Privacy

Privacy Principles

To provide you (players, parents and executive members) with quality service, AYSO must collect, process and use some of your personal information. At the same time, we want to protect the personal information you provide to us. To underscore AYSO’s commitment to protecting your privacy and the value we place on your relationship with us, AYSO has adopted the following privacy principles applicable to our handling of your personal information:

1. Recognition of Your Expectation of Privacy: We recognize and respect your expectation of privacy and security for your personal information. We understand the need to safeguard the sensitive information about you within AYSO.

2. Use, Collection and Retention of Your Information: AYSO collects, uses and retains information about you to help in the development and enhancement of our services; to understand which services will best meet your needs; to provide you with product and service opportunities that we deem interesting or beneficial to you; and to help administer our core business and programs. In addition, certain laws and regulations require us to collect information about you.

3. Our Maintenance of Accurate Information: Through our procedures and technology, we strive to maintain information about you that is accurate and complete. We will respond to your requests to correct inaccurate information in a timely manner should the need arise, but we reserve the right to ensure that the request to make changes is coming from you.

4. Limiting Access to Information: We have procedures and security measures that limit access to and disclosure of personally identifiable information to those individuals in our organization with a business reason to know such information. We educate our employees and volunteers about the importance of the confidentiality and privacy of customer information.

5. Security Procedures to Protect Information: We maintain security standards and procedures to deter unauthorized access to confidential information about you. We update and test our technology to continually improve the protection of our information about you and to assure the integrity of our information.

6. Disclosing Information: We will share your information only (1) with reputable reporting agencies; (2) when necessary to administer our business; (3) when you request it; (4) when the disclosure is required, or allowed by law; or (5) to make available special offers of products and services through AYSO’s sponsors and licensees as well as our relationship with other soccer organizations.

7. Maintaining Your Privacy in Our Business Relationships with Outside Third Parties: It is sometimes necessary to provide personally identifiable information about you to a third party, such as to a vendor to prepare customer communications. All third parties must agree to hold confidential information at the same level of confidentiality maintained by our organization and to abide by applicable law. In efforts to ensure the safety and security of the AYSO players and volunteers, AYSO has developed the following privacy policies to define the methods by which personal information and information that is protected by independent agreements are protected and secure. It is understood that as technology advances, these policies will be updated accordingly.

Privacy Policy

I. CHILD AND VOLUNTEER PROTECTION ADVOCATE (CVPA) PROTOCOLS

A. AYSO Procedures for Protecting Volunteer Information

1. The regional child and volunteer protection advocate (CVPA), the regional registrar or an appropriate designee shall collect all completed volunteer application forms.

2. Upon collection, the completed volunteer application forms shall be put in a large envelope and, if collected by an appropriate designee, promptly given to the CVPA and/or the regional registrar.

3. Completed volunteer application forms shall never be left unattended and should always be kept under lock and key.

4. Once the initial set of completed volunteer application forms have been collected and checked for completeness, the NSTC copies shall be mailed to the AYSO National Support & Training Center (NSTC), Attention: Certification Associate. Thereafter, completed volunteer application forms can be mailed to the NSTC on a weekly basis as they come into the region. It is recommended that all forms be sent to the NSTC through certified mail to ensure delivery.

5. As indicated in the AYSO Screening Protocols, the regional CVPA shall call the personal and professional references provided by the volunteer applicants and report to the CVPA office at the NSTC any irregularities discovered during that process.

6. The regional CVPA and regional registrar shall not discuss sensitive volunteer information among themselves or with others in the region.

7. Regional copies of completed volunteer application forms shall be accessible only to the regional CVPA and/or the regional registrar.

8. The NSTC shall notify the region if an applicant does not meet the suitability requirements to be an AYSO volunteer.

9. In the event confidential information other than the volunteer application form must be transmitted to the NSTC via FAX, such transmission is to be sent to the dedicated FAX machine located in the CVPA Department. The number is (310) 643-6395.

10. Completed volunteer application forms are to be kept for a period of seven years, unless otherwise directed by the NSTC, after which the forms are shredded or incinerated.

