Privacy policy.

Wilderwood Camps Information Security Policy

1. Purpose This policy outlines Wilderwood Camps' commitment to identifying, mitigating, and monitoring information security risks, including physical security where applicable. The objective is to protect sensitive information and ensure the safety and trust of all stakeholders, including staff, campers, and parents.

2. Scope This policy applies to all Wilderwood Camps employees, contractors, vendors, and third-party partners. It covers the use of all systems, devices, networks, and physical facilities that process, store, or transmit information.

3. Information Security Objectives

  • Safeguard personal and sensitive data from unauthorized access, use, disclosure, alteration, or destruction.

  • Ensure compliance with relevant laws, regulations, and industry standards.

  • Promote a culture of security awareness among staff and stakeholders.

4. Risk Identification

  • Conduct regular risk assessments to identify vulnerabilities in digital systems, physical facilities, and operational processes.

  • Classify information assets based on sensitivity and criticality.

  • Maintain an inventory of hardware, software, and data assets.

5. Risk Mitigation Measures

5.1 Data Security

  • Implement encryption for data in transit and at rest.

  • Require strong, unique passwords and enforce regular password changes.

  • Restrict access to sensitive information on a need-to-know basis.

  • Conduct regular data backups and store them securely.

5.2 Network Security

  • Use firewalls, anti-virus software, and intrusion detection systems to monitor and protect network integrity.

  • Regularly update and patch software and hardware to address vulnerabilities.

  • Segregate public and internal network traffic where feasible.

5.3 Physical Security

  • Secure access to data centers and offices using locks, access control systems, and surveillance cameras.

  • Maintain visitor logs and issue temporary access credentials as needed.

  • Ensure that portable devices, such as laptops and tablets, are secured when unattended.

5.4 Vendor and Third-Party Management

  • Conduct due diligence and security assessments for vendors and partners.

  • Include security requirements in contracts with third-party providers.

  • Monitor third-party compliance with Wilderwood Camps’ security policies.

6. Monitoring and Incident Management

6.1 Monitoring

  • Continuously monitor systems and networks for suspicious activity.

  • Use automated tools to detect and log potential security incidents.

6.2 Incident Response

  • Establish an incident response team responsible for addressing breaches and other security events.

  • Document and follow an incident response plan, including containment, eradication, and recovery procedures.

  • Notify affected parties and authorities in accordance with legal requirements.

7. Training and Awareness

  • Conduct mandatory annual security training for all employees and contractors.

  • Provide specific training for roles with access to sensitive information.

  • Promote awareness through regular updates, alerts, and simulated phishing exercises.

8. Policy Review and Updates

  • Review this policy annually or following significant operational changes.

  • Update the policy to address new risks, technologies, and regulatory requirements.

  • Document all updates and communicate them to staff and stakeholders.

9. Compliance and Enforcement

  • Non-compliance with this policy may result in disciplinary action, up to and including termination.

  • Employees are required to report potential security violations or breaches immediately.

  • Wilderwood Camps’ management is responsible for enforcing this policy and ensuring adherence.

10. Data Retention and Deletion Policy

10.1 Purpose To ensure that Wilderwood Camps complies with applicable data privacy laws and industry best practices, this section outlines the organization's data retention and deletion guidelines.

10.2 Data Retention

  • Retain personal data only as long as necessary for its intended purpose or as required by law.

  • Implement retention schedules based on the type of data (e.g., financial records, camper registrations, health information).

  • Regularly review stored data to ensure compliance with retention policies.

10.3 Data Deletion

  • Permanently delete data that is no longer needed using secure methods, such as data wiping or shredding for physical records.

  • Ensure timely deletion of personal data upon request from the data subject, in compliance with legal and contractual obligations.

  • Maintain logs of data deletion activities for auditing purposes.

10.4 Exceptions

  • Retain data subject to legal hold or ongoing investigations until resolved.

  • Retain anonymized or aggregated data for statistical or research purposes, ensuring that individuals cannot be identified.

11. Contact Information For questions or concerns regarding this policy, contact the Information Security Officer

1. Information We Collect

We may collect the following types of information:

1.1 Personal Information

  • Contact Information: Name, email address, phone number, and mailing address.

  • Payment Information: Billing address, payment card details, or other payment information for transactions.

  • Demographic Information: Date of birth, gender, and household information.

1.2 Children’s Information

We collect limited information about children who participate in our camps, such as name, age, allergies, emergency contact information, and medical conditions. This information is provided by parents or guardians.

1.3 Technical Information

  • Device Information: Information about the device used to access our website.

  • Usage Data: Information about your interactions with our website or app, including IP address, browser type, and pages visited.

2. How We Use Your Information

We use the information collected to:

  • Provide and manage camp services and membership programs.

  • Process payments and manage transactions.

  • Communicate with you regarding updates, events, and promotions.

  • Ensure the safety and well-being of camp participants.

  • Improve our services, website, and app.

  • Comply with legal obligations.

3. Sharing Your Information

We do not sell or rent your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who help us operate and improve our services (e.g., payment processors, IT providers).

  • Legal Requirements: When required to comply with applicable laws or legal processes.

  • Safety Concerns: If necessary to protect the safety of participants, staff, or others.

4. Protecting Your Information

We implement industry-standard security measures to protect your personal information. However, no system can guarantee complete security. You are responsible for maintaining the confidentiality of any account credentials.

5. Your Rights

Depending on your location, you may have the following rights:

  • Access, correct, or delete your personal information.

  • Restrict or object to processing of your information.

  • Withdraw consent for data processing where applicable.

To exercise your rights, contact us at hello@wilderwood.camp.

6. Children’s Privacy

We only collect personal information about children with the consent of a parent or legal guardian. Parents or guardians can request access, correction, or deletion of their child’s information by contacting us at [Insert Contact Email].

7. Cookies and Tracking Technologies

Our website may use cookies to enhance your experience. Cookies are small files stored on your device that help us analyze website traffic and usage patterns. You can control cookie preferences through your browser settings.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website with the updated effective date. We encourage you to review this policy periodically.