Privacy Policy

1.0 Purpose

The purpose of this Privacy Policy is to establish standards and guidelines for the collection, storage, and usage of certain personal information of residents and employees of the Sun City Texas Community Association, Inc. (CA), CA authorized entities, and other residents of Sun City Texas. The standards and guidelines contained in this Privacy Policy balance the needs of the CA and other parties or individuals to collect and use this personal information against the need to protect such personal information from dissemination in a manner that could be harmful to the related individuals. This Privacy Policy replaces and supersedes any previous Consolidated Privacy Policy.

2.0 Scope

This Privacy Policy applies to all activities performed by members of the CA, CA authorized entities, CA employees including contracted personnel, or any resident or visitor which involve Confidential Personal Information, Publishable Personal Information, or other communications described herein. This Privacy Policy specifically includes provisions related to computer servers or domains used or maintained by such parties.

3.0 Definitions

The following terms have these specific definitions when used in this Privacy Policy.

3.1 Authorized Individuals:

CA directors, officers, administrative staff employees, and other persons who are specifically authorized by the CA Board of Directors or Executive Director to view or handle Confidential Personal Information.

3.2. CA Authorized Entities:

Organizations approved by the CA to exist and function under the auspices of the CA including but not limited to Charter Clubs, Neighborhoods and Interest Groups.

3.3 Commercial:

Occupied with or engaged in the buying and selling of goods or services by a for-profit or non-profit entity.

3.4 Confidential Personal Information (“CPI”) :

Consists of the following personal information of a resident or employee:

(1) any financial type records or data of individual residents or employees including bank account information used in conjunction with electronic payments, social security numbers and birth dates;

(2) violation history specific to individual residents including Modifications Committee and Covenants Committee information related thereto;

(3) employee compensation or other personnel information; and

(4) resident and employee information (i.e., Publishable Personal Information) which a resident or employee has requested not be published.

3.5 Financial CPI:

Any financial records or data belonging to residents or employees including but not limited to blank checks or other bank account information used in conjunction with electronic payments.

3.6 Publishable Personal Information (“PPI”):

Certain identifying information of residents and employees that is collected by the CA or CA authorized entities and: (a) is not deemed CPI; or (b) for which no specific request has been received from the related individual that the information not be published. A resident’s first and/or last name by itself is not PPI. However, a resident’s first and/or last name coupled with any of the following is PPI: CA identification number, property identification information (e.g., address, neighborhood number, or lot number), home state, telephone number, email address, or membership status in CA authorized entities.

3.7 Resident Directory:

That portion of the Website that displays and publishes the Publishable Personal Information of individual residents.

3.8 Residential Directories:

The Resident Directory and the Resource Guide and Directory documents published by the CA.

3.9 Resource Guide and Directory:

A publication that the CA may print and distribute to its membership for their personal, non-commercial use. In most instances, this document will contain information provided in the Resident Directory.

3.10 Unsolicited Bulk Email:

E-mail that is sent in large quantities and for which the e-mail service provider requires permission of the recipient prior to sending

3.11 Website:

Any one or more domains registered to or utilized as the official website by the CA, such site(s) containing information that is accessible by residents or members of the public, whether by means of password access or otherwise.

4.0 Responsibility

4.1 I.T. and Communications & Lifestyle Directors (Responsible Party) are responsible for creating, amending, and reviewing this Privacy Policy, subject to the approval of CA Board of Directors.

4.2 The Executive Director or his designee is responsible for implementing and administering this Privacy Policy.

5.0 The Policy

5.1 General Privacy Policy

(1) When members of the CA, other residents residing in the community, and CA employees place Personal Information on the Sun City Texas Website or in the Sun City Texas Directory or similar publications, they have an expectation of privacy. Included are the following specific expectations:

(a) That the information they provide will not be used for commercial purposes without the specific permission of the resident;

(b) That they will not receive Unsolicited Bulk E-mail as a result of making that information available (specifically, publishing e-mail addresses in the Resident Directory or on the Website, does not constitute permission from the addressee to receive Unsolicited Bulk E-mail);

(c) That the information they provide will not be provided to individuals or organizations outside of Sun City Texas without their specific permission; and

(d) That residents who have used the Resident Directory or Website to obtain the e-mail addresses of other residents and are using that information to send e-mails must comply with requests to remove recipients’ names from the e-mail list.

(2) Accordingly, the following Privacy Policy shall apply with regard to the use, publication or dissemination of CPI and PPI.

5.1.1 No publishing of CPI.

(1) The CA shall not publish or otherwise intentionally allow persons other than specifically authorized individuals to access any CPI except to the extent that CA is required to provide CPI:

(a) To financial institutions or other requesting private entities or individuals that legally require such information, or by necessity must have such information, in conjunction with services provided to the CA,

(b) In response to a legal request or demand by a governmental entity, including but not limited to taxing authorities and courts-of-law; or

(c) Under any State or federal law, including but not limited to Texas Property Code Ch. 209.