B. Mailing Process for CVPA

1. Regional CVPA mails the NSTC copies of the Volunteer Application form to AYSO (NSTC), c/o the CVPA Department. Those application forms that have “yes” checked in the disclaimer box must be flagged and segregated.

2. NSTC staff handling the confidential information must pass a criminal history background check and must sign a confidentiality agreement.

3. Completed volunteer application forms shall never be left unattended and should always be kept under double lock and key.

C. Electronic Process using eAYSO (new volunteer)

1. The volunteer logs in to eAYSO and completes the volunteer application form online. All required information must be provided (including social security number and a response to the disclosure statement). During submission and at all times thereafter, all such personal and private information is encrypted and obscured from view to all users except the regional CVPA or national CVPA staff.

2. The volunteer must print out two of the completed forms (three if he/she wishes to retain a copy) and sign and date each copy. When any electronic form is printed, the personal and private information will be obscured.

3. The volunteer must submit the completed and signed volunteer application forms to the regional CVPA and/or regional registrar and provide proof of identity (currently designated to be a state-issued driver’s license or state ID incorporating a photograph or a U.S. passport).

4. Following submission of the completed volunteer application forms, all regional and NSTC staff shall follow the process described in Paragraph I A, steps 5-10.

D. Pre-printed Forms for Returning Volunteers

1. At the request of the region, the NSTC will prepare a pre-printed volunteer form for each new season containing all the information previously provided by the volunteer, except for the personal and private information which shall be obscured on the form. The pre-printed forms shall be sent to the regional CVPA and/or regional registrar for completion by the volunteer.

2. The volunteer should review the pre-printed form to ensure that all the other information is correct, then complete the disclosure statement, sign and date the form. It is not necessary for the regional CVPA and/or regional registrar to secure proof of identity for a returning volunteer using a pre-printed form.

3. Following submission of the completed pre-printed volunteer application form, all regional and NSTC staff shall follow the process described in Paragraph I A, steps 5-10.

E. Electronic Process using eAYSO (returning volunteer)

1. The volunteer logs in to eAYSO using the member name and password previously determined.

2. The volunteer reviews the information contained in his/her record and makes any necessary changes online. All personal and private information is encrypted and obscured from view to all users except the regional CVPA or national CVPA staff.

3. The volunteer must complete the disclosure statement, print out two copies of the form (three if he/she wishes to retain a copy), and sign and date each copy. When printed by the volunteer, the personal and private information will be obscured.

4. The volunteer must submit the completed and signed volunteer application forms to the regional CVPA and/or regional registrar. It is not necessary for the regional CVPA and/or regional registrar to secure proof of identity for a returning volunteer using an online form.

5. Following submission of the completed pre-printed volunteer application forms, all regional and NSTC staff shall follow the process described in Paragraph I A, steps 5-10.

AYSO Volunteer Application Form Flow Chart

AYSO Volunteer Application Form Flow Chart

Security of Information

- All the staff members who have access to forms have passed criminal history background checks. - Volunteer forms accompanying Information forms are kept under lock and key and entered into the system. After they are entered, they are returned to the CVPA Department for background checks and filed under lock and key. Forms are kept for a minimum of seven years.

- Preprinted forms show only last four digits of the Social Security number and last four digits of the driver’s license. These forms are sent to regions via regular mail. Regional registrars/CVPA volunteers are to keep forms secure.

D. Use of Photographs

1. The use of photographs for Soccer Now:

The permission to use photographs of AYSO players and volunteers for Soccer Now and other AYSO publications is covered by authorization on the AYSO registration forms. Therefore, release forms are not required.

2. The use of photographs for sponsor programs:

Even though the registration form covers the use of photos of AYSO players and volunteers by sponsors or commercial entities, AYSO does not give player or volunteer photos to sponsors for commercial use unless authorized to do so by the individual (or parent in the case of a minor child). AYSO suggests that sponsors acquire the photos on their own and have release forms signed by the photo subject.

