The Diocese of Baton Rouge (“Diocese”) respects your privacy and is committed to protecting it through our compliance with this Policy. This Privacy Policy has been prepared to help you understand what information is collected through your interactions with us, and how this information is used, maintained, protected, and disclosed. Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. To the extent permitted by your applicable jurisdiction, by accessing or using our Website or anywhere this Privacy Policy is posted, you consent to our use and sharing of your information collected or submitted to us consistent with this Privacy Policy.
This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. Collection of Personal Data
This Policy applies to information collected from the following sources:
Our Websites (the “Website”):
https://diobr.org
https://csobr.org
https://catholiclifetv.org
our social media pages that we control including but not necessarily limited to Facebook, Instagram, X, and Youtube (collectively, our “Social Media Pages”)
your direct communications with us.
We may collect the following categories of personal data:
Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers;
Characteristics of protected classifications under state or federal law;
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet Website application, or advertisement.
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive personal information meaning personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; or a consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership
Data that is in an aggregated or deidentified form is not personal data. We may share deidentified, anonymous, or aggregated data.
Use of Personal Data We use the personal information we collect to communicate with you, provide the services you have requested, understand your needs, and in particular for the following purposes:
To conduct transactions you request,
To process payments or verify your financial data,
To respond to your questions and to contact you,
To assist us in providing better information, and to help us improve our Website and services,
To learn more about our Website traffic patterns and other use in order to improve the functionality and features of our Website,
To help us operate, maintain, and improve our systems, our Website, and your user experience,
To report and investigate adverse events,
To detect, investigate, prevent, and respond to fraud or any other harmful activities,
To comply with our legal and contractual obligations,
To exercise and defend legal claims,
To otherwise operate our services,
As described to you at the point of data collection or handling or otherwise where we are legally permitted or are required to do so.
We may also make personal information available to our related entities for the purposes outlined above. We do not collect any categories of personal information beyond the categories of personal information outlined above, and not for the purposes other than outlined above. If we collect or use your personal information for any purposes beyond the ones outlined in this notice, additional consent needs to be obtained prior to use.
Sharing of Data We do not share or sell your personal data. We will not disclose or transfer your personal data to any third party except when one of the following is true:
You consent to the disclosure;
The disclosure is to a party that controls, is controlled by, or is under common control with us;
The disclosure is related to a business purpose;
The disclosure is reasonably necessary for use by service providers who only use your information in connection with the services they perform for us;
The disclosure is reasonably necessary for the establishment or maintenance of legal claims;
The disclosure is required by law;
The disclosure is not inconsistent with this Privacy Policy or our description at the point of collection or handling, and otherwise not prohibited by applicable law.
When we disclose personal data for a business purpose, we enter a contract with the recipient that describes the purpose for handling the data and requires the recipient to keep them secure and confidential and not use them for any purpose except performing the contract. Examples of types of recipients may include entities that perform the following tasks: (a) Network infrastructure; (b) Cloud storage; (c) Payment processing; (d) Document repository services; (e) Website Management; (f) Accounting; (g) Internet (e.g. ISPs); (h) Data analytics; (i) Information Technology.
We may disclose data for a business purpose to the following categories of third parties:
Our affiliates
Service providers
Legal and administrative authorities
Third parties to whom you authorize us to disclose your information.
Storage of Data Except as otherwise permitted or required by applicable law or regulation, we retain personal information in the categories set forth above only for as long as we have a legitimate business need to provide our services to you.
Data Security The security of your Personally Identifiable Information is very important to us, and the Diocese of Baton Rouge takes all commercially reasonable precautions to protect and secure the confidentiality and integrity of your personal information. However, given the nature of the Internet and the fact that network security measures are not perfect, we cannot guarantee the absolute security of your information. If we are required to provide notice to you of a data security breach, the notice will be provided in electronic form.
Data Rights Depending on the applicable law where you reside, you may be able to assert certain rights related to your Personally Identifiable Information. If any of the rights listed below are not provided under the law for your jurisdiction, we have absolute discretion in providing you with those rights.
Access and portability: you can obtain information relating to the processing of your personal information and a copy of such personal information.
Erasure or deletion: you can require the deletion of your personal information to the extent permitted by law. We may also deny your deletion request to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. We will notify any third party that we have shared your personal information with and instruct the third party to delete your personal information.
Withdraw Consent: To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of your processing based on consent before your withdrawal. You may withdraw your consent by contacting us at (225) 387-0561 or [email protected].
Objection: you can object to the processing of your personal information on grounds relating to your particular situation. In cases of opposition to the processing of personal information the Diocese reserves the right to assess the application, which will not be accepted if there are legitimate reasons to proceed with the processing that prevail over your freedoms, interests and rights.
Rectification: where you consider that your personal information is inaccurate or incomplete, you can require that such personal information be modified accordingly. We will use commercially reasonable efforts to fulfill your correction request.
Restriction: you can request the restriction of the processing of your personal information.
Data Portability: you have the right to have the personal information you have provided to us returned to you or, where technically feasible, transferred to a third party.
To Know: you have the right to be informed if in the last 12 months the Diocese has disclosed, sold or shared your personal information to a third party.