(2) No Resident and no individual affiliated with any CA authorized entity shall publish or disseminate any CPI for any reason except as authorized under this policy or as required by a contract between a CA vendor and the CA. No Resident and no individual affiliated with any CA authorized entity shall be provided access to, print or disseminate any CPI, whether in printed or electronic form, without the prior consent of the Executive Director or his designee.

5.1.2 Storage and use of CPI.

(1) The CA shall take necessary precautions to ensure that CPI is stored in a location and manner that minimizes the risk that it can be accessed or viewed by anyone other than authorized individuals. Printed CPI records shall be stored in locked filing cabinets or other secure areas when not in actual use. Electronic CPI records shall be stored in conjunction with password protection, encryption, firewalls, or such other safeguards as the CA Executive Director determines are necessary.

(2) CPI records shall be used and made available only to authorized individuals, except as expressly provided herein or specifically authorized on a case-by-case basis by the Executive Director. CPI records shall not be used or left in plain view in areas where members of the public or persons other than authorized individuals regularly congregate (e.g., the front desk area of the CA office) unless under the direct control and supervision of an authorized individual.

(3) All authorized individuals shall be given a copy of this Privacy Policy and shall confirm in writing that they will adhere to this Privacy Policy, including any updates or revisions, and shall receive such other training or instruction as may be necessary to ensure compliance with this Privacy Policy.

(4) The storage of any CPI on servers or domains external to the CA servers or domains shall require the written approval of the Executive Director (or his designee). Approval is deemed if a contract between a CA vendor and the CA calls for the vendor’s use of or storage of CPI. The CA will use good faith effort to require in any vendor contract that the vendor take reasonable steps to protect and secure all CPI, and to require that the vendor not utilize or store CPI except as expressly allowed by the contract. Vendors may not utilize or store CPI except as expressly allowed by the contract between the CA and the CA vendor.

5.1.3 Financial CPI.

Financial CPI shall be used and accessed only by those authorized individuals who, as part of their job description, regularly handle financial matters for the CA, including any vendors as further described in Section 5.1.2(4). All voided checks of Residents or Employees and other written documents containing Financial CPI shall be secured in locked filing cabinets or containers when not in actual use, and, when no longer needed, shall be destroyed by means of a shredder or other device rendering the related document unreadable.

5.1.4 Action in Case of Unauthorized Access to CPI.

If the CA discovers that unauthorized persons have gained access to CPI, the matter shall be brought to the attention of the Executive Director. The Executive Director, or his designate, shall then determine, at his sole discretion, whether the possibility exists that such unauthorized access may result in identity theft or other financial harm to the affected persons. Consideration should include the totality of the circumstances involved, the nature of the CPI, whether the unauthorized person is identifiable, and the means by which access was obtained. If the Executive Director determines that such an intrusion has occurred, he shall take immediate steps to inform the affected person(s) and the CA Board of Directors.

5.1.5 Protection of PPI.

(1) PPI records are used by the CA in conjunction with its daily operations. These records may be used by the CA without restriction, except that they may not be sold or provided to third parties who do not otherwise require such information in conjunction with services rendered to the CA.

(2) PPI records are also made available to CA members by means of the Residential Directories. These Residential Directories are provided for the sole purpose of strengthening community bonds and communication. CA members or other persons receiving or accessing the Residential Directories shall not keep or use such information for commercial purposes, or provide it to third parties for any reason, except for use in the operation of CA authorized entities (e.g. membership lists) and as required by law or with the prior written consent of the affected residents. Even if for a permitted purpose, use of such information is subject to all other restrictions in the CA governing documents.

(3) The Executive Director shall cause the Residential Directories to contain a copy of this policy provision, which may be in summary form, to ensure that all persons receiving or using such directories are aware of this restriction.

(4) PPI shall only be published: (a) in the Resource Guide and Directory; (b) in the Resident Directory; (c) on a password-protected, members-only portion of the Website, (d) in a password-protected, members-only portion of websites maintained by CA authorized entities, or (e) as otherwise determined by the Executive Director.

(5) Images of a resident or employee may be published, but the only related identifying information that may be published is that individual’s first and last name and title.

5.1.6 Ability of individual residents to restrict/prohibit publication of PPI

(1) At any time upon written request, a resident may request additional restrictions or prohibitions on the publication of his or her PPI by designating an email address, home state or a telephone number as private. A resident also may request all PPI related to the home as private. Upon such request, the CA shall not publish that PPI on the Website nor in the Resource Guide and Directory.