3. The use of photographs on the Web site:

If the photographs were taken at a game or practice that took place on public property, photographs may be used without consent. However, it is preferred that all pictures used on Web sites have “Talent Release Forms” signed by those pictured.

II. OPERATIONS

A. Registration - Registration Forms

The AYSO Registration Department is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with AYSO standards for integrity and objectivity.

B. Registration - Player Forms

1. At the end of the AYSO year, regional copies of the player forms are maintained for a period of seven years, after which they are disposed of, consistent with the established procedures and guidelines outlined herein.

2. Copies of completed player registration forms are forwarded to the NSTC, where they are archived as outlined herein. The physical copies of the player forms are disposed of, consistent with the established procedures and guidelines outlined herein.

3. During the playing season, coaches carry original, signed player forms. At the end of the Region’s year, these forms must be returned to the Regional Registrar and then sent to the NSTC to be stored, consistent with the established procedures.

C. Registration - Volunteer Forms

Evaluation of protection practices - An internal audit is performed annually.

D. Employee Access, Training and Expectations

1. We are committed to the protection of customer information. Business practices are in place that limit access to confidential information to key authorized personnel and limit use and disclosure of such information.

2. Employee Screening - Employees required to handle sensitive information are screened through an independent contractor.

E. Destruction Methods

All confidential documents at the NSTC are stored in a secure area for seven years, after which they are shredded or incinerated.

F. Records Retention

Player and volunteer forms: Forms are retained for seven years. This is a requirement of NSTC. Note: Volunteer forms held at the NSTC may not be destroyed, under any circumstances, until approved by the director of operations.

G. Nonfinancial Records - As needed.

H. Information Forms (IF)

IF forms are updated on the computer system through the Member Services Department. Registration may input information only on new members listed on the IF form. If the member has been a Board member previously, updating takes place in the Member Services Department.

I. Events Forms (Section Meetings and NAGM)

Events registration forms are sent to the Events Department, where the information is put into the system. The forms are then placed in a binder that will travel to the event via an events coordinator. The forms are used to verify registration. Forms are available at Section Meetings and are kept at the registration table to allow for quick checking. The forms are stored in the Events Department until December of each year, when they are shredded.

J. AYSO Supply Center

The AYSO Supply Center receives checks and credit card information. This information is kept in a double-lock file in the AYSO Supply Center for a period of five years. The AYSO bank does not have a holding requirement for credit card slips or a requirement for single- or double-lock security. Credit card slips are retained for five years. Every year, one year’s worth of credit card paperwork is to be destroyed via incineration or shredding.

K. Building Security

1. Alarm Codes: Alarm codes are given to staff based upon need and security level. The National Executive Director, Chief Operations Officer and the AYSO facilities manager have the highest level of authorization. Executive-level management is given the next level of authorization and is allowed access to all buildings with the exception of the MIS office, CVPA Department and other directors’ offices. Staff members have access to the building where they conduct business.

2. Telephone Codes: Upon hire, each employee is authorized to use a telephone code for making long-distance calls. This code includes the last four digits of the employee’s Social Security number for tracking of telephone billing charges. The employee is able to change his/her pass code to enter the voicemail system by going through the Administration Department.

3. Computer Code Authorization: There are two staff members who are authorized to access the main system network. The technical support administrator (TSA) and the MIS manager have the authority to check the individual staff accounts. The Executive Director and executive management may request permission to do a check or a file search. The request is made to the TSA or MIS manager. If a director requests information, the TSA or MIS manager will seek approval from the Executive Director prior to running the search if the search is to be conducted on confidential files or files of another employee. The management level must seek approval from the respective director prior to requesting a document or file search.

4. Computer Access: System wide access to the computing systems is limited to employees and contract firms, which are required to manage and monitor access and requests to access the data held in our computer systems. Should other staff members request access to and reports from the data, appropriate approval from executive management or the Executive Director must be obtained.

