MyEASy.org Privacy Policy (GDPR Compliant)
Effective Date: 12/01/2025
The Alliance for the Advancement of Infant Mental Health (“we,” “us,” or “our”) is committed to
protecting the privacy and security of your personal data. We act as the Data
Controller for the personal data processed in connection with our website,
myeasy.org, and the application EASy (collectively, the “Site”). This Privacy Policy explains
how we collect, use, and safeguard your information and outlines your rights under the General
Data Protection Regulation (GDPR), which applies to the personal data of individuals located in
the European Economic Area (EEA) and the UK.
Please read this Privacy Policy carefully. By using EASy, you acknowledge and accept the
practices described herein.
1. Changes to This Policy
We reserve the right to modify this Privacy Policy. We will alert you to any significant changes
by updating the “Effective Date” and taking reasonable steps to notify you, such as via email or
a prominent notification upon logging into EASy. Any changes will be effective immediately upon
posting the updated Privacy Policy.
2. Data Controller and Contact Information
The Data Controller responsible for the processing of your personal data is:
3. Collection of Your Information and Lawful Basis
We collect information necessary for specific, explicit, and legitimate purposes. The categories
of data we collect, and the corresponding lawful basis under GDPR, are:
| Data Category |
Examples of Data Collected |
Lawful Basis for Processing |
| Personal Data |
Name, address, email, telephone number. |
Consent (for account creation and communications) or
Contractual Necessity (for membership management).
|
| Special Category Data |
Demographic data such as race/ethnicity. |
Explicit Consent (as required by GDPR, to be obtained via an
affirmative, separate opt-in). |
| Derivative Data |
IP address, browser type, operating system, usage patterns. |
Legitimate Interest (to ensure network security and improve
service delivery). |
| Financial Data |
Transaction ID, date/type of payment. (No full payment card data is stored by
us.) |
Contractual Necessity (to process payments for services). |
| Mobile Device Data |
Device model, manufacturer, location information (if enabled). |
Consent (for optional location services) or Legitimate
Interest (to optimize the mobile application). |
Note on Refusal: You are under no obligation to provide us with personal
information. However, your refusal to provide data based on Contractual Necessity or Consent may
prevent you from using certain features.
4. Use of Your Information and Purpose
We process your personal data for the following purposes, based on the legal grounds identified
above:
| Processing Purpose |
Lawful Basis |
| Service Delivery & Management |
- Create, manage, and email you regarding your account.
- Process payments and refunds.
- Resolve disputes and troubleshoot problems.
|
Contractual Necessity |
| Business Operations & Improvement |
- Monitor and analyze usage/trends to improve EASy efficiency.
- Prevent fraudulent transactions, monitor against theft, and protect
against criminal activity.
- Compile anonymous statistical data and analysis (if fully anonymized).
|
Legitimate Interest |
| Communication & Marketing |
- Contact you with information on Endorsement®, your membership, or other
initiatives.
- Send you a newsletter or solicit support.
|
Consent or Legitimate Interest |
| Legal Compliance |
- Assist law enforcement, respond to subpoenas, or protect our
rights/property/safety.
|
Legal Obligation |
5. Disclosure and Recipients of Your Information
We may share your information with the following categories of recipients, strictly on a
need-to-know basis and under protective contracts:
- Payment Processors: Stripe or PayPal (only Financial Data, necessary for
transaction completion).
- Affiliates: The Alliance for the Advancement of Infant Mental Health and
other infant and early-childhood mental health organizations. We require all affiliates to
honor this Privacy Policy.
- Law Enforcement & Legal Parties: When legally required or necessary to
protect our rights (see Legal Obligation above).
- Interactions with Other Users: If EASy includes user interaction features,
other users may see your name and descriptions of your activity.
International Transfers: If your data is transferred outside the European
Economic Area (EEA), we will ensure that an appropriate safeguard is in place, such as Standard
Contractual Clauses approved by the European Commission, to ensure the level of data protection
is not undermined.
6. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which
it was collected, including for the purposes of satisfying any legal, accounting, or reporting
requirements.
- Account Data: Retained for the duration of your active membership/account
and for a period of up to 60 days thereafter, unless a longer
retention period is legally required.
- Financial Records: Retained for the period required by tax and accounting
law, 7 years.
7. Your Data Protection Rights (GDPR)
Under GDPR, you have the following rights concerning your personal data. You may exercise these
rights by contacting us using the information in Section 2.
| Right |
Description |
| Right to be Informed |
To be informed about how your data is processed (this Policy serves this
purpose). |
| Right of Access |
To request a copy of the personal data we hold about you. |
| Right to Rectification |
To request that we correct any inaccurate or incomplete data we hold about you.
|
| Right to Erasure (The "Right to be Forgotten") |
To request the deletion of your personal data when there is no compelling reason
for its continued processing. |
| Right to Restriction of Processing |
To request that we limit the use of your data under certain circumstances (e.g.,
if you contest the data’s accuracy). |
| Right to Data Portability |
To receive your data in a structured, commonly used, and machine-readable format
and to transfer it to another controller. |
| Right to Object |
To object to processing based on legitimate interest or for direct marketing
purposes. |
| Right to Withdraw Consent |
To withdraw your consent at any time where processing is based on consent.
