Privacy Policy

Evergreen Mountain Bike Alliance Privacy Policy

Effective Date: 5/19/2026

About EMBA

Evergreen Mountain Bike Alliance is a 501(c)(3) nonprofit organization and the nation’s largest statewide mountain bike association, representing thousands of riders across Washington through regional chapters.

Today, Evergreen works closely with land managers, partner organizations, Tribal Governments, and local communities to build, maintain, and protect sustainable trail systems while promoting responsible recreation, education, and advocacy. With a growing membership and a strong volunteer base contributing tens of thousands of trail work hours annually, Evergreen plays a critical role in expanding access to high-quality mountain biking opportunities and supporting a vibrant, inclusive outdoor community across the state.

Scope of this Policy

This privacy policy (“Policy”) applies to:

Evergreen Mountain Bike (“EMBA” “we,” “us,” “our”);
EMBA’s online properties (including our website, https://www.evergreenmtb.org, and websites or mobile applications that link to it), our social media pages or handles (Instagram, Facebook, YouTube, TikTok, LinkedIn), our products, and any of our in-person events or services (the “Services”).

This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to third-party websites, mobile applications, or services that may link to the Services or be linked to from the Services. Please review the privacy policies on those websites and applications directly to understand their privacy practices.

We may change this Policy from time to time. If we do, we will notify you by posting the updated version.

Personal Data We Collect

We collect and process Personal Data to deliver the Services to you. “Personal Data” refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household, and includes “personal information” or similar terms in applicable privacy laws.
We collect Personal Data from you directly, from the devices you use to interact with us, and from third parties. We may combine Personal Data from the Services together and with other information we obtain from our business records. We may use and share Personal Data that we aggregate (compile to create statistics that cannot identify a particular individual) or de-identify (strip information of all unique identifiers such that it cannot be linked to a particular individual) at our discretion.

Information you give us

You may provide the following Personal Data to us directly:

Contact information, including name, email address, and telephone number.
Demographic information.
Audiovisual information, including recordings and photos from our events.
Content you may include in survey responses.
Transaction information, including information about swag orders or donations.
Information you make available to us via a social media platform.
Any information or data you provide by commenting on content posted on our Services. Please note that these comments are also visible to other users of our Services.
Your use of our Services.
Information you submit to inquire about or apply for a job with us, including professional information, such as employment and certification history.
When you enter a contest/sweepstakes or take part in a promotion, we may process Personal Data as necessary to provide the contest/promotion, notify you if you have won, or to process delivery of a prize.
Health information, such as pre-existing conditions, allergies, or use of medications, as part of the registration process to volunteer or participate in one of our events, or related to incident reporting in case of an injury.
Any other information you submit to us.

Information we collect automatically

We and our partners working on our behalf may use log files, cookies, or other digital tracking technologies to collect the following Personal Data from the device you use to interact with our Services. We also create records when you make purchases or otherwise interact with the Services.

Device information, including IP address, device identifiers, and details about your web browser.
Analytical information, including details about your interaction with our Services, website, app, and electronic newsletters.
Diagnostic information, including web traffic logs.
Business record information, including records of your purchases of products and services, donations, and use of our Services.

The following is a list of our partners who collect the Personal Data described above. Please follow the links to find out more information about the partner’s privacy practices.

Partners / Information Type Collected

GiveSmart - Business record information
Google Analytics - Device information, Analytical information, Diagnostic information
Stripe - Business record information
Square - Business record information
TrailForks - Device information
GoFundMe Pro - Business record information

Information We Collect From Other Sources

We may collect the following Personal Data about you from third-party sources.

Single Sign-On (SSO) - We receive Personal Data from Facebook or Google when you use single sign-on .
Social media companies - We receive Personal Data from social media companies when you interact with that social media company on or in connection with our Services.

How We Use Your Personal Data

We may use any of the Personal Data we collect for the following purposes.

