Contact us

Privacy policy

Commitment to Trust, Transparency, and Protecting Your Information

1. Introduction and Scope of this Policy

The Fairfax Arts Coalition for Education (FACE) is deeply committed to protecting the privacy and security of the personal information entrusted to us by our students, parents, educators, volunteers, donors, and website visitors. We understand that in our mission to foster creativity and collaboration through the arts, maintaining your trust is paramount. This comprehensive Privacy Policy outlines the specific methods by which we collect, use, share, and protect information gathered through our website (info@fface.lat), program enrollment processes, community events, and administrative functions. As a non-profit educational organization operating in Fairfax, Virginia, we adhere not only to federal and state laws governing data privacy but also strive to meet the highest global standards for transparency and user control. By engaging with FACE’s services, whether through accessing our website, enrolling a child in a residency program, or making a donation, you are acknowledging your understanding of the practices described in this document.

1.1 Key Definitions within this Document

To ensure complete clarity and understanding of this policy, we define several key terms as they relate to the operations of the Fairfax Arts Coalition for Education:

  • “Service” or “Services”: Refers collectively to all programs, educational workshops, artist residencies, community outreach events, website functions, and administrative support provided by FACE.
  • “Personal Data” or “Information”: Refers to any data about a natural person who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. This includes, but is not limited to, contact details, academic records, and specific program participation history.
  • “User”: Any individual engaging with our Services, including parents, guardians, students, volunteers, donors, and general website visitors.
  • “Child” or “Children”: Any individual under the age of 13, for whom specific, enhanced privacy protections apply, as detailed in Section 5.

1.2 Policy Review and Effective Date

This policy is subject to periodic review and amendment to reflect changes in our data processing activities, technological advancements, or evolving legal and regulatory environments. This version is effective as of November 7, 2025. We encourage Users to review this policy periodically, and we will notify all registered users and stakeholders of any significant material changes that may affect how your Personal Data is handled or your rights regarding that data. Our commitment to privacy is ongoing, reflecting the dynamic nature of both the educational and digital spheres in which we operate.

2. Categories of Personal Data We Collect and Sources

The information collected by FACE is necessary to administer our educational programs, manage our non-profit operations, and communicate effectively with our community. The precise categories of data collected depend entirely on your interaction with us (e.g., whether you are a donor versus a volunteer).

2.1 Information You Voluntarily Provide to Us

This category encompasses data directly supplied by Users through registration forms, applications, surveys, physical documents, email correspondence, or donation submission forms. The depth of data collected is directly proportional to the complexity of the service requested.

  • Contact and Identification Data: This includes the full legal names of parents/guardians and students, mailing addresses (for official correspondence, tax receipts, and program material distribution), primary email addresses (for essential communications like program start times and safety alerts), and primary phone numbers. This data is fundamental for managing enrollment and ensuring the physical security and well-being of students during a residency.
  • Program and Student Data: Required for enrollment in all educational programs. This data often includes student age and date of birth (essential for age-appropriate grouping and compliance with child protection laws), current school affiliation and grade level (to align our integrated curriculum with academic standards), previous artistic experience (for placement purposes), and emergency contact information (names, relationships, and phone numbers of at least two designated non-parent contacts). We also collect data related to special needs or accommodations (e.g., allergies, accessibility requirements) to ensure a safe and inclusive learning environment, treated with the highest degree of confidentiality.
  • Financial and Transaction Data: Collected when a User makes a tax-deductible contribution, pays program tuition for community workshops, or purchases tickets to a showcase event. This includes credit card details (processed securely via PCI-compliant third-party payment processors and never stored by FACE directly), billing address, and donation amount. For donors, we retain records of the date, amount, and purpose of the donation for seven years to comply with federal tax and auditing regulations.
  • Employment and Volunteer Data: Collected from individuals applying to join our team (Teaching Artists, staff) or volunteer their time. This includes professional resumes, educational history, letters of recommendation, and state-mandated background check results. For volunteers, we collect scheduling availability and preferred areas of service (e.g., event support, administrative aid) to optimize their placement and maximize their contribution to our mission.

