Contact Us CCC@ccclegacy.org 540-984-8735
Edinburg, VA  ·  Est. 1933

Privacy Policy

Corporate policy #0003-1 · Effective February 23, 2026

1. Purpose

CCC Legacy, Inc., a 501(c)(3) non-profit corporation (hereinafter referred to as "the Organization"), is committed to protecting the privacy and personal information of our members, volunteers, and supporters. This policy outlines how we collect, use, store, and protect member data, and how members may choose to share their own information on our website or other public platforms we manage.

This policy applies to all personal information collected through our website, events, communications, or other interactions with members.

2. Information We Collect

We may collect the following types of information:

  • Contact information — name, email address, phone number, and mailing address.
  • Membership information — date of joining and participation history.
  • Photos, bios, and other content that members choose to submit for publication.
  • Account credentials — if you create an online account, your password is stored as a salted hash, never in plain text.
  • Payment information — handled and stored exclusively by our payment processor. We receive a customer reference and a record of the transaction but do not see or store full card numbers.
  • Contact form submissions — if you reach out through a contact form on the site, the information you submit (typically name, email address, and your message) is transmitted to us via a third-party form service.
  • Communication preferences — whether you have opted in to newsletters and general email communications.

We do not collect sensitive personal information such as Social Security numbers, financial account details, or medical records. We do not use tracking cookies, advertising pixels, or behavioral analytics on this site.

3. Use of Information

We use personal information solely to:

  • Administer member communications and services
  • Organize events and volunteer opportunities
  • Manage internal operations and recordkeeping
  • Respond to inquiries and feedback
  • Publish member-submitted content (only with consent)
  • Send membership-related communications (receipts, renewal notices, journal mailings, account verification)
  • Send newsletters and organizational updates, if you have opted in
  • Maintain accurate member and donor records for our 501(c)(3) operations
  • Comply with legal, tax, and regulatory obligations

4. Member-Shared Content

Members may choose to share their own personal information (name, bio, photos, contact info, stories) on the Organization's Facebook page or in newsletters managed by the Organization.

  • All publication is voluntary.
  • Members must provide written or electronic consent before their information is published.
  • Members may edit or revoke shared content at any time by contacting us at ccc@ccclegacy.org.

5. Data Security and Access

We use reasonable physical, technical, and administrative measures to protect member data from unauthorized access, disclosure, or misuse. Member accounts are protected by salted-hash password storage and session-based authentication. Data in transit is encrypted via HTTPS. Payment data is handled exclusively by our PCI-DSS compliant payment processor and never stored on our servers. No system is perfectly secure; we will notify affected individuals if we become aware of a breach affecting their personal information.

Access to member data is limited to:

  • Organization staff or volunteers for a proper corporate purpose as determined by the Board of Directors.
  • Authorized service providers under confidentiality agreements (if any).
  • The full membership list in its entirety shall be the property of the Organization, with access granted to authorized Board members only.

Membership Record (Membership List)

  • The official Membership Record of this organization shall consist of member names and physical addresses only.
  • Members of CCCL in good standing who have been members for more than six (6) months have the legal right to request to inspect and copy the official membership record of this organization if they have a specific and proper purpose for doing so. This list will be available in hard copy only and will not be available for electronic transmission. Any request to inspect or copy this list must be submitted in writing to the Board of Directors for consideration and must clearly state a specific purpose related to their membership interests in this organization. Any costs related to this request, such as copying and postage, will be the responsibility of the person making the request.

6. Disclosure of Information

We do not sell, trade, or rent member information to third parties. We may disclose information:

  • When legally required (court order, state audit)
  • To protect the rights or safety of our members or the Organization
  • With explicit consent from the member
  • In connection with a merger, reorganization, or asset transfer (subject to the same privacy commitments)

Third-Party Service Providers

To operate the site and our membership program, we rely on the following categories of service providers. Each acts as a processor on our behalf under written agreements and is bound by its own privacy and security commitments.

  • Payment processor (Stripe) — processes membership subscriptions and donations. Stripe is PCI-DSS compliant and handles all card data directly. See Stripe's privacy policy.
  • Contact form service (Web3Forms) — delivers submissions from contact forms on the site to our inbox. Submissions pass through Web3Forms' servers before reaching us.
  • Content management (Sanity) — stores the editorial content of the site (history pages, camp records, etc.). Sanity does not store member accounts or payment data.
  • Email service provider — a third-party transactional email provider sends account verification emails, receipts, and renewal notices on our behalf.
  • Cloud infrastructure provider — member accounts and site data are hosted on secured servers operated by a cloud infrastructure provider located in the United States.

7. Data Retention

We retain membership and donation records as long as your account is active and for a reasonable period afterward to meet tax, legal, and accounting obligations (as a 501(c)(3), we typically retain donation records for at least seven years). You may request deletion of your personal data at any time, subject to these obligations.

8. Member Rights

Members have the right to:

  • Request a copy of their personal data that we maintain
  • Correct or update their information
  • Request deletion of their data (unless retention is required for legal or operational purposes)
  • Revoke consent for future publication
  • Unsubscribe from marketing emails at any time via your account profile or by contacting us directly; we will still send essential account and transactional messages (receipts, renewals, security notices) as long as your membership is active.

Requests should be submitted in writing to:

CCC Legacy, Inc.
P.O. Box 341
Edinburg, VA 22824

9. Minor Children's Privacy

Our website and services are not directed toward children under 18 years of age. We do not knowingly collect personal information from minors without parental consent. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it.

10. Policy Updates

We may update this policy to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with a new effective date. Material changes affecting how we handle your data will be communicated to active members by email.

11. Contact Us

If you have questions about this policy or how your information is handled, contact:

CCC Legacy, Inc.
P.O. Box 341
Edinburg, VA 22824
ccc@ccclegacy.org
540-984-8735