5. Leaving the Organization: When an employee leaves the organization, the employee in charge of security or the manager of that employee immediately removes the ability of the person to access the system. The same is done with the alarm codes and the telephone codes. Each department head signs off on any other equipment or systems via an employee exit checklist.

III. MIS DEPARTMENT

A. The MIS Department does not handle information gathered from children. It does, however, prepare databases for the Marketing Department upon request. The information prepared is then given to the Marketing Department, which in turn sends the disc to a bonded mailing house selected by the sponsor. A letter accompanies the disc with instructions stating that the disc is authorized for a “one-time use.” The disc is then returned to AYSO after it has been used for the purpose intended.

B. On occasion, the Marketing Department will request that labels be printed at the NSTC. The labels are then provided to the sponsor. The sponsor must adhere the labels to the mailing pieces at the NSTC or bring the mailing to the NSTC and the AYSO staff will place the labels on the mailing item.

C. AYSO has excellent software and hardware for firewalls and utilizes encryption/security software to safeguard the confidentiality of personal information. AYSO reviews the systems for security compliance with a contract MIS company and will perform an internal audit of the corporate practices and policies annually.

D. AYSO is committed to the protection of customer information. Our business practices limit access to confidential information and limit use and disclosure of such information to authorized personnel. Employees who handle confidential information are screened through an independent contractor.

E. Currently, there is no universal safety policy regarding the security of the computer hardware. AYSO has established that the “main” computer system will remain behind double-locked doors when MIS personnel are not present.

IV. ACCOUNTING

The Accounting Department handles all funds, including checks and credit cards. Once the accounts are credited, the documents are stored in locked containers. These documents are destroyed on a rotating basis, once every five years.

V. MARKETING

A. AYSO generates four final original copies of sponsorship agreements and sends them to the prospective sponsor for signature. The sponsor signs the agreement and returns all four copies for the AYSO National Executive Director to sign. Two originals are returned to the sponsor. AYSO places an original copy in the sponsor file and sends the other original copy to the Finance Department. A copy of the signed agreement is sent to Operations and to legal counsel. Additional copies are sent to the department that is involved in fulfilling the agreement points. Each department receiving a copy of the agreement must keep information regarding the agreement confidential. The sponsorship filing cabinet in the Marketing Department will be kept locked. Access to the filing cabinet is available to all marketing staff on a daily basis but will be kept locked each evening. The chief marketing officer and administration manager will have keys to the filing cabinet. Accounting will keep the agreements in a locked file.

B. The chief marketing officer will keep copies of the original agreements in a binder in his/her office, which shall be locked each evening.

C. All correspondence between legal counsel and the Marketing Department will be placed in a manila folder marked, “Attorney/Client Privilege.” This folder will be placed in the sponsor agreement file cabinet, which will be locked each evening.

D. All e-mail correspondence regarding a sponsor shall be placed in the sponsor’s file.

E. After the term of the sponsorship, all documents concerning the sponsor will be placed in archive for a period of three years.

VI. ADMINISTRATION

A. Administration Files

Regional, area and section files are kept in the Administration Building. These file cabinets are not locked because staff utilizes the information contained in the files on a daily basis. The information is saved for perpetuity, thus giving a running history of the region, area or section. These files contain the Information Form (IF), budget forms and correspondence. Information is sent from the Member Services Department to the administration office “incoming file” basket. The receptionist files the information in the filing cabinet. The building is locked and alarmed each evening. All visitors must enter through a locked front door and receive a guest pass before being escorted by a staff member to their destination on campus.

B. Mail

1. Mail is delivered to the administration office twice daily.

2. Mail is date-stamped and sorted by department and delivered as indicated.

3. Mail is then sorted by each department and given to recipient.

4. FedEx and Airborne parcels are delivered to the recipient immediately upon arrival.

C. Telephone Confidentiality

No personal information regarding staff or membership, including personal telephone numbers, addresses, e-mails, or work schedules, is given out over the telephone with the exception of region locator calls. In this case the Regional Commissioner’s phone number as listed in the Executive Member Directory (EMD) is given to the caller.