2.2 Automatically Collected Data via Technology

When you interact with our website or digital communications, certain information is automatically gathered to help us understand site performance, user engagement, and potential security issues.

  • Technical Data: This includes Internet Protocol (IP) addresses, which may indicate your general geographic location, browser type and version, operating system, and device type (e.g., mobile, desktop). This information is utilized for debugging, optimizing the site’s display across various devices, and protecting against malicious cyber activity.
  • Usage Data: Details about your interaction with our site, such as the pages viewed, the date and time of your visit, the duration of time spent on specific pages, and the referring website that directed you to FACE. We use this data, aggregated and anonymized, to analyze which content is most engaging for our community (e.g., the Our Work section versus the Volunteer page) and to make necessary improvements to the site’s navigation and content strategy.
  • Cookies and Tracking Technologies: We utilize cookies (small text files stored on your device) and similar tracking technologies (like web beacons or pixels) for both functional purposes (e.g., remembering login preferences, form field data persistence) and analytical purposes (e.g., counting site visits). Users have the right to manage cookie preferences through their browser settings, though disabling essential cookies may impact the full functionality of the FACE website, such as form submission capabilities or event registration tracking.

3. The Purpose and Legal Basis for Using Your Personal Data

The Fairfax Arts Coalition for Education processes your Personal Data only when we have a legitimate and necessary purpose, and a valid legal basis, to do so. Our uses fall into the following core categories, each directly tied to the fulfillment of our educational mission.

3.1 Program Administration and Service Delivery

The most vital use of your Personal Data is the direct administration and delivery of our educational programs. We use student and parent contact information to enroll students in appropriate classes, assign them to specific teaching artists, coordinate with partner schools, and communicate essential logistical details, such as class postponements or supply requirements. Program data is used to design and tailor curriculum to the age and developmental level of the participants, ensuring the arts integration modules are effective and engaging. Emergency contact information is strictly reserved for the immediate and urgent purpose of ensuring student safety during program hours, in case of illness, injury, or unforeseen early dismissal, fulfilling our duty of care to all enrolled children.

3.2 Communication, Outreach, and Marketing

We use your Contact Data to maintain a relationship with our community. This includes sending program newsletters, sharing news about student achievements and upcoming showcases, and providing information about new initiatives that may be of interest to you or your child. For our development and outreach goals, we may segment our contact lists to send targeted information—for instance, sending volunteer opportunities only to those who have previously expressed interest, or sharing grant updates with organizations that have sponsored us in the past. Users always have the right to opt-out of non-essential marketing or outreach communications at any time via a clearly marked unsubscribe link within the email, though essential transactional messages (like program changes or safety alerts) will continue to be sent.

3.3 Development, Fundraising, and Fiscal Accountability

As a non-profit organization, FACE relies on the generosity of our community. We use Donor Data to process and acknowledge financial contributions, issue required tax receipts (retained for audit purposes), and analyze overall fundraising success to inform future resource allocation. We may occasionally use aggregated demographic data (e.g., general geographic location of donors) to identify trends and better focus our development efforts on areas most supportive of our mission, but we never sell or rent donor lists. For our fiscal integrity, all financial data processing strictly adheres to local and federal non-profit transparency standards, ensuring accountability for every dollar received and spent in support of arts education.

3.4 Operational Improvement and Website Analytics

Technical and Usage Data are crucial for the continuous improvement of our digital services. This data allows our technical team to diagnose and repair errors on the website, test new features before deployment, and ensure the online registration process is intuitive and functional. By analyzing site traffic patterns and user behavior (e.g., which buttons are clicked most frequently), we can make data-driven decisions about content placement and site design, enhancing the user experience for everyone seeking information about FACE. This analytical processing is typically performed using anonymized or pseudonymized data wherever possible, minimizing any direct link back to individual users while maximizing the utility of the collected information for our operational goals.

