this Privacy Policy to inform users of the www.cfcarts.com website as to how their personal information is collected and stored.

This policy may change at any time. We encourage you to refer back to this page to see the policy in effect at the time of your use and, if you wish, change your user account preferences. By choosing to interact with CFCArts’ online site, you are agreeing to the terms of this policy.

COLLECTION OF INFORMATION

As you explore our website, we may ask you to register or provide personal information in order to make a purchase or contribution, participate in a program, or to subscribe to our newsletter. This information will be added to our database and used to fulfill your requests on the website. Your personal information will not be shared, sold, rented, or exchanged to any third-party unless as part of the sale of substantially all the assets of CFCArts. We may use your information to market our services to you through third-party representatives or contractors.

We collect anonymous statistical information when you access the website. This information allows us to locate errors and make the website more useful to our visitors. If demographic information is requested by certain site applications, it is optional. If you choose to share demographic information, it may be provided to third parties as aggregate information.

Provided mobile information (including phone numbers and SMS Data) will not be shared with third parties for marketing or promotional purposes under any circumstances. Personal Data will not be shared with third parties for marketing purposes, even with consent.

We do not transfer, share, sell, or otherwise disclose your personal information to any external organizations under any circumstances, even with your consent.

MAILING LISTS

If you choose to share your email address, CFCArts may contact you periodically with special offers, updated information and new services. Any emails sent to you by CFCArts will offer you the option to be removed from the email mailing list. Selected applications on our website may also allow you to subscribe to our newsletter by providing your name and address to CFCArts. If you provide your mailing address or telephone number, CFCArts, in addition to providing you with our newsletters, may also use this information to alert you to updated information and new services. If you wish to be removed from the mailing list, you may do so by contacting us directly or by unsubscribing at the bottom of an email. (See the ‘Contact Us’ section below).

SMS COMMUNICATIONS

By registering for SMS communications, you agree to receive informational and event-related messages from CFCArts. Message frequency may vary depending on your participation and preferences, but you can expect approximately less than 10 messages per month. Message and Data Rates may apply.

To opt out of SMS communications, reply STOP or UNSUBSCRIBE to any messages you received.

INFORMATION TO THIRD PARTIES

The CFCArts website may occasionally present a promotion that is sponsored by another entity. To make a purchase, we may ask you to provide personal information. If we plan to share that information with the venue, we will provide a statement to that effect.

THIRD PARTY ONLINE PLATFORMS

CFCArts may utilize third party platforms for communication and scheduling of events, including but not limited to email and texting services.  This is solely to facilitate our internal operations and communications with our members, patrons, parents and visitors. Information obtained by third parties is not retained by CFCArts, except for essential contact information such as phone numbers and email.  If you wish to be removed from communicating through these applications, you may do so by contacting us directly (See the ‘Contact Us’ section below.  We do not use these platforms to contact children (See ‘Children’ below).

FINANCIAL INFORMATION

CFCArts will protect any personal financial information that you share with us. If you make a donation or purchase through our site, your credit card number will only be used to process your payment, it will not be saved or used for marketing purposes. To ensure your information is secure, credit card information is not stored on our Web Server. 

LINKS

Our site may include links to other websites whose privacy policies are not in our control. Once you leave our website, use of any information you provide is governed by the privacy policy of the operator of the site you are visiting. That policy may differ from ours. If you can’t find the privacy policy of any of these sites via a link from the site’s homepage, you should contact the site directly for more information. CFCArts is not responsible for the privacy practices or the content of such websites.

AUTOMATIC INFORMATION (COOKIES)

Certain applications in the CFCArts website invoke a standard feature found in browser software, called a “cookie.” We use cookies to track the progress of e-commerce transactions and to allow our visitors to move from one page to the next without having to re-enter personal information.

CHILDREN

We do not knowingly collect personal information from children, or those under the age of 18. Further, any portion of our web site geared toward children under 18 will not request any personal or contact information.