Correction: you have the right to request to correct any inaccurate personal information about you. If any personal information requires correction, the Diocese will use commercially reasonable efforts to fulfill your correction request.
Appeal: In some jurisdictions, applicable law may give you the right to appeal an action by the Diocese with regard to a privacy request.
Exercising Data Rights Depending on your state’s privacy law(s), only you, or someone legally authorized to act on your behalf, may make a request to know, delete or correct related to your personal information. Depending on your jurisdiction, your ability to submit multiple requests within the same 12-month period may be limited.
The verifiable request must (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data only, and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization. We may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity. We will only use personal data provided in a verifiable request to verify the requestor's identity or authority to make the request.
Anti-Discrimination We will not discriminate against you for exercising any of the rights described above. Specifically, unless permitted by law, we will not:
Deny you services;
Impose penalties;
Provide you a different level or quality of services.
Suggest that you may a different level or quality of services.
Response Timing and Format We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at (225) 387-0561 or [email protected]. We endeavor to substantively respond to a verifiable request without undue delay, within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. Such extension will only occur when reasonably necessary, taking into consideration the complexity and number of the consumer’s request. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from the one entity to another entity without hindrance.
We do not charge a fee to process or respond to your consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made the decision and provide you with a cost estimate before completing your request.
Children’s Privacy Our Website is not intended for children under 13 years of age. If you are under the age of 13, please DO NOT USE this Website. We do not accept registration from children under 13 years of age and no one under the age of 13 may provide any information to or through our Website. No personally identifiable information (as defined in the COPPA, 15 U.S.C. Section 6501) is purposefully or knowingly collected from children under the age of 13 by our Site without verifiable parental consent. If you are a parent or guardian of a child under 13 years of age and believe that he or she disclosed information to us, please contact us at the address below. If we learn that we have collected or received Personally Identifiable Information of persons under 13 years of age without verification of parental consent, we will exercise commercially reasonable efforts to delete this information.
International Privacy Although the Site is accessible over the internet and therefore worldwide, the Site and their content are intended for residents of the United States only. If you choose to access our Site from locations outside the United States, such conduct is at your own risk and subject to the laws of the United States of America, which may differ from privacy laws in your state or home country, and you are responsible for compliance with any local laws. Personally Identifiable Information collected through or on the Site may be stored and processed in the United States or any other country in which Company or its affiliates, subsidiaries, or agents maintain facilities, and by using the Site you consent to any such transfer of information outside of your country. Users from outside the United States should not use or access the Site or disclose any information, including Personally Identifiable Information, through the Site. Individuals outside the United States who disclose any data, including Personally Identifiable Information, through our Site hereby acknowledge and consent to such data being stored in the United States or any other country, and transferred outside your country.
Data Protection Notice from Google Analytics We also use Google Analytics, a web analytics service provided by Google, Inc. ("Google") to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our site visitors find useful or interesting, so we can produce the most valuable content to meet their needs. Google Analytics uses "cookies", which are text files placed on your computer, to help us analyze how users use the site. The Information generated by the cookies about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
On our behalf, Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity for Website operators and providing other services relating to Website activity and internet usage to us. Google will not use this information for cross-context behavioral advertising, not will Google associate your IP address with any other data held by Google. Louisiana Student Data Privacy Act (Many of these requirements are mentioned elsewhere.) Data Collection and Use
Parental Consent: Written parental consent is required before collecting sensitive student data that is not necessary for educational purposes. Consent forms will be provided to parents/guardians at the start of each school year or upon enrollment.
Data Collection: We collect student data solely for educational purposes, including but not limited to enrollment, attendance, academic performance, and special education services.
Data Use: Student data will be used to support educational outcomes, comply with legal obligations, and improve instructional practices.
Data Sharing
Restrictions on Sharing: Student data will not be shared with third parties except as authorized by law or with parental consent. Data may be shared with educational service providers who comply with data protection requirements.
Contracts with Service Providers: Contracts with educational service providers must include provisions that require compliance with this policy and the Louisiana Student Data Privacy Act. Providers must implement security measures to protect student data.
Data Security
Access Controls: Access to student data is restricted to authorized personnel only. Employees must use secure passwords and follow best practices for data protection.
Data Protection Measures: We employ encryption, firewalls, and regular security audits to protect student data from unauthorized access, disclosure, or misuse.
Data Breach Notification: In the event of a data breach, affected students and parents will be notified promptly, outlining the nature of the breach and corrective actions taken.
Transparency and Access
Parental Rights: Parents have the right to access their children's educational records and request corrections to any inaccuracies. Requests should be directed to your designated school office.
Annual Reporting: We will provide an annual report on data privacy practices and any data breaches that occurred during the year.
Prohibition on Commercial Use Student data will not be used for commercial purposes, including targeted advertising. Changes to this Privacy Policy We reserve the right to modify this Privacy Policy at any time and will reflect any such changes by a “last modified” date above. If we make any material changes and are required by law to notify you, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on our Services prior to the change becoming effective.
We may provide additional "just-in-time" disclosures or additional information about the data collection, use and sharing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your personal information.
For revisions to this Privacy Policy that may be materially less restrictive on our use or disclosure of Personally Identifiable Information you have provided to us, we will make reasonable efforts to notify you and obtain your consent before implementing such revisions with respect to such information.