3.5 Legal Compliance, Auditing, and Safety

In certain circumstances, we are legally required to use or retain Personal Data. This includes maintaining detailed records of financial transactions for mandated tax reporting and financial auditing; complying with subpoenas, court orders, or governmental requests for information when legally compelled; and using professional application data (like background checks) to ensure the physical safety and security of the children in our care, strictly adhering to child protection laws. This legal basis for processing is non-negotiable and supersedes any marketing or outreach preferences.

4. How and When We Share Your Personal Data with Third Parties

The Fairfax Arts Coalition for Education maintains a policy of minimum necessary data sharing. We do not sell or rent Personal Data for third-party marketing purposes. We share your information only when absolutely necessary to administer our Services, process transactions, or meet legal obligations.

4.1 Service Providers and Operational Partners

We engage various trusted external companies and individuals (Service Providers) to perform certain functions essential to running our non-profit, and these providers are only granted access to the specific data necessary to carry out their assigned tasks.

  • Payment Processors: When you donate or pay tuition, Financial Data is shared securely with third-party, PCI DSS compliant payment gateways (such as Stripe or PayPal) to complete the transaction. FACE never stores full credit card numbers on our servers.
  • Cloud Hosting and IT Support: We use external services (like cloud providers and database administrators) for securely hosting our website, databases, and administrative software. These providers only access data under strict contractual agreements that mandate confidentiality, rigorous security protocols (e.g., encryption), and use of the data only for providing the contracted hosting or support services.
  • Email Communication Tools: We utilize third-party platforms (like Mailchimp or Constant Contact) to manage and send our bulk email communications, including newsletters and event announcements. Your Contact Data (name and email) is shared with these platforms solely for the purpose of executing the electronic communications you have subscribed to.

4.2 Partner Schools and Educational Institutions

A critical component of the FACE mission involves embedding Teaching Artists into Fairfax County Public Schools (FCPS) and other educational institutions. For in-school residencies, we may share essential, program-specific student data with authorized school administrators and the classroom teacher. This data is limited to information necessary for program coordination and safety, such as student names, class lists, ages (for grouping), and any disclosed medical conditions or accommodations. This sharing is always performed under a mutual understanding of confidentiality and a need-to-know basis, ensuring the seamless integration of our curriculum while protecting student privacy within the educational environment.

4.3 Legal, Safety, and Business Transfers

We may disclose Personal Data if required to do so by law, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, regulatory mandate, or valid subpoena; (b) protect and defend the rights or property of the Fairfax Arts Coalition for Education, including enforcement of our terms and agreements; (c) protect the personal safety of Users of the Service or the public, especially in cases involving suspected child endangerment or harm; or (d) in connection with a merger, acquisition, or sale of all or a portion of our assets, where Personal Data would be among the assets transferred, in which case the acquiring entity would be bound by this Privacy Policy or an equally protective one.

5. Children’s Privacy (Adherence to COPPA)

Protecting the privacy of Children under the age of 13 is not just a legal requirement but a fundamental ethical commitment for the Fairfax Arts Coalition for Education, which operates educational programs directly serving this age group. Our practices strictly adhere to the Children’s Online Privacy Protection Act (COPPA), as enforced by the U.S. Federal Trade Commission.

5.1 Verifiable Parental Consent for Data Collection

We do not knowingly collect Personal Data online from children under 13 without first obtaining verifiable parental consent. This consent is secured through our rigorous enrollment process, where a parent or legal guardian must attest to their relationship with the child and explicitly consent to the collection and use of the child’s Personal Data (name, age, school, photo consent, etc.) strictly for the purposes of program participation and safety. The methods used to obtain this verifiable consent include, but may not be limited to, signed physical enrollment forms, secure electronic signature portals linked to known parent accounts, or other authentication methods that provide reasonable assurance of the parent’s identity.

