Privacy Policy | Massachusetts | The BeatHeart Foundation

This BeatHeart Foundation Privacy Policy (“Privacy Policy”) describes how visitor’s (“you” or “your”) personal information is collected, used, and shared when you visit or make a donation from https://www.beatheartfoundation.org (the “Website”).

The purpose of this Privacy Policy is to provide you with a clear explanation of when, why and how we collect and use your personal information. This Privacy Policy is not intended to override the terms of any contract you have with us, nor any rights you might have under applicable data privacy laws.

Read this policy and make sure you fully understand our practices in relation to your personal information, before you access or use any of our Services (“PayPal”). If you read and fully understand this Privacy Policy, and remain opposed to our practices, you must immediately leave this website. If you have any questions or concerns regarding this Privacy Policy, please contact us at info@beatheartfoundation.org.

PERSONAL INFORMATION WE COLLECT

When you visit the Website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

• “Cookies” are data files that are downloaded and stored on your device or computer and often include an anonymous unique identifier. By default, we use several persistent cookies for purposes of session and user authentication, security, keeping the visitor’s preferences (e.g., regarding default language and settings), monitoring performance of our services, and generally providing and improving our Services. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org (note that this website is not provided by Wix, and we therefore cannot ensure its accuracy, completeness or availability). Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience.

• “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

• “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

Additionally, when you make a donation, attempt to make a donation, or submit a donation form, through the Website, we collect certain information from you, including your name, billing address, payment information (e.g., credit/debit card numbers), and email address. We refer to this information as “Order Information.” We also provide an option to pay for donations using PayPal. When you use PayPal’s website to make a donation, you are subject to PayPal’s Privacy Policy, which you can review on their Privacy Policy page.

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

HOW DO WE USE YOUR PERSONAL INFORMATION?

We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to: communicate with you; screen our orders for potential risk or fraud; and when in line with the preferences you have shared with us, provide you with information or advertising relating to our events or services.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

SHARING YOUR PERSONAL INFORMATION

Processing payments requires that we share your personal information (that you provide to us in your “Donation Form”) with either of the following third-parties:

•PayPal, Inc.

•Square, Inc.

We do not allow unauthorized parties access to your personal information and we will not sell or otherwise knowingly make your information available to anyone outside of our organization, unless required to do so by law. We may only share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

SECURITY

Among other things, we offer HTTPS secure access to most areas on our Services; the transmission of sensitive payment information (such as a credit card number) through our donation forms is protected by an industry standard SSL/TLS encrypted connection. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways for further enhancing the security of the Website, Services and protection of our visitor’s privacy.

THIRD-PARTY LINKS

This Website contains links to other websites belonging to or operated by third parties. By making these links available, we are not endorsing third-party websites, their content, products, services or the owners of these third-party websites. We cannot be responsible for the privacy practices or the content of sites that do not belong to The BeatHeart Foundation. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

DO NOT TRACK (DNT)

Please note that we do not alter our Site’s data collection and use practices in response to a “Do Not Track” (DNT) signal in the HTTP header from your browser or mobile application.

CALIFORNIA ONLINE PRIVACY PROTECTION ACT (CalOPPA)

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at: https://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

Users can visit our site anonymously. Once this Privacy Policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website. Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above. You will be notified of any Privacy Policy changes on our Privacy Policy page. You can change your personal information by contacting us through the contact information below.

CHILDREN ONLINE PRIVACY PROTECTION ACT (COPPA)

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

The Website and Services are not directed to children under the age of 13. We do not knowingly collect information, including personal data, from children or other individuals who are not legally able to use our Website and Services. If we obtain actual knowledge that we have collected personal data from a child under the age of 13, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13.

EU GENERAL DATA PROTECTION REGULATION (GDPR)

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.—See more at: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en

If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make a donation through the Website), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

FAIR INFORMATION PRACTICES

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify the users via email within 7 business days. We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

DATA RETENTION

When you place a donation or submit a “donation form” through the Website, we will maintain your Order Information for our records unless and until you ask us to delete this information.

CHANGES

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

CONTACTING US

If you have any questions about this Privacy Policy, for more information about our privacy practices, or would like to provide any feedback, please reach out to us at info@beatheartfoundation.org.