The Executive Director, chief operations officer, administration manager and directors are able to change voice-mail passwords from a dedicated computer.

D. Fax Confidentiality

Faxes are received electronically through the administration office receptionist. One receptionist is assigned the responsibility of disseminating the faxes hourly during the workday. Faxes are directed to the individual addressed on the fax. The following confidentiality statement is printed on all outgoing faxes:

AMERICAN YOUTH SOCCER ORGANIZATION

FAX CONFIDENTIALITY NOTICE

This transmission may be: (1) subject to the Attorney/Client Privilege, (2) an attorney work product or (3) strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this fax or facsimile is a violation of federal criminal law.

E. E-mail Confidentiality

a. The MIS Administrator initially generates user passwords when creating user profiles for new employees. The director of operations and the MIS administrator have access into the e-mail system. Staff members are shown how to change their passwords. For security purposes, the MIS administrator does not keep a record of passwords.

b. All e-mails shall be proofed and spell-checked before sending. It is imperative that prior to sending, e-mails are checked to ensure they are addressed to appropriate individuals. All external broadcast e-mails need to be approved by the department manager, respective Director and Executive Director prior to sending. All employee computers are to be set up for auto-spellcheck. The following confidentiality statement must be attached to all outgoing e-mails:

AMERICAN YOUTH SOCCER ORGANIZATION FAX CONFIDENTIALITY NOTICE

This transmission may be: (1) subject to the Attorney/Client Privilege, (2) an attorney work product,or (3) strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law.

VII. AYSO WEB SITE – www.soccer.org

The Web Site Guidelines Manual details the privacy policy for regions using a Web site. The following is the policy created for the NSTC Web site:

ONLINE PRIVACY POLICY
American Youth Soccer Organization
12501 South Isis, Hawthorne, CA 90250 USA

AYSO Privacy Principles >>

OVERVIEW OF POLICY

The American Youth Soccer Organization is very concerned about the privacy of our kids and members and this concern extends to our website. Our goal is to always protect the personal identity of all users who interact with our website, children and adults. This policy outlines how we collect and use the data collected. It also provides a current listing of all third parties AYSO is partnering with concerning online activities.

We strongly encourage parents or guardians to go online with their children and participate with them in their online activities. For guidelines on how to protect children's privacy online, please review the U.S. Federal Trade Commission's (FTC) How to Protect Kid's Privacy Online »

The Children's Online Privacy Protection Act (COPPA; effective date 21 April 2000) establishes mandated disclosures, parental notifications and options for all online activities where information is requested from a child under 13 years of age. Currently, the Act establishes that website producers who collect personally identifiable data from children under 13 years of age are required to obtain verifiable parental consent in advance unless the data collected is an e-mail address for a one-time request, such as a contest entry, electronic postcard, etc.

This policy covers the following topics pertaining to AYSO's online interactivity with visitors:

DEFINITIONS

Personally Identifiable Data: Refers to any information which could be readily associated with the individual to whom it pertains, e.g. addresses, phone numbers, e-mail addresses, etc. Personally identifiable information, under this definition, does not include information that is collected solely in the aggregate (such as IP Addresses, browser versions, etc.) nor does it include information that an individual publicly releases or intends for public dissemination. Domain names, for instance, are not included as personally identifiable information; however e-mail addresses are. This definition also includes other types of information that are related to the person specifically, such as hobbies, interests, etc.

Aggregate Data: Refers to any data that is not personally identifiable. This data would include IP addresses, browser versions, etc. as well as quantifying data such as total number of entrants, age group dispersement, etc.

Publicly Available: Refers to information maintained as a public record, or that an individual publicly releases, intends for public dissemination, or should reasonably understand should become public.

Verifiable Parental Consent: Refers to substantiated assent from a child's parent or guardian for the child's data to be accepted by AYSO for the specific reasons for which it is collected. The veracity of the confirmation must be from reliable sources and may include postal mail, facsimile, e-mail with digital signature, etc.