Service Delivery: We process Personal Data as necessary to provide our Services and the products and services you purchase or request, or otherwise to complete a donation or transaction you request. For example, we process Personal Data to authenticate users and their rights to access the Services, to login or register your account, to coordinate volunteer opportunities, camps, classes or other events, and as otherwise necessary to fulfill our contractual obligations to you, provide you with the information, features, and services you request, and create relevant documentation.
Internal Processing and Service Improvement: We may use any Personal Data we process through our Services as necessary in connection with improving the design of our Services, optimizing the display and functionality of the Services, understanding how our Services are used or function, understanding how our customers and prospective customers interact with our Services or our third party service providers and other partners identified in this Policy, for customer service purposes, for internal research, technical or feature development, to track service use, QA and debugging, audits, analyzing guest satisfaction, and similar purposes.
Marketing: We may use your Personal Data to send you marketing communications, such as our email newsletter, and measure the effectiveness of our marketing.
Security:To protect and secure our Services, assets, network, and business operations, and to detect, investigate, and prevent theft, unauthorized use, or abuse of the Services and other activities that may violate our policies or be fraudulent or illegal.
Compliance, Health, and Safety: We may process Personal Data as necessary to comply with our legal obligations, such as for the establishment and defense of legal claims, where we must comply with requests from government or law enforcement officials, and as may be required to meet law enforcement requirements or prevent illegal activity. We may also process data to protect the health and safety of individuals, or on certain public interest grounds, each to the extent required or permitted under applicable law.
With your consent: We may use your Personal Data for any other purpose for which you provide Personal Data or as otherwise explained to you as the point of data collection.

How We Share Your Personal Data

We may share any of the information we collect with the following recipients.

Service providers: We engage vendors to perform specific business functions on our behalf, and they may receive information about you from us or collect it directly. These vendors are obligated by contract to use information that we share only for the purpose of providing these business functions, which include:
- Supporting Service functionality, such as vendors that support event registration, payment or donation processing, customer service and customer relationship management, subscription fulfillment, application development, postal mailings, and communications (email).
- Auditing and accounting firms, such as firms that help us create our financial records.
- Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance.
- Analytics services, including entities that analyze traffic on our online properties and assist with identifying and communicating with potential customers.
- Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
- Information technology vendors, such as entities that assist with website design, hosting and maintenance, data and software storage, and network operation.
- Marketing vendors, such as entities that support the distribution of marketing emails.
Social media platforms: If you interact with us on social media platforms, the platform may be able to collect information about you and your interaction with us. If you interact with social media objects on our Services (for example, by clicking on a Facebook “like” button), both the platform and your connections on the platform may be able to view that activity. To control this sharing of information, please review the privacy policy of the relevant social media platform.
Government entities/Law enforcement: We may share information when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests, or where necessary to protect our property or rights or the health and safety of our employees, contractors, customers, or other individuals.
Other businesses in the context of a commercial transaction: We may change our ownership or corporate organization while providing the Services. We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information as described in this policy.

Security

We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

Your Options and Rights Regarding Your Information

Your Account: Please login to update your account information.

Email Unsubscribe: If you do not wish to receive marketing information from us or wish to opt out of future email promotions from us, please contact us. Please note that all promotional email messages you receive from us will include an option to opt out of future email communications.

Do Not Track: Your browser or device may include “Do Not Track” functionality. Our information collection and disclosure practices and the choices that we provide to you will continue to operate as described in this privacy policy regardless of whether a Do Not Track signal is received.
Jurisdictional Specific Rights: you may have additional rights under the Washington State My Health My Data Act.

Special Information for Job Applicants

When you apply for a job with us, we may collect Personal Data from you, including:

Information you provide in connection with your application.
Information that you make available in your social media accounts.
Information about you that is available publicly.
Information that you authorize us to collect via third parties, including former employers or references.

In certain circumstances, you may submit your application for employment through a third-party service that displays our job posting. We do not control the privacy practices of these third-party services. Please review their privacy policies carefully prior to submitting your application materials.

Other Important Information

Data retention

We may store information about you for as long as we have a legitimate business need for it. We determine the retention period for the personal information that we collect based on (1) the length of time we need to retain the information to achieve the purposes for which we collected it, (2) any legal or regulatory requirements applicable to such information, (3) internal operational needs, and (4) any need for the information based on any actual or anticipated litigation or investigation.

Cross-border data transfer

We may collect, process, and store your Personal Data in the United States. The laws in the United States regarding Personal Data may be different from the laws of your country.