(2) The CA shall take appropriate action to honor such requests

5.1.7 Emails by the CA and CA Authorized Entities.

(1) Notices of activities or special events by the CA and/or CA authorized entities are for the purpose of conducting CA business. When sending an email, the CA and CA authorized entities shall ensure the email is transmitted in a manner whereby one recipient cannot view the email address of another recipient. This shall be accomplished by delivering such emails through the Website, the use of “bcc” functions, or through other appropriate protections.

(2) Email notices of activities or special events by the CA and/or CA authorized entities which may result in monetary gain for any resident, or in promotion or degradation of any resident, are not allowed.

5.1.8 Sun Rays Magazine.

The names, official telephone numbers and email addresses of CA directors, officers and Employees, and officers or contact points for CA authorized entities may be published in the Sun Rays without written permission. Images of a Resident, Official or Employee may be published in the Sun Rays without permission, as long as the images are not used for commercial gain, and the only related identifying information is that individual’s first and last name and title, unless additional information is volunteered by the Resident, Official, or Employee.

5.1.9 Channel 18 and Video Recordings.

Images of a Resident, Official or Employee may be transmitted, viewed and stored in conjunction with the operation of Channel 18 and may be used for / posted on the CA website and on social media. The only additional identification allowed is the first and last name and title, unless additional information is volunteered by the resident or employee.

5.1.10 Social Media.

The names, official telephone numbers and email addresses of CA directors, officers and Employees, and officers or contact points for CA authorized entities may be published on the CA’s social media sites without written permission. Images of a Resident, Official or Employee may be published on the CA’s social media sites without permission, as long as the images are not used for commercial gain, and the only related identifying information is that individual’s first and last name and title, unless additional information is volunteered by the Resident, Official, or Employee. If a resident chooses to engage with any of the CA’s social media outlets they agree to grant the CA non-exclusive and unrestricted use of that photograph or content.

AS A CONDITION OF ANY RESIDENT POSTING MATERIAL ON THE CA’S SOCIAL MEDIA PAGE, THE RESIDENT AGREES TO INDEMNIFY, DEFEND AND HOLD HARMLESS THE CA, ITS EMPLOYEES AND REPRESENTATIVES, FROM ANY AND ALL THIRD-PARTY LIABILITY FOR ANY INJURIES, LOSS, CLAIM, ACTION, DEMAND OR DAMAGE OF ANY KIND ARISING FROM OR IN CONNECTION WITH THE POSTING, INCLUDING WITHOUT LIMITATION ANY THIRD-PARTY CLAIM FOR COPYRIGHT INFRINGEMENT OR A VIOLATION OF AN INDIVIDUAL'S RIGHT TO PRIVACY AND OR PUBLICITY RIGHT.

Any expenses incurred by the CA may be assessed to the resident’s (or if the resident is not also an owner, the owner’s) account. The CA reserves the right to remove any content from its social media sites at any time

5.1.11 CA Financial Information.

The CA shall not distribute CA financial information (including, but not limited to, budgets, reports, and reserves, and bank account information) outside the Sun City Texas community, except when such distribution is a necessary component of that person's tasks or such distribution has been expressly authorized in advance by the Executive Director or his designee. CA financial information on the Website must be password protected.

5.2 Website Privacy Policy

In addition to general Privacy Policy specified above, use of CPI and PPI in conjunction with operation of the Website and associated web servers/domains shall be governed by the policies in Section 5.2. In the event of a conflict between this Website Privacy Policy and the general Privacy Policy, the more restrictive policy shall prevail.

5.2.1 Website Editors.

All Website editors, who have access to PPI, must be approved by the Executive Director or his designee.

5.2.2 Passwords.

Electronic access to that portion of the Website or any associated web server/domain containing the Resident Directory, Financial CPI, personal PPI and CPI, shall be controlled by a unique combination of username and password. Resident passwords shall not be visible or accessible to other users of the Website or associated web servers/domains, and shall be stored in an encrypted manner1.

5.2.3 Electronic connection to CA computer files.

No electronic connection between the Website, the associated web servers/domains, and the computer systems used by the CA or any CA vendor to manage community operations and services shall be permitted unless the CA establishes or causes to be established (for example as a contractual requirement with a CA vendor) reasonable safeguards (e.g., firewalls, encryption, and/or virtual private networks) to ensure that any such connection provides reasonably equivalent levels of security and privacy protection as afforded by the on-site computer systems, and as required by this Privacy Policy. Notwithstanding, in the CA’s discretion the CA may maintain and share in its discretion analytic information regarding pages viewed throughout the site.

5.2.4. Tracking of Usage.

The CA shall be permitted to track website log-in and usage data of individual users and to collect statistical information about usage and users to support users, understand general usage patterns and loads on the web servers.

6.0 References (Governing Documents).

Covenants, Conditions, and Restrictions (CC&Rs)

Amended and Restated Bylaws of Sun City Texas Community Association, Inc (Bylaws)

Third Amended

CA Rules and Regulations