5.2 Limited Collection and Use of Child Data

The Personal Data we collect from children is strictly limited to information necessary for the child’s participation in the educational program and ensuring their safety. This includes the child’s name, age, and any required medical or emergency contact details. This data is never used for targeted advertising, sold to third parties, or shared with external organizations for marketing purposes. Furthermore, we do not require a child to disclose more information than is reasonably necessary to participate in any activity. For example, a child may participate in an artistic activity without disclosing their favorite color, but their name is required for attendance tracking.

5.3 Parental Rights Regarding Child’s Information

Parents or legal guardians whose children participate in FACE programs have absolute control over their child’s Personal Data. At any time, a parent can:

  1. Review the Personal Data we have collected from their child.
  2. Direct us to delete the child’s Personal Data from our records (subject to retention for legal purposes, such as tax receipts).
  3. Refuse to allow further collection or use of their child’s information, even if they have previously consented (which may, however, terminate the child’s participation in the specific program requiring that data). To exercise these rights, the parent or guardian must submit a request in writing, clearly identifying themselves and the child, to the Contact Information provided in Section 9. We will take reasonable steps to verify the identity of the person making the request as the child’s parent or legal guardian before fulfilling the request.

6. Data Security, Retention, and Integrity

6.1 Our Commitment to Security Measures

The Fairfax Arts Coalition for Education employs a comprehensive range of technical, administrative, and physical security measures designed to protect your Personal Data against unauthorized access, disclosure, alteration, or destruction. We utilize industry-standard practices, including:

  • Data Encryption: Sensitive data transmitted online (such as financial information during payment) is protected using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption protocols. Administrative databases containing Personal Data are secured using encryption both in transit and at rest.
  • Access Control: Access to Personal Data is strictly limited to the specific employees, Teaching Artists, and Service Providers who require the information to perform their duties. This access is managed through role-based permissions, strong authentication methods, and regular reviews to ensure no unauthorized individuals can view sensitive data.
  • Physical Security: Physical copies of sensitive Personal Data (e.g., printed enrollment forms) are stored in locked cabinets within restricted-access areas at our administrative office.

6.2 Data Retention Policy

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. The specific retention period varies depending on the type of data and the purpose of its collection:

  • Program Participation Records: Student enrollment and attendance records are typically retained for a maximum of three academic years following the completion of the program to allow for longitudinal impact analysis and reference for future program placement. After this period, data is either securely deleted or heavily anonymized for statistical use.
  • Donor/Financial Records: Financial transaction details, including donor identity and contribution amount, are retained for a minimum of seven years to meet U.S. tax and regulatory auditing standards.
  • Volunteer and Staff Application Data: Data from unsuccessful applicants is typically retained for one year to address any future openings or legal challenges, and then securely destroyed.

6.3 Incident Response and Notification

In the unlikely event of a data breach or security incident involving the unauthorized access or disclosure of unencrypted Personal Data, the Fairfax Arts Coalition for Education has an established protocol for immediate response. We will take rapid steps to contain the breach, investigate the cause, and restore system integrity. Furthermore, we are committed to promptly notifying affected Users, partners, and, where required, regulatory bodies in accordance with applicable state and federal laws regarding data breach notification, providing clear information on the nature of the breach and steps being taken to mitigate harm.

7. Your Data Protection Rights and Choices

Depending on your location and jurisdiction (particularly residents of Virginia, California, and certain international locales), you may possess specific rights regarding the control and use of your Personal Data by FACE. We are committed to facilitating the exercise of these rights whenever legally applicable.

7.1 Right to Access and Data Portability

You have the right to request confirmation as to whether FACE is processing your Personal Data, and if so, to request access to that data. You also have the right to receive a copy of your Personal Data in a structured, commonly used, and machine-readable format (Data Portability), allowing you to transmit that data to another organization without hindrance.

