Privacy Policy

This Privacy Policy outlines how CATALYSTS ("we," "us," "our") collects, uses, and protects personal information gathered through our website (the "Site"). By using the Site, you agree to this Privacy Policy. If you do not agree, please refrain from using the Site.

Information Collection

We collect personal information that you voluntarily provide when using the Site, including your name, email address, postal address, phone number, and payment information. Additional information collected includes your device and browser type, browsing history, and interaction with our website.

Use of Personal Information

We use your personal information for various purposes, including:

  • Processing donations and providing receipts.
  • Sending updates, newsletters, and promotional materials.
  • Responding to inquiries and providing customer support.
  • Conducting surveys and research to improve our services.
  • Complying with legal requirements.

Sharing Personal Information

We do not sell or rent your personal information. However, we may share your information with third-party service providers who perform functions on our behalf. These services include payment processing (e.g., Stripe, PayPal), website hosting (e.g., AWS, Google Cloud), and data analysis (e.g., Google Analytics). These third-party providers are contractually obligated to protect your information and use it solely for the purposes we specify.

Data Protection

We implement appropriate technical and organizational measures to safeguard your personal information from unauthorized access, disclosure, alteration, or destruction. Sensitive information, such as payment details, is encrypted and securely transmitted.

Cookies and Tracking

The Site uses cookies and similar technologies to enhance user experience, analyze site usage, and deliver targeted advertising. Specific examples of the types of cookies we use and their purposes include:

  • Session Cookies: These cookies maintain your login status and allow you to navigate the Site without having to log in repeatedly.
  • Analytics Cookies: We use these cookies to track site usage and improve our services (e.g., Google Analytics).
  • Advertising Cookies: These cookies help deliver targeted ads based on your browsing behavior (e.g., Facebook Pixel).

You can manage your cookie preferences through your browser settings.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict the use of your personal information. You can exercise these rights by contacting us at [email protected]. Please include "Privacy Rights Request" in the subject line and provide specific details about your request. We will acknowledge receipt of your request within 10 business days and respond to your inquiry within 30 days. If additional time is needed to process your request, we will inform you of the delay and provide an estimated timeframe for completion.

General Data Protection Regulation (GDPR)

This policy has been updated to reflect the requirements of the General Data Protection Regulation (GDPR), effective May 25, 2018. GDPR rights apply to anyone residing in an EU country whose data is collected or maintained by CATALYSTS. As a policy, CATALYSTS extends those rights to all users, wherever their location. We are committed to the seven key principles of GDPR:

  1. Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.
  2. Purpose Limitation: Personal data will be collected only for specified and legitimate purposes.
  3. Data Minimization: Personal data will be limited to what is adequate, relevant, and necessary.
  4. Accuracy: Personal data will be accurate and kept current.
  5. Storage Limitation: Personal data will be kept in identifiable form for no longer than necessary.

Retention Periods

  • Account Information: Personal data such as your name and contact details will be retained for as long as you maintain an account with us.
  • Payment Information: Payment information is stored only for the duration of the transaction.
  • Browsing History and Interaction Data: Browsing history and interaction data are retained for up to one year for analytics purposes.

If you have any questions or need further information about our data retention policies, please contact us at [email protected].

Data CATALYSTS Collects

  • Data Users Provide: Voluntarily provided personal data through our website, donation methods, email subscriptions, and direct communications. This includes name, mailing address, email address, phone number, payment information, and employer name.
  • Website Data: Information about website usage, collected with user permission, including page views, visit duration, IP addresses, and geolocation. This data is aggregated and anonymized.
  • Cookies: Used to improve website experience. Users can manage cookies via browser settings.

Use of Information

  • Processing Payments: To process donations and issue receipts.
  • Communications: To send updates, newsletters, and other relevant information.
  • Analysis and Improvement: To analyze trends and improve services.

Disclosure of Information

  • Vendors: We may share data with third-party vendors for services such as payment processing and website hosting. These vendors are required to protect your data.
  • Legal Purposes: We may disclose personal information as required by law.

Data Transfer and Storage

Personal data may be transferred and stored in the United States. By providing data, you consent to this transfer and storage.

Securing Personal Data

We employ a variety of physical, electronic, and managerial procedures to protect personal data. Our security practices include:

  • Two-Factor Authentication: To enhance account security, we implement two-factor authentication for accessing your account.
  • Regular Security Audits: We conduct regular security audits to identify and mitigate potential vulnerabilities in our systems.
  • Encryption: Sensitive information is encrypted both in transit and at rest to protect it from unauthorized access and breaches.

Despite these robust measures, please note that no method of transmission over the internet or electronic storage is completely secure. Consequently, users provide data at their own risk.

You have the right to request data deletion, access, correction, and exercise other GDPR rights. To do so, please contact us at [email protected]. Please include "Privacy Rights Request" in the subject line and provide specific details about your request. We will respond to your inquiry within 30 days.

Data Breaches

In the event of a data breach, we will take the following steps:

  • Notification: Affected users will be notified within 72 hours of our becoming aware of the breach.
  • Mitigation: We will work to minimize the impact of the breach, which may include resetting passwords, securing our systems, and working with cybersecurity experts to prevent future breaches.
  • Transparency: We will provide details on the nature of the breach, the data affected, and the measures taken to address the issue.

Language and Definitions

We aim to ensure our privacy policy is accessible to all users. Here are definitions for some technical terms used:

  • Anonymized: Data that has been processed to remove personally identifiable information, ensuring that the individual cannot be identified.
  • Encryption: The process of converting data into a code to prevent unauthorized access. This ensures that even if data is intercepted, it cannot be read without the decryption key.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on the Site. Your continued use of the Site after any changes indicates your acceptance of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at [email protected]