Information about children

Our Services are neither directed at nor intended for use by persons under the age of 18. We generally collect information relating to this age group only from parents or with parental consent and we only knowingly collect Personal Data from such individuals directly in limited circumstances where reasonably necessary to provide the Service (such as registration for age-specific camps or clinics). We do not otherwise knowingly collect information from such individuals. If we learn that we have inadvertently done so, we will promptly delete such Personal Data if required by law. Do not access or use our Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

Contact information

Contact

Please contact us if you have questions or wish to take any action with respect to information to which this privacy policy applies.

Email:

Telephone: (206) 524-2900

Mail: 249 Main Ave S, Suite 107-188, North Bend, WA 98045

Washington State - Consumer Health Data Privacy Policy

This notice supplements the EMBA Policy and applies to Personal Data defined as “Consumer Health Data” subject to the Washington State My Health My Data Act (“MHMDA”), or other applicable state consumer health privacy law.

Categories of Consumer Health Data We Collect

As described in the Personal Data We Collect section of the Policy, the data we collect depends on the context of your interactions with EMBA and the choices you make, the products and services you use, and applicable law. Because Consumer Health Data is defined very broadly, many of the categories of data we collect could also be considered Consumer Health Data.

Examples of Consumer Health Data may include:

Information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions). For example, we may collect such information when you register to volunteer or participate in one of our events, or related to incident reporting in case of an injury.
Measurements of bodily functions, vital signs, or characteristics, including photographs, which may also be considered biometric information under the MHMDA, or other applicable state consumer health privacy law.
Information that could identify your attempt to seek health care services or information, including services that allow you to improve or learn about your or another person’s health. For example, we analyze your visit to our website, which may include queries concerning wellness, fitness, or other health-related topics.
Other information that may be used to infer or derive data related to the above or other health information.

Sources of Consumer Health Data We Collect

As described further in the Personal Data We Collect section of the Policy, we collect Personal Data (which may include Consumer Health Data) directly from you, automatically from your interactions with our services, and from other sources.

Why We Collect and Use Consumer Health Data

We collect and use Consumer Health Data for the purposes described in the How We Use your Personal Data section of the Policy. Primarily, we collect and use Consumer Health Data as reasonably necessary to provide you with the services you have requested or authorized. This may include volunteer or event registration, incident reporting in case of an injury, or otherwise delivering and operating the services.

Sharing of Consumer Health Data

Categories of Consumer Health Data We Share
We may share each of the categories of Consumer Health Data described above for the purposes described in the How We Share Your Personal Data section of the Policy. In particular, we may share Personal Data, including Consumer Health Data, with your consent or as reasonably necessary to complete any transaction or provide any service you have requested or authorized, as described above.

Categories of Third Parties with Whom We Share
We may share Consumer Health Data with the following categories of third-party recipients: Service Providers, Government entities/Law enforcement

Specific Affiliates with Whom We Share
We do not currently share Consumer Health Data with specific Affiliates.

My Health My Data Rights

Your Rights
Under the MHMDA, Washington State residents and natural persons whose Consumer Health Data is collected in Washington may have the following rights, subject to verification, exceptions, and limitations:

Right to Confirm/Access/Know - Up to twice annually, you have the right to (a) confirm whether we are collecting, sharing, or selling your Consumer Health Data, and (b) access such data, including a list of all third parties and affiliates with whom we have shared or sold the Consumer Health Data and an active email address or other online mechanism that you may use to contact these third parties.

Right to Delete - You have the right to request deletion of the Consumer Health Data held by us and our affiliates, processors, contractors, and other third parties.

Right to Withdraw Your Consent/Opt-Out - You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.

Right to Non-Discrimination - You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the MHMDA.

How to Exercise Your Rights

You may submit requests as follows (please our review verification requirements below).

You may call us at: (206) 524-2900. Please provide your email address, phone number or address, along with your request.
By emailing us at

If you have any questions or wish to appeal any refusal to take action in response to a rights request (if the right of appeal is granted by your state), contact us at . We will respond to any request to appeal within the period required by law.
If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint, or other regulatory authority as applicable.

Verification of Rights Requests

Certain rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) and we may request additional information from you. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.