Children's Privacy Policy

1. Scope

This Children's Privacy Policy ("Policy") supplements the Embassy Row Project's general Privacy Policy and specifically addresses the collection, use, and protection of personal information from children under the age of thirteen (13) in the United States and under the age of sixteen (16) in the European Economic Area (collectively, "Children" or "Minors"). This Policy applies to all websites, platforms, and programs operated by the Embassy Row Project ("the Organization"), including but not limited to the Emancip8 Project, Art of the Hak, and all field programs involving youth participants in the Philippines, Cambodia, and other countries.

2. Age Restrictions

The Organization's websites and online platforms are not directed at Children and are not intended for use by Children without parental or guardian supervision. The Organization does not knowingly collect personal information from Children through its websites without verifiable parental consent. Youth programs operated by the Organization (such as the Emancip8 Project and Art of the Hak) involve in-person interactions with Minors and are subject to the specific protections outlined in this Policy.

3. Information Collected from Minors

In the context of the Organization's youth programs, the following categories of information may be collected from or about Minors, solely with verifiable parental or guardian consent:

• Identification Information: Name, date of birth, and gender, as required for program enrollment and safety protocols.
• Contact Information: Parent or guardian name, address, phone number, and email address. The Organization does not collect direct contact information from Minors.
• Health and Safety Information: Allergies, medical conditions, emergency contacts, and dietary requirements necessary for the safe operation of field programs.
• Program Participation Data: Attendance records, program progress, and achievement milestones.
• Photographs and Media: Photographs and videos of Minors participating in Organization programs, collected only with explicit written consent from a parent or guardian.

The Organization does not collect Social Security numbers, financial information, or geolocation data from Minors under any circumstances.

4. Parental Consent

The Organization obtains verifiable parental or guardian consent before collecting any personal information from a Minor. Consent mechanisms include:

• Signed written consent forms provided in person at program enrollment.
• Electronic consent forms with identity verification for remote enrollment.
• Verbal consent documented by Organization staff in the presence of witnesses, where written consent is impractical due to local conditions.

Parents or guardians may withdraw consent at any time by contacting the Organization. Withdrawal of consent will result in the Minor's removal from the program and deletion of their personal information, subject to any legal retention requirements.

5. How We Use Children's Data

Personal information collected from or about Minors is used exclusively for the following purposes:

• Enrolling Minors in Organization youth programs and maintaining accurate participation records.
• Ensuring the health, safety, and welfare of Minors during program activities.
• Communicating with parents or guardians about program schedules, progress, and emergencies.
• Measuring program impact and preparing anonymized, aggregated reports for donors and stakeholders.
• Complying with applicable legal and regulatory requirements.

The Organization does not use Children's data for marketing, advertising, profiling, or any purpose unrelated to the specific youth program in which the Minor is enrolled.

6. No Sale of Children's Data

The Organization does not sell, rent, lease, or trade the personal information of Children to any third party under any circumstances. The Organization does not share Children's data with third parties for their own marketing or commercial purposes. Limited sharing may occur with vetted service providers (such as medical professionals during field programs) solely as necessary to fulfill program obligations, and only under strict contractual data protection requirements.

7. Parental Rights

Parents and guardians have the following rights with respect to their child's personal information:

• Right to Review: Request a copy of all personal information the Organization has collected from or about their child.
• Right to Correction: Request correction of inaccurate or incomplete information.
• Right to Deletion: Request deletion of their child's personal information, subject to legal retention requirements.
• Right to Withdraw Consent: Withdraw consent for future collection and use of their child's information at any time.
• Right to Restrict Processing: Request that the Organization limit the processing of their child's data to specific purposes.

To exercise any of these rights, parents or guardians should contact the Organization at [email protected] or via the Contact page. The Organization will verify the identity of the requesting parent or guardian before processing any request.

8. Data Retention

Personal information of Minors is retained only for as long as necessary to fulfill the purposes described in this Policy or as required by applicable law. Upon completion of a youth program, the Organization will retain participant records for a maximum of three (3) years for program evaluation and legal compliance purposes, after which all personally identifiable information will be securely deleted or anonymized. Photographs and media will be retained only as long as the parent or guardian's consent remains in effect.

9. Security

The Organization implements appropriate technical and organizational measures to protect Children's personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls limiting data access to authorized personnel on a need-to-know basis, regular security audits and vulnerability assessments, and staff training on child data protection requirements. While no system can guarantee absolute security, the Organization is committed to maintaining industry-standard protections for all Children's data.

10. International Transfers

The Organization operates youth programs in multiple countries, including the Philippines and Cambodia. Personal information of Minors may be transferred to and processed in the United States, where the Organization is headquartered. All international transfers are conducted in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Children's Online Privacy Protection Act (COPPA). The Organization ensures that adequate safeguards are in place for all cross-border data transfers.

11. Modifications

The Organization reserves the right to modify this Policy at any time. Material changes to this Policy will be communicated to parents and guardians of currently enrolled Minors via email or written notice. The "Effective Date" at the top of this page indicates when the most recent revisions took effect. Continued enrollment in Organization programs after notification of changes constitutes acceptance of the updated Policy.

12. Contact for Parents and Guardians

Parents and guardians with questions or concerns about this Children's Privacy Policy, or who wish to exercise their rights under this Policy, may contact the Organization at: