Privacy Policy - 11-18-2010

The purpose of this Privacy Policy is to establish standards and guidelines for the collection, storage, and usage by Sun City Texas Community Association (“SCTCA”), Ancillary SCTCA Entities, and Residents of certain personal information of Residents, Employees and Officials. The standards and guidelines contained in this Privacy Policy balance the need of SCTCA, Ancillary SCTCA Entities, and other parties or individuals to reasonably collect and use this personal information against the need to protect such personal information from dissemination in a manner that could be harmful to the related individuals.

This Privacy Policy applies to all activities performed by SCTCA, Ancillary SCTCA Entities, or any Resident, which involve Confidential Personal Information or Publishable Personal Information. This Privacy Policy specifically includes provisions related to computer servers or domains used or maintained by such parties (see Section 5.2 below). This Consolidated Privacy Policy supersedes and replaces the Consolidated Privacy Policy adopted by SCTCA in July 2008.

As used in this Consolidated Privacy Policy, the following terms have the prescribed definitions:

3.1 Ancillary SCTCA Entities : Means and refers to all organizations that are not part of the formal SCTCA governance structure (i.e., not the SCTCA Board of Directors or committees) but nonetheless are comprised solely or primarily of Residents and exist for the purpose of supporting Resident activities. These organizations include but are not limited to the Neighborhood Representative Organization, Neighborhoods, Chartered Clubs, and Interest Groups.

3.2 Authorized Individuals : Means and refers to SCTCA d irectors, officers, administrative staff employees, and other persons who are specifically authorized by the SCTCA Board of Directors or Executive Director to view or handle Confidential Personal Information.

3.3 Chartered Club : A Chartered Club is a club comprised of Residents that is officially sanctioned and chartered by the SCTCA.

3.4 Communications Committee: Means and refers to that committee approved and appointed by the SCTCA Board of Directors to advise the SCTCA Board of Directors and staff and to make recommendations to them on policies, systems, and procedures for maintaining and/or improving the communication between and among the Residents, the SCTCA, and the Georgetown community at large.

3.5 Community Directory : Means that certain printed documents the SCTCA may from time to time cause to be printed and distributed to its membership for their personal, non-commercial use. In most instances, this document will contain in a printed form that information provided in the Resident Directory.

3.6 Confidential Personal Information (“CPI”) : Means and includes the following personal information of a Resident, Official or Employee : (1) social security numbers and birth dates;(2) any financial records or data of individual residents or individual employees, including by way of example bank account information used in conjunction with electronic payments; (3) Modifications Committee information specific to individual residents; (4) Covenants Committee information specific to individual residents; (5) employee compensation; and (6) identifying information of Residents (i.e., Publishable Personal Information) which a Resident has requested not be published, as permitted under Section 5.1.6 below.

3.7 Covenants Committee: Means and refers to that committee approved and appointed by the SCTCA Board of Directors to investigate and, if necessary, conduct informal hearings regarding violations of the SCTCA governing documents as provided in Section 4.2 of the Bylaws. Also, see the definition in the Covenants, Conditions, and Restrictions (CC&Rs) document.

3.8 Employees : Means persons who are employed, directly or indirectly, by SCTCA, whether under an employment agreement or under a third-party service contract.

3.9 Executive Director : Means and refers to the executive director of SCTCA.

3.10 Financial CPI : Means and refers to any financial records or data belonging to Residents, Employees or Officials, including but not limited to blank checks or other bank account information used in conjunction with electronic payments.

3.11 Interest Group : Means and refers to a club or group comprised solely or primarily of Residents that exists for the purpose of supporting Resident activities but that is not officially sanctioned or chartered by SCTCA.

3.12 Neighborhood Representative Organization : Means and refers to the organization of the same name referred to in the Third Amended and Restated Declaration for Sun City Texas.

3.13 Neighborhood : Means and refers to a Neighborhood within Sun City Texas, which is established under the Third Amended and Restated Declaration for Sun City Texas. Also, see the definition in the CC&Rs document.

3.14 Officials : Means any and all individual directors or officers of SCTCA who are not otherwise properly classified as an Employee or Resident, and includes non-Resident directors and officers of SCTCA.

3.15 Privacy Policy : Means t his Sun City Texas Community Association Consolidated Privacy Policy document.

3.16 Publishable Personal Information (“PPI”) : Means t hat certain identifying information of Residents, Officials and Employees that is collected by the SCTCA or Ancillary SCTCA Entities and: (a) is not deemed CPI; or (b) has not been subject to a specific request from the related individual that the information not be published. A Resident’s first and/or last name by itself is not PPI. However, a Resident’s first and/or last name coupled with any of the following is PPI: SCTCA identification number, property identification information (e.g., address, neighborhood number, or lot number), home state, telephone number, personal e-mail address, or membership status in Ancillary SCTCA Entities or other SCTCA organizations.

3.17 Resident: Means and refers to a person who resides either full-time or part-time in the Sun City Texas development, and includes owners, family members, tenants, and other residential occupants, except to the extent that such person is acting in an official SCTCA capacity (e.g., as a director, officer, or committee member).

3.18 Resident Directory : Means that portion of the Web Portal that displays and publishes the Publishable Personal Information of individual residents.

3.19 Residential Directories : Means and refers to the Resident Directory and the Community Directory.

3.20 SCTCA Board of Directors: Means and refers to the governing board of the SCTCA. This board oversees the operations, services, and finances of the SCTCA, sets annual budgets and homeowner's dues, and ensures that the rules and regulations of the community are up to date and properly enforced.   Also, see the definition in the CC&Rs document.

3.21`Sun City Texas Community Association (“SCTCA”) : Means the legal entity and related bodies and individuals responsible for operating and governing Sun City Texas, including directors, officers, committee members, and Employees.

3.22 Web Portal : Means and refers to any one or more domains registered to SCTCA that is assigned to a web server controlled by SCTCA and which contains information that is accessible by Residents or members of the public, whether by means of password access or otherwise.

4.1 The Communications Committee (Responsible Party) is responsible for creating, amending, and reviewing this Privacy Policy, subject to the approval and authorization of the SCTCA Board of Directors.

4.2 The Executive Director or his designee is responsible for implementing and administering this Privacy Policy.

4.3 The Covenants Committee is responsible for the enforcement of any non-corrected violation of this Privacy Policy by Residents.  Any Resident who violates this policy shall be referred to the Covenants Committee for sanction.

4.4 The SCTCA Board of Directors, either acting alone or by direction given to the Executive Director or to the Covenants Committee, is responsible for the enforcement of any non-corrected violations of this Privacy Policy by SCTCA, its Officials or Employees.  Any Employee who violates this policy shall be referred to the Employee’s supervisor for appropriate disciplinary action, up to and including termination of employment.

5.1       General Privacy Policies

The following general privacy policies shall apply with regard to the use, publication or dissemination of Confidential Personal Information (CPI) and Publishable Personal Information (PPI):

5.1.1          No publishing of CPI.  The Sun City Texas Community Association ( SCTCA) shall not publish or otherwise intentionally allow persons other than Authorized Individuals to access any CPI of individual residents or individual employees, except to the extent that SCTCA is required to provide CPI: (a) to financial institutions or other requesting private entities or individuals that legally require such information, or by necessity must have such information, in conjunction with services provided to SCTCA, (b) in response to a legal request or demand by a governmental entity, including but not limited to taxing authorities and courts of law; or (c) under any State or federal law, including but not limited to Section 22.351 of the Texas Business Organizations Code.

No Resident and no individual affiliated with any Ancillary SCTCA Entities shall publish or disseminate any CPI for any reason. No Resident and no individual affiliated with any Ancillary SCTCA Entities shall be provided access to, print or disseminate any CPI, whether in printed or electronic form, without the prior consent of the Executive Director or his designee.

5.1.2          Storage and use of CPI.  SCTCA shall take reasonable precautions to ensure that CPI is stored in a location and manner that minimizes the risk that it can be accessed or viewed by anyone other than Authorized Individuals. Printed CPI records shall be stored in locked filing cabinets or other secure areas when not in actual use. Electronic CPI records shall be stored in conjunction with password protection, encryption, firewalls, or such other safeguards as the SCTCA Executive Director determines are reasonably necessary. (See also Section 5.2 Web Portal Privacy Policies, below.)

CPI records shall be used and made available only to Authorized Individuals, except as expressly provided herein or specifically authorized on a case-by-case basis by the Executive Director. CPI records shall not be used or left in plain view in areas where members of the public or persons other than Authorized Individuals regularly congregate (e.g., the front desk area of the SCTCA office) unless under the direct control and supervision of an Authorized Individual. All Authorized Individuals shall be given a copy of this Privacy Policy and shall confirm in writing that they will adhere to this Privacy Policy, including any updates or revisions, and shall receive such other training or instruction as may be necessary to ensure compliance with this Privacy Policy.

The storage of any CPI on servers or domains external to SCTCA servers or domains shall require the written approval of the Executive Director (or his designee) or the affected Resident(s) prior to that storage.

5.1.3          Financial CPI.  F inancial CPI shall be used and accessed only by those Authorized Individuals who, as part of their job description, regularly handle financial matters for SCTCA. All voided checks of Residents or Employees and other written documents containing Financial CPI shall be secured in locked filing cabinets or containers when not in actual use, and, when no longer needed, shall be destroyed by means of a shredder or other device rendering the related document unreadable.

5.1.4          Action in Case of Unauthorized Access to CPI. If, in spite of the precautions taken under this Privacy Policy, SCTCA discovers that unauthorized persons have gained access to CPI, the matter shall be brought to the attention of the Executive Director. The Executive Director shall then determine, in his sole discretion, whether a reasonable possibility exists that such unauthorized access may result in identity theft or other financial harm to the affected persons, which shall be based upon the totality of the circumstances involved, including the nature of the CPI involved, whether the unauthorized person is identifiable, and the means by which access was obtained.   If the Executive Director determines that such an intrusion has occurred, he shall take immediate steps to inform the affected persons, and he shall take immediate steps to inform the SCTCA Board of Directors that such an intrusion has occurred.

