INTRODUCTION

The purpose of this Acceptable Use of Technology Policy (“Policy”) is to define the standards for the acceptable use of Evergreen Mountain Bike Alliance’s (Evergreen) digital and computing information, equipment, communications systems, privacy, and confidential information. This Policy should be used in conjunction with other Evergreen policies that control the creation, storage, use, transmission, and disposal of data, including the Internal Data Operating Procedures.

Updated on January 2025

1. SCOPE

This Policy regulates the use of Evergreen information systems, any Devices that connect to or access them, Devices owned, leased, or managed by Evergreen, and information gathered by its access to these systems. 

This includes but is not limited to:

• Desktop computers, laptops, tablets, and other computing Devices, including personal Devices.
• Evergreen electronic communications systems and accounts, including email and instant messaging.
• Telephones.
• All other associated computer and network communications systems, hardware or software.
  

This Policy applies to Evergreen’s employees, contractors, consultants, volunteers, and others working on behalf of Evergreen, and any other person or entity who has access to or connects to the Evergreen Information Assets (“User” or “Users”). Use of the Evergreen systems or Information Assets shall indicate a User’s understanding and agreement to the terms and conditions of this Policy.

2. DEFINITIONS

EVERGREEN SYSTEMS

All systems, software, online services, databases, and any other means of collecting, storing, modifying, sharing, or disseminating Evergreen Information, as well as any networks provided by Evergreen to access or connect to the internet.

INFORMATION ASSETS

Any computing or other equipment or Device that is or may be connected to or used to access the Evergreen Systems, including, but not limited to, computers, Google Drive online servers, routers, and Devices.

EVERGREEN INFORMATION ASSETS

Information Assets owned, leased, managed, or provided by Evergreen.

USER

the “User” is defined as the person signing this agreement.

MEDIUM

Object (such as paper) or Device (such as a hard drive, tape, or optical disk) upon which Information is stored.

DEVICES

This includes laptops, tablets, mobile phones, CDs, DVDs, backup tapes, USB thumb drives, mobile payment systems, external hard drives, and other handheld and movable Devices used to collect, store, or transfer Evergreen Information.

SENSITIVE INFORMATION

Information that includes a person’s name combined with a social security or driver’s license number, medical information, password, security answers, credit card number, or similarly sensitive personal data).

ELECTRONIC COMMUNICATIONS

The term Electronic Communications includes but is not limited to email, text messages, instant messages, phone calls, or any other type of analog or digital communication sent over or using the Evergreen Systems or using Information Assets.

3. GENERAL USE AND OWNERSHIP

NO EXPECTATION OF PRIVACY

1. Users are expressly advised that, to prevent misuse, Evergreen reserves the right to monitor, inspect, retrieve, disclose, store, intercept, and review, without further notice, all activities conducted on the Evergreen Systems and Evergreen Information Assets. 
2. Users consent to the potential monitoring of their use of the Evergreen systems and Evergreen Information Assets and acceptance of this policy.
   

OWNERSHIP OF INFORMATION

1. Any data, intellectual property, or other Evergreen Information created or stored using the Evergreen Systems or any Information Assets becomes and/or remains the property of Evergreen.
2. At the end of a User’s employment, contract, relationship, or service with or for Evergreen, the User must relinquish to Evergreen all Evergreen Information Assets, as well as all files or Evergreen Information created, received, maintained, or transmitted using any Information Assets in an unencrypted and readily accessible form, and Users will delete all Evergreen Information from personal Information Assets.
3. Users may not continue or attempt to access Evergreen Information Assets or the Evergreen Systems without authorization after the end of their employment, contract, relationship, or service with Evergreen.
   

PERSONAL USE OF INFORMATION ASSETS

1. Users are responsible for exercising good judgment regarding the reasonableness of personal use of Information Assets, such as the use of social networking sites.
2. Evergreen shall not be required to provide Users with copies of any personal information created or stored by User on Evergreen Information Assets.
   

STORAGE OF EVERGREEN INFORMATION

1. Users should store all Evergreen Information, especially sensitive personal information, exclusively on the Evergreen Systems and approved Information Assets. If Evergreen Information must be stored somewhere other than Evergreen Systems or Evergreen Information Assets, the information should be password protected.
2. Users must take extra care when storing sensitive and personal information. This information should be password-protected and encrypted as much as possible.
   

SAFEGUARDING DEVICES

1. Users should not leave Devices unattended and unsecured. When a Device is left unattended, it should be protected as much as possible against unauthorized access or removal.
2. Users must immediately report all lost or stolen Devices to Evergreen. If the lost or stolen Device contains any sensitive information, immediately alert your supervisor.
3. Users must comply with all reasonable instructions and requests of those assigned to investigate any lost or stolen Devices.
   