7.2 Right to Rectification (Correction) and Deletion

You have the right to request the correction of inaccurate or incomplete Personal Data we hold about you (or your child, if you are the parent/guardian). You also have the right to request the deletion of your Personal Data (often called the “Right to Be Forgotten”). Please note that deletion requests are subject to legal exceptions, such as our need to retain financial records for mandated audit periods (see Section 6.2). We will inform you if we cannot fulfill your deletion request due to legal or operational necessity.

7.3 Right to Opt-Out of Certain Processing (e.g., Marketing)

You have the right to opt-out of receiving marketing and fundraising communications from FACE at any time. All electronic marketing communications contain a clear and functional unsubscribe link which, upon clicking, will immediately remove you from all non-essential mailing lists. You also have the right to object to the processing of your Personal Data for certain specific purposes, such as automated data analytics or website tracking that falls outside of essential site functionality.

7.4 Exercising Your Rights

To exercise any of the rights described in this Section, you must submit a verifiable request in writing to the contact information provided in Section 9. Your request must:

  1. Provide sufficient information to allow us to reasonably verify that you are the person about whom we collected Personal Data (or the parent/guardian of the child).
  2. Describe your request with sufficient detail to allow us to understand, evaluate, and respond to it appropriately (e.g., “I wish to delete all enrollment records for student Jane Doe.”). We will respond to all verifiable requests within the legally required timeframe (typically 30-45 days), confirming receipt of your request and detailing the steps taken to address your request, including any legally permissible reasons for denying or limiting the scope of your request.

8. International Data Transfers and Jurisdictional Context

8.1 Data Storage and Processing Location

The Fairfax Arts Coalition for Education is an organization based in the United States, operating out of Fairfax, Virginia. All Personal Data collected through our Services is primarily stored and processed within the United States, utilizing secure cloud infrastructure hosted by U.S.-based providers. By accessing our Service, you acknowledge that your information will be transferred to and maintained on computers located within the United States, where data protection laws may differ from those in your jurisdiction of residence.

8.2 Compliance for Global Users (GDPR and Others)

While FACE does not actively market its services to residents outside of the United States, our website is globally accessible. For Users interacting with our Service from the European Economic Area (EEA), the United Kingdom, or other regions with advanced data protection laws (such as GDPR), we acknowledge that the transfer of your Personal Data to the U.S. constitutes a cross-border transfer. We ensure that such transfers are conducted using appropriate safeguards, such as standard contractual clauses approved by the European Commission, to ensure a high level of protection remains afforded to your data even after transfer to the U.S. jurisdiction, treating all such data with the heightened protections outlined in this policy.

9. Changes to this Privacy Policy and Contact Information

9.1 Updates and Revisions

The Fairfax Arts Coalition for Education reserves the right to update or modify this Privacy Policy at any time and without prior notice. However, we are committed to notifying our community of any material changes—defined as changes that substantively alter the way we process your Personal Data or diminish your existing rights—by posting a prominent notice on our website or sending a direct email notification to all registered Users. The date of the last revision will always be displayed at the beginning of this document, and your continued use of the Service after any modification indicates your acceptance of the new terms.

9.2 Contacting the Fairfax Arts Coalition for Education

If you have any questions, concerns, or complaints regarding this Privacy Policy, our data practices, or if you wish to exercise any of your data protection rights, please contact our administrative team using the following methods. We encourage written correspondence (email or mail) to ensure a documented record of your inquiry:

Primary Email for Privacy Inquiries and Data Rights Requests: info@fface.lat

Official Mailing Address: Fairfax Arts Coalition for Education (FACE) ATTN: Privacy Officer 4139 FOUNTAINSIDE LANE NUMBER 101 FAIRFAX, VA 22030

We are committed to resolving any concerns you may have regarding your privacy in a prompt, fair, and transparent manner. If you feel that your rights have been violated, you also retain the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.