5.1.5          Protection of PPI. PPI records are used by SCTCA in conjunction with its daily operations. These records may be used by SCTCA without restriction, except that they may not be sold or provided to third parties who do not otherwise require such information in conjunction with services rendered to SCTCA.

PPI records are also made available to SCTCA members by means of the Resident Directory and the Community Directory. These Residential Directories are provided for the sole purpose of strengthening community bonds and communication. SCTCA members or other persons receiving or accessing the Residential Directories shall not keep or use such information for commercial purposes, or publish it to third parties for any reason, except for use in the operation of Ancillary SCTCA Entities (e.g. membership lists) and as required by law or with the prior written consent of the affected Residents.The Executive Director shall cause the Residential Directories to contain a copy of this policy provision, which may be in summary form, to ensure that all persons receiving or using such directories are aware of this restriction.

PPI shall only be published: (1) in the Community Directory; (2) in the Resident Directory; (3) on a password-protected, members-only portion of the Web Portal, and/or (4) in a password-protected, members-only portion of websites maintained by Ancillary SCTCA Entities.  PPI information shall not be published by a Resident on any server or domain outside of the Web Portal without the prior written permission of the affected Resident, Official or Employee.

Images of a Resident, Official or Employee may be published, but the only related identifying information that may be published is that individual’s first and last name and title.

5.1.6          Ability of individual residents to restrict/prohibit publication of PPI. Any Resident, at any time, may establish additional restrictions or prohibitions on the publication of his or her PPI, whether in the Residential Directories or otherwise. 

The following PPI may be designated as private by a Resident and, if so designated as private by the Resident, shall not be published on the Web Portal nor in the Community Directory: email address, telephone number, home state.

The process for creating or removing such restrictions or prohibitions shall be as subsequently established and amended from time to time by SCTCA.

5.1. 7          Bulk Emails by SCTCA and Ancillary SCTCA Entities.  When sending out a bulk-recipient email for general notice purposes or otherwise, SCTCA and Ancillary SCTCA Entities shall ensure that the email is transmitted in a manner whereby one recipient cannot view the email address of another recipient. This shall be accomplished by delivering such emails through the Web Portal, the use of “bcc” functions, or through other appropriate protections.

Bulk email notices of activities or special events by SCTCA and/or Ancillary SCTCA Entities is for the purpose of conducting SCTCA business. 

5.1. 8          Sun Rays Magazine.   The names, telephone numbers and email addresses of SCTCA directors, officers and Employees, and Officials or contact points for Ancillary SCTCA Entities may be published in the Sun Rays without written permission. Images of a Resident, Official or Employee may be published in the Sun Rays without permission, but the only related identifying information that may be published is that individual’s first and last name and title.

5.1. 9          Channel 79.   Images of a Resident, Official or Employee may be transmitted, viewed and stored in conjunction with the operation of Channel 79, but the only allowed identification information is the first and last name and title.

5.1. 10 SCTCA Financial Information. SCTCA shall not distribute SCTCA financial information, (including, but not limited to, budgets, reports, and reserves, and bank account information) outside the Sun City Texas community, except to the extent that such distribution is a necessary component of that person's tasks or such distribution has been expressly authorized in advance by the Executive Director or his designee.

SCTCA financial information on the Web Portal must be password protected."

In addition to general privacy policies outlined in Section 5.1 above, use of CPI and PPI in conjunction with the operation of the Web Portal and associated web servers/domainsshall be governed by the following specific policies in this Section 5.2. In the event of a conflict between these Web Portal privacy policies and the general privacy policies, the more restrictive policy shall control.

All Web Portal editors, who have access to PPI , must be approved by the Executive Director or his designee .  

5.2.1          Passwords.   Electronic access to that portion of the Web Portal or any associated web server/domain containing the Resident Directory, SCTCA financial information, PPI and CPIshall be controlled by a unique combination of username and password issued by SCTCA.

The passwords shall not be visible or accessible to other users of the Web Portal or associated web servers/domains except for the Web Portal administrators, and shall be stored in an encrypted manner where supported by the software/system in use.

5.2.2          Electronic connection to SCTCA computer files. SCTCA shall not permit any electronic connection between the Web Portal, the associated web servers/domains, and the computer systems used by SCTCA to manage community operations and services, except to the extent that the SCTCA establishes reasonable safeguards (e.g., firewalls, encryption, and/or virtual private networks) to ensure that such a connection provides reasonably equivalent levels of security and privacy protection as afforded by the on-site computer systems, and as required by this Privacy Policy.

5.2.3          No “cookies”; tracking of usage.   The Web Portal shall not use “cookies” or other software codes to track the pages viewed on the Web Portal by an individual Resident. Nevertheless, SCTCA shall be permitted to track log-in data of individual users and to collect statistical information about usage and users to understand general usage patterns and loads on the web server .

5.2.4          Chartered Club and Neighborhood microsites.  Access to all portions of a microsite maintained by Ancillary SCTCA Entities on the Web Portal shall be password protected. However, such Ancillary SCTCA Entities may petition the Executive Director or his designee in writing for permission to have certain pages of their microsite viewable without password access.