Withdrawal does not affect the lawfulness of processing before the withdrawal.
|
Right to Lodge a Complaint: You have the right to lodge a complaint with a
supervisory authority in your member state if you believe your rights under GDPR have been
violated.
8. Tracking Technologies (Cookies)
We use cookies and similar tracking technologies. GDPR requires that we obtain your opt-in
consent before placing non-essential cookies on your device.
- We use a cookie consent banner to provide you with control over which cookies are set.
- By default, only essential cookies are active.
- You can manage your preferences at any time.
Please refer to our separate Cookie Policy below for detailed information on the types of cookies
we use, their purpose, and their retention periods.
9. Security of Your Information and Breach Notification
We employ administrative, technical, and physical security measures to protect your personal
information. While we strive to protect your data, no method of transmission is 100% secure.
Data Breach Response: In the unlikely event of a personal data breach, we will
notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where
feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will
notify you without undue delay.
10. Emails and Communications
You may opt-out of receiving non-essential correspondence, emails, or other communications from
us at any time by:
- For non-EASy messages, click the “unsubscribe” link at the bottom of any marketing email.
MyEASy.org Cookie Policy
Effective Date: 12/02/2025
This Cookie Policy explains how The Alliance for the Advancement of Infant Mental Health ("we,"
"us," or "our") uses cookies and similar technologies (such as web beacons and pixels) on the
EASy application and website (the “Site”). This policy should be read alongside our Privacy
Policy.
1. What are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile) when you visit
our Site. They are widely used to make websites work more efficiently and to provide reporting
information.
2. Why We Use Cookies (Purpose and Lawful Basis)
We use cookies for the following purposes:
| Category |
Purpose |
Lawful Basis (GDPR) |
| Strictly Necessary |
To enable core functionality (e.g., login, security, payment processing). The
Site cannot function properly without these. |
Legitimate Interest (essential for service delivery). |
| Analytical/Performance |
To collect data on how users interact with the Site (e.g., pages visited, error
rates) to measure performance and improve the user experience. |
Consent (User must actively opt-in). |
| Functionality |
To remember your preferences (e.g., language or region) to provide a more
personalized experience. |
Consent (User must actively opt-in). |
| Marketing/Targeting |
To track user activity across the Site and other sites to deliver personalized
advertisements or communications. |
Consent (User must actively opt-in). |
3. Types of Cookies We Use
Cookies can be classified by duration:
- Session Cookies: These are temporary and expire when you close your
browser. They are typically used for necessary functions like maintaining a login session.
- Persistent Cookies: These remain on your device for a set period specified
in the cookie (unless deleted by the user). They are used to recognize you over time, such
as remembering your preferences.
Cookies can also be classified by who sets them:
- First-party Cookies: Cookies set by the Site itself (e.g., EASy).
- Third-party Cookies: Cookies set by external services we use for analytics,
advertising, or functionality (e.g., Google Analytics, Stripe).
4. How to Manage and Control Cookies
In compliance with GDPR, we provide you with granular control over non-essential cookies.
- Cookie Banner: When you first visit EASy, you will see a banner allowing
you to:
- Accept All Cookies.
- Reject All Non-Essential Cookies.
- Customize your preferences by category (Analytical, Functionality, Marketing).
- Browser Settings: You can modify your web browser settings to delete or
refuse cookies. However, please note that disabling strictly necessary cookies may
negatively impact the functionality of EASy.
- Opt-Out Tools: You can use industry-wide opt-out tools such as the Network
Advertising Initiative (NAI) or Digital Advertising Alliance (DAA).
MyEASy.org Data Subject Request (DSR) Process & Form Guidance
In accordance with your rights under the GDPR (outlined in Section 7 of the Privacy Policy), you
may submit a request to exercise your data subject rights.
1. Submitting a Data Subject Request
To ensure your request is handled efficiently and securely, please submit your request to our
designated privacy contact:
2. Required Information
Your request must include the following information to allow us to verify your identity and
locate your data:
| Requirement |
Purpose |
| Full Name |
To match the request to the data subject. |
| Email Address(es) |
The email address(es) associated with your EASy account or use of the Site. |
| Country of Residence |
To determine the relevant legal framework (e.g., GDPR). |
| Specific Right Requested |
Clearly state which right you are exercising (Access, Erasure, Rectification,
Portability, Restriction, or Objection). |
| Detailed Description |
A precise description of the data you are requesting, or the reason for your
request (e.g., "I wish to receive all personal data processed in the last 12
months," or "Please correct my street address from X to Y"). |
3. Identity Verification
To protect your personal data, we must verify that you are the data subject making the request.
- Standard Verification: We will generally verify your identity by sending a
confirmation email to the address on file for the request.
- High-Risk Verification (for Erasure/Portability): If the request involves
sensitive data or deletion, we may require additional steps, such as confirming recent
activity or providing a copy of a utility bill (with non-essential details).