Third Parties: Refers to a person, group, organization, company or authorized agent (or more than one of these) whom AYSO deems should receive data obtained via the website for marketing or other purposes.

PRIVACY POLICY STATEMENT

When data is collected from children under 18 years of age, AYSO will require at minimum the e-mail address of the parent or guardian for that child. At minimum, an e-mail will be sent to the parent or guardian announcing to them that their child has supplied AYSO with personally identifiable data, what that data is, and will point them to this section of the website for further details.

Exception to this policy: A one-time use of the data for such events as contests, e-postcards, etc., however, the exception will cover only the requirement of parent or guardian e-mail addresses prior to inclusion in the event. (Example: A child enters a contest to win a soccer ball and is asked for a first name; age; and an e-mail contact address. If the child is chosen as a winner, verifiable parent or guardian consent will be required before the physical address is obtained and the premium is sent to the child.)

THIRD PARTY SHARING

Up to 18 years of age

Our organizational policy is to NEVER supply any third party with any personally identifiable information when that data is associated with children up to the age of 18. When warranted, we may supply third parties with aggregate data collected. All third parties with whom AYSO partners for website-related events will be listed below in Current Web Marketing Partners and Details.

18 years of age and older

AYSO may provide personally identifiable information to third parties collected from those 18 years of age and older. Any data sharing will be announced at the collection point on the website with all details in the section Current Web Marketing Partners and Details.

PARENTAL CONSENT & OPTIONS

At any time, a parent or guardian may request a Parental Consent Verification form in order to receive any information AYSO has obtained concerning their child via the national website. Upon completion and return of this form, you may receive all personally identifiable information AYSO has obtained concerning your child through online means from the national website, if such exists. This form will ask for information from you that will identify you as the parent or guardian of the child. You may request the Parental Consent Verification form by mail only. Send your request to: 12501 South Isis Avenue, Hawthorne, California 90250.

Please be aware that all the types of information that are collected for an event will be itemized in the section Current Web Marketing Partners and Details.

Your options as a parent or guardian in reference to collection of your child's personally identifiable information are as follows:

• You may refuse consent or revoke any previous consent
• Refuse any further collection of data from your child
• Ask for deletion of your child's data either totally or in part

Any alterations to or deletions of the personally identifiable information AYSO has obtained concerning your child via the national website must be accompanied by a Parental Consent Verification form (see details at the beginning of this section). AYSO, may, if it deems necessary, terminate any service provided to the child if the information at issue is reasonably necessary for the child to participate in the event.

(Example: if you request deletion of the child's address, but that information is necessary for delivery of a prize or newsletter, etc., then AYSO may refuse to allow the child to participate in that activity, however, other activities that do not require this information would remain available to the child)

"Duration of Event:"

"Event:" WHAT AYSO IS DOING FOR PARTNER AND/OR AS AN ORGANIZATION

"PII:" DETAILS OF ALL PERSONALLY IDENTIFIABLE INFORMATION AYSO IS OBTAINING IN EVENT

"Other Information Requested:" WHAT OTHER INFORMATION THAT IS NOT PII ARE WE ASKING FOR THE VIEWER TO SEND TO US

USE OF IP ADDRESSES

Used for internal website purposes only.

USE OF COOKIES

AYSO currently does not use cookies.

LINKS TO NON-AYSO SITES

AYSO supplies links to other websites outside of its control for the information and entertainment of viewers to its site. Although every effort is made to offer only websites that meet our organizational mandates concerning children and uphold our organizational ethical precepts, we in no way, either implied or explicit, endorse or control the content of external sites or any offered links from these external sites. By using this website, you agree to the Terms Of Use policy herein.

FORMS SECURITY

Currently, all online forms are sent via an e-mail server-side mailto script offering no security. Only information that would be reasonably sent via e-mail is asked for via any form on the site currently. Information such as credit card numbers, etc. will not be requested via any online form on the site until secure means of transmission are obtained.

YOUR ACCEPTANCE OF TERMS

By using this site and the forms contained herein, you are agreeing to the terms of this policy and of the Terms Of Use policy of this website.