4. ACCEPTABLE USE

User IDS AND PASSWORDS

1. All Information Assets and Devices, including personal Devices, should be password protected.
2. Users must take precautions to prevent their login, password, and any Sensitive Information from being viewed by others while using an Information Asset.
3. Users are responsible for the security and confidentiality of their passwords and account access. If a password is lost or stolen or if its integrity is compromised, then immediately alert your supervisor or Evergreen’s Data Protection Representative.
4. Users must use a strong password. Passwords may not be based on any personal information (e.g., date of birth, maiden name, etc.) or be a generic phrase (e.g. admin, password, or 1234). Passwords must be unique for every system and service and not re-used across systems and services.
5. Unless expressly authorized by Evergreen, Users may not reveal their personal passwords to anyone, including supervisors, co-workers, vendors, or third parties.
6. If authorized by Evergreen, Users may share certain administrative accounts and passwords with other authorized Users. The passwords to such accounts may only be shared or stored in a protected or encrypted manner approved by Evergreen. Examples of approved password managers include Google Password Manager or Keeper. Users may not utilize any password manager which has not been approved by Evergreen.
7. Users must not store their password in an unprotected fashion or transmit it via email.
8. All passwords must be deleted from a User’s possession or changed immediately at the end of the employment, contract, relationship, or service of any User with Evergreen. Users should always ensure that they do not possess access to any Evergreen passwords or information at the end of their relationship with Evergreen.
   

PROHIBITED ACTIVITIES

1. Users must not violate any applicable laws or Evergreen’s policies.
2. Users must not violate any right protected by intellectual property laws, or similar laws or regulations.
3. Users must not use Information Assets or an account that they are not authorized to use or obtain a password without the consent of the account owner.
4. Users must not use the Evergreen Systems to gain unauthorized access to any computer system.
5. Users must not attempt to mask the identity of an account or machine without authorization.
6. Users must not knowingly introduce or disseminate malicious programs, code, or viruses into or on Evergreen Systems.
7. Users must not access, procure, or transmit any material or content that could create a hostile work environment.
8. Users must not use the Evergreen Systems or Information Assets to search, for, access, or otherwise utilize any site, service, or content related to illegal gambling or gaming, sexually explicit material, or the disparagement of any racial, ethnic, religious, or other group.

5. REQUIREMENTS FOR INFORMATION ASSETS

INFORMATION ASSETS GENERALLY

1. All Information Assets must be password-protected.
2. Users must not knowingly perform an act that will interfere with the normal operation of Evergreen’s Information Assets.
3. Users must keep Information Assets current with applicable security patches and updates.
   

Devices

1. All Devices, including personal Devices containing Evergreen Information, must be protected by a password or other secure method of authentication.
2. In the event of a security incident or investigation, Users must provide Evergreen with access to any Device upon reasonable request.
3. By agreeing to this Policy, Users consent to Evergreen’s efforts to manage Devices, including personal Devices, and secure their data. This may include providing Evergreen with any necessary passwords.
   

6. REQUIREMENTS FOR ELECTRONIC COMMUNICATIONS

1. Users should exercise caution when viewing emails from unknown or untrusted senders, particularly if the email includes one or more attachments.
2. Users must not distribute unsolicited messages including sending of “junk mail” or other advertising material when outside their scope of responsibility.
3. Users must not distribute “chain letters” or “ponzi” or other “pyramid” schemes of any type.
4. Users must never make or send harassing email, phone calls, messages, or other electronic communications. Harassment may be indicated through language or tone, or by the frequency and/or size of messages or attachments.
5. Users must not post to, participate in, or host blogs, newsgroups, chat rooms, or other similar activities in violation of Evergreen’s policies.

7. CONFIDENTIALITY AND NONDISCLOSURE AGREEMENT

Users agree not to use or disclose any Confidential Information (as defined below), except to the extent such use or disclosure is required in providing services to or on behalf of Evergreen. Without limiting the generality of the foregoing, Users agree not to, without prior written consent from Evergreen,

1. Divulge any Confidential Information to unauthorized third parties; or 
2. Copy documents containing any Confidential Information.
3. Use Confidential Information in a manner that is in any way detrimental to Evergreen. 
   

“Confidential Information” means all information and materials, in whatever form, whether tangible or intangible, disclosed by Evergreen or any of its affiliates to the User, or to which the User can otherwise gain access as a result of working for Evergreen, pertaining in any manner to the activities of Evergreen or its affiliates, consultants, members, or any person or entity to which Evergreen owes a duty of confidentiality, whether or not labeled or identified as proprietary or confidential. All proprietary information of Evergreen that is not known generally to the public, or is known only through improper means, is Confidential Information. Without limiting the generality of the foregoing, the following are deemed Evergreen’s Confidential Information: 

1. Ideas for research and development;
2. Computer records and software (including software that is proprietary to third parties);
3. Any other information which Evergreen must keep confidential as a result of obligations to third parties; 
4. Information related to contracts and bids;
5. Inventions whether or not patentable; 
6. Identities of customers, suppliers, or third party contractors, including without limitation any media, advertising, or public relations firms; 
7. Evergreen’s e-mail distribution list; 
8. Evergreen’s donor and member lists and the identities of Evergreen’s donors and members; 
9. Human resources data and information about employees; 
10. Cost and other financial data, 
11. Trade secrets; 
12. Polling and focus group information; 
13. Any other information to which the volunteer or staff has access while involved in Evergreen’s activities; and
14. Any goods or services volunteer or staff provide to Evergreen under this Agreement. 
    

