Last Updated: January 1st, 2020
Effective: January 1st, 2020
Who We Are
The Celestial Atlantis Treaty Organization, or CATO, as well as the Kepner Foundation. We are the data controllers for all CATO Directorates: Consortium of the Infinity Star, NortheBridge, Assembly of Concorde, and Scientific and Advanced Research Laboratories. Our web address is https://northebridge.com/. Our primary mailing address is:
Celestial Atlantis Treaty Organization (CATO)
c/o Privacy & Trust Division
445 S. Figueroa St.,
Los Angeles, California 90071
United States of America
How do you handle my personal data
As Data Controller
The Celestial Atlantis Treaty Organization is the primary data controller of all personal data collected through CATO affiliated sites and web apps. As data controller, CATO determines how to use your personal data including how that data is read and transacted by and between the various CATO Directorates as well as any third-parties.
As Data Processor
The Celestial Atlantis Treaty Organization is the primary data processor for all data collected through CATO sites and apps. As data processor, in addition to any privacy controls we may offer you, we maintain custody of your personal data and only making it known with the minimum amount required for the transacting of the data for a particular purpose. We only provide enough data to any third parties for the operations of sites, apps, and services as you would expect them. We do not sell your personal data to third parties. For the ease of use and security of all sites, apps, and services, CATO makes available in full without any redactions, your personal data to its Directorates only. Different privacy policies may apply to your personal data after being used on a Directorates’ site, app, or service even though CATO remains the data controller. In the event of a conflict of privacy policies regarding personal data, the policy containing more data collection is supersedes the policy with less data collection unless otherwise noted in the conflicting policy.
What personal data we collect and why we collect it
Membership Account Data
When you register for a OneWorld Passport which is required for the use of certain portions of our sites as well as our apps and services, we ask your for personal details including name, location and the permission to use your GPS location while using our site, apps, and services, age, gender, and OAuth 2 compatible social network handles from Twitter and Facebook. We consider all of this to be personal information. At this time, the only information controls afforded to OneWorld Passport are the ability to modify GPS location permissions and modify connectivity between OAuth 2 compatible services.
The Celestial Atlantis Treaty Organization’s sites, services, and apps use “telemetry” to acquire general detailed and behavioral information regarding users of the sites, services, and apps for improving user experience and analytical purposes including any resulting reasons thereof. Data telemetry is provided in the form of a globally unique “Session Beacon” generated by calculating relational data generated by Google Marketing Analytics, Microsoft Bing Webmaster Analytics, and Matomo Analytics to form a globally unique “Session User Identifier” to associate an activity in our sites, apps, and services with you.
Embedded content from other websites
Certain parts of our web apps, sites, and services may use “embedded content” from third parties. Embedded Content works the same way as if you visited the website from which the content is coming from. We do not maintain or otherwise control how data collected by embedded websites are used for any purposes including but not limited to marketing and analytics.
We limit the access and ability of embedded content strictly to the functionality it is intended for but we cannot guarantee the fitness for a particular privacy purpose of the embedded content.
Who we share your data with
The Celestial Atlantis Treaty Organization shares your data between its Directorates as well as any required third party to transact the functionality of web apps, sites, and services. CATO may also share high level data regarding analytics collected with third party partners for the purposes of catalyzing the data or for universal analytical tracking.
How long we retain your data
If you use any of the social features, the social feature and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up social feature usage automatically. You may partially control this functionality by limiting how much access our sites, apps, and services have to specific functions of our social features.
When you sign up for Membership, CATO requires personally identifiable information to create a OneWorld Passport. If you do not retain your OneWorld Passport, the data retention of your inactive OneWorld Passport is twenty-five years.
What rights you have over your data
If you have a OneWorld Passport, you can request to receive an exported file of the data we hold about you, including any data you have provided to us. You can also request that we erase personal data we hold about you. This does not include any data we are obligated to keep for administrative, legal, or security purposes.
Where we send your data
Although we limit the use of personal data as much as possible to organizations outside of the Celestial Atlantis Treaty Organization, transacting certain features and services requires the sharing of particular data. Information collected during OneWorld Passport registration may be analyzed by Cloud Security AI for fraud protection purposes. If you purchase something from us, including memberships, we forward only the necessary information to the payment processors we use such as PayPal, Square, Skrill, Stripe, and Chase Pay. We will receive associated data back from the payment processors related to what we forwarded. By using our sites, apps, and services we will automatically send analytical data to the Matomo Cloud for market and behavioral analysis. When you register for one of our newsletters, we will share certain information with Mailchimp and this information will also be sent to the Matomo Cloud.
How we protect your data
Our sites, apps, and services undergo compliance certifications for the transfer of particular types of data. We also implement Advanced Cloud Security AI to protect your data.
What data breach procedures we have in place
Our sites, apps, and services are monitored by the CATO Network Authority Global Operations Center SecOps. In the event of a data breach, we will perform the SecOps Breach Recovery Procedure and perform a full audit on the affected sites, apps, or services.
Regulatory Disclosure Requirements
Your data is stored by us in the United States. We do not provide access to your data for purposes other than outlined within this policy unless presented with a court order properly filed and executed within the jurisdiction of the State of California. If some of your data is stored in the European Union such as a service, we will only present your data residing in the European Union by court order to a recognized law enforcement agency in the European Union. Unless we expressly allow it, law enforcement agencies are required to obtain a court order from a recognized court jurisdiction in the State of California and the European Union in order to obtain your global data.