CONTACT US/UPDATE YOUR PERSONAL INFORMATION/OPT-OUT

You can help CFCArts stay up-to-date with your personal information by notifying us when you change your address, title, phone number, or e-mail address. If at any time you wish to update your information or discontinue communication with us, notify us by email at info@cfcarts.com or by postal mail at: PO Box 720517 Orlando, FL 32872. When making a request or offering feedback, please include your old and new contact information so that we can make the appropriate corrections. We invite you to submit any comments or questions regarding our privacy policies to CFCArts at one of the addresses listed above. CFCArts may occasionally update this policy. Notice of revisions will be posted here.

DISCLAIMERS

Although we believe that our procedures are effective to protect your personal information, we cannot guarantee that these precautions will protect against all potential security breaches, and we must hereby expressly disclaim any liability for any security breach or intrusion which results in the unauthorized disclosure or misuse of your personal information. If you prefer, you may place your order or donation via phone or in person.

JURISDICTION AND VENUE

By accessing this website, you agree that the laws of the State of Florida shall govern any disputes arising from or in connection with this privacy policy, including any misuse of personal information which you provide to this website. You agree that the exclusive venue for any disputes arising from or in connection with this privacy policy are in the federal or state courts located in Orange County, Florida.

DATA PROTECTION POLICY: TECHNICAL AND ORGANIZATIONAL SAFEGUARDS AGAINST UNAUTHORIZED DATA SHARING

1. Purpose and Scope
This Data Protection Policy outlines the technical and organizational measures implemented to protect sensitive, confidential, and personal data from unauthorized access, sharing, disclosure, or misuse. It applies to all employees, contractors, service providers, and any individuals who process data on behalf of Central Florida Community Arts (CFCArts).

2. Definitions

  • Data: Any information relating to an identified or identifiable individual (personal data) or confidential business information.
  • Unauthorized Sharing: Any transmission, access, disclosure, or release of data without appropriate authority or legal basis.
  • Data Subject: The individual to whom the data pertains.

3. Arganizational Safeguards

    3.1. Access Control and User Management

    • Role-based access to data (principle of least privilege).
    • Unique login credentials for all users with authentication logging.
    • Termination of access immediately upon employee separation or role change.

    3.2. Staff Training and Awareness

    • Mandatory data protection and cybersecurity training upon hire and annually thereafter.
    • Clear communication of responsibilities regarding data confidentiality.
    • Reporting procedures for suspected breaches.

    3.3. Confidentiality Agreements

    • Confidentiality Agreements required for all staff and vendors handling sensitive data.
    • Regular review of third-party data handling contracts.

    3.4. Incident Response Plan

    • Documented response procedure in the event of unauthorized access or disclosure.
    • Designated Data Protection Officer (DPO) or security lead to coordinate response.

    4. Technical Safeguards

    4.1. Network Security

    • Segregation of networks with different data classifications (e.g., public, internal, restricted).

    4.2. Encryption

    • Encryption of data in transit (TLS/SSL) and at rest (AES-256 or higher).
    • Encrypted email or secure file transfer platforms for transmitting sensitive data.

    4.3. Endpoint and Device Protection

    • Mandatory use of company-approved and secured devices.
    • Remote wipe capability for lost/stolen devices.
    • Mobile device management (MDM) software for endpoint control.

    4.4. Monitoring and Logging

    • Audit logs maintained for access to and transmission of sensitive data.
    • Regular review of system logs for anomalous behavior.

    4.5. Data Loss Prevention (DLP) Tools

    • DLP software implemented to detect and block unauthorized sharing via email, USB, or cloud services.
    • Alerts configured for suspicious activities or policy violations.

    5. Data Sharing Protocols

    5.1. Internal Sharing

    • Only permissible on a need-to-know basis and with managerial approval when appropriate.
    • Use of secure internal collaboration tools only.

    5.2. External Sharing

    • Requires written authorization and a legitimate legal or business purpose.
    • Only shared through secure, approved channels with third parties bound by contractual data protection obligations.

    6. Policy Compliance and Review

    • Regular audits conducted to assess compliance and effectiveness.
    • Violations subject to disciplinary action, up to and including termination.
    • Policy reviewed annually or upon significant changes to operations or regulations.

    Last Updated: 08.01.2025

    Skip to content