TERMINATION

Upon termination of his or her services to Evergreen, the User shall within ten business days return to Evergreen or destroy any and all written or other tangible material containing any Confidential Information in the User’s possession and shall not keep any copies thereof. 

These provisions of this Agreement and User obligations hereunder shall survive any expiration, termination, or rescission of this Agreement and remain even after the Users relationship with Evergreen ends. Except as provided herein, the User is prohibited from disclosing or using any Confidential Information in all circumstances, including but not limited to subsequent engagements or employment with third parties. 

8. ARTIFICIAL INTELLIGENCE (AI) USAGE POLICY

While Evergreen remains committed to adopting new technologies to further our mission when possible, we also understand the risks and limitations of artificial intelligence (AI) tools and want to ensure responsible use. While AI tools may offer attractive opportunities to streamline work functions and increase efficiency, they come with serious security, accuracy, and intellectual property risks. This policy highlights the unique issues raised by AI tools, helps employees understand the guidelines for AI tool acceptable use, and protects Evergreen’s confidential or sensitive information, trade secrets, intellectual property, workplace culture, commitment to diversity, and brand.

GUIDANCE

AI tools are created and owned by private companies. Most AI tool end-user license agreements state that any data (question, prompt, or input) entered into the AI tool becomes the property of that private company and can be used to further train the AI model or for other uses by that private company. By entering sensitive Evergreen information into these tools (for example, a member's name or email address), you have given the private company ownership of that sensitive information without the consent of the Evergreen member, which is both unethical and a violation of this agreement.

It should be assumed that any data entered into an AI tool becomes the property of the company that owns the AI.

It is ACCEPTABLE to use AI tools to generate anonymous and generic results, such as text and images for marketing or newsletter communications.

It is NOT ACCEPTABLE to enter Evergreen information Assets or Sensitive Information into AI tools. Sensitive information includes the information defined in the Definitions Section, and also includes but is not limited to member personal data (name, email address, phone, mailing address), financial data (donations, membership dues), and any operational data not already available to the public (documentation of procedures, operating manuals, staff HR/personal info).

Examples:

ACCEPTABLE questions/prompts to enter into AI tools:

• "Write a survey to find out what kind of trails mountain bikers in the Spokane area want to ride."
• "Write a paragraph about why riding mountain bikes in the summer is so fun."
• "Create a checklist of tasks for hosting a public event."
• General-knowledge questions are meant to enhance understanding of a work-related topic.
• Prompts to brainstorm ideas related to projects. 
• Questions about how to create formulas for Excel spreadsheets or how to use specific software.
• Prompts to create general content for a marketing email or letter.
• Prompts to summarize online research or to create outlines for content projects to assist in full coverage of a topic. 
• Prompts to research content for a report, presentation, or other documents, provided the prompt does not contain sensitive Evergreen information.
  

NOT ACCEPTABLE questions/prompts to enter into AI tools:

• "Write an email to John Smith, telling him that I have updated his Membership address from 123 Street to 456 Ave."
• "Create an infographic of our top donor names using this Excel file as input."
• "Write an email to our employee Tom Smith, letting him know that his last paycheck was incorrect and he will see an additional $100 on his next paycheck on June 1st."
• Any input which includes sensitive Evergreen information, including company name, confidential or sensitive information or data, trade secrets, intellectual property, workplace culture, commitment to diversity, and brand. Employees are also prohibited from representing work generated by AI tools as their own original work.
  

If using AI tools, it is each User's responsibility to verify responses for accuracy, appropriateness, bias, and compliance with laws and company policies. AI-generated content must be carefully reviewed before use.

5. VIOLATIONS OF THIS POLICY, ENFORCEMENT, AND UPDATES

Users must report violations of this Policy to their supervisor or Evergreen’s Data Protection Representative. This includes any type of suspicious, abnormal, or unauthorized activity that threatens the integrity, confidentiality, or availability of the Evergreen Systems or Information Assets. 

Governing Law. This Policy will be governed by and construed in accordance with the laws of the State of Washington. For all disputes relating to this Policy, each User consents to the jurisdiction of the courts of the State of Washington and agrees that those courts have personal jurisdiction over each party. The venue for all disputes shall be the King County Superior Court in Seattle, Washington.

Evergreen may modify this Policy at any time. If any substantive modifications are made, they will be communicated to all staff and volunteers. Any violation of this Policy may result in termination of the User’s use or access to the Evergreen Systems and/or disciplinary action up to and including termination of the User’s employment, contract, relationship, or service to Evergreen. Evergreen may take any legal action it deems appropriate and/or report any suspected unlawful conduct to law enforcement.