Contact us

Privacy Policy

Commitment to Confidentiality, Trust, and Data Stewardship

1. Introduction and Scope of this Policy

CARING HEARTS2 INCORPORATED (referred to as “CARING HEARTS2,” “we,” “us,” or “our”) is deeply committed to protecting the privacy and confidentiality of all individuals who engage with our mission, whether they are beneficiaries, volunteers, donors, staff members, partners, or general website visitors. We understand that sharing personal information, especially when seeking assistance or making a generous donation, requires a significant level of trust, and we consider the protection of that trust to be our most fundamental responsibility. This comprehensive Privacy Policy is designed to clearly articulate our practices concerning the collection, use, maintenance, protection, and disclosure of your personal information in connection with all of our operations, including our community outreach programs, educational workshops, fundraising initiatives, and digital communications channels, including our website and social media platforms.

This policy applies to all information we collect: a) in person, such as at a needs assessment meeting, during a volunteer orientation, or at a community event; b) through our website, online forms, and digital communication channels; and c) through third-party services, such as donation processing platforms or grant applications. It is crucial for all stakeholders to read this policy in its entirety to understand how we treat your information. By interacting with CARING HEARTS2 INCORPORATED—including accessing our website, enrolling in a program, or providing a donation—you are acknowledging and accepting the practices described in this policy and consenting to our use of your information as outlined herein. Should you disagree with any part of this policy, we kindly ask that you refrain from accessing our services or providing your personal data. Our dedication to transparency and ethical conduct mandates that we clearly outline these practices, ensuring that our operations are not only compassionate but also legally and ethically sound in all matters concerning data stewardship.

2. Information We Collect

Our ability to effectively deliver our mission—to uplift and empower individuals and communities—relies on collecting certain types of information. We categorize the information we collect into three primary segments: Personal Identifiable Information, Sensitive Personal Information, and Non-Personal Information. The exact data collected depends entirely on the nature of your relationship with CARING HEARTS2 INCORPORATED.

2.1. Personally Identifiable Information (PII)

PII is information that can be used to specifically identify or contact you. This type of information is collected across our various interactions.

  • For Donors and Financial Supporters: This typically includes your full name, mailing address, email address, telephone number, payment information (such as credit card numbers or bank details, which are processed via secure third-party platforms and not stored directly by us), donation history, and preferences regarding public recognition (e.g., whether you wish your donation to be acknowledged publicly or remain entirely anonymous).
  • For Program Beneficiaries (Individuals and Families): This encompasses full names of all family members, residential address, contact numbers, email addresses, and demographic data that assists in grant reporting, such as household size, employment status, and basic educational background.
  • For Volunteers and Staff: This includes contact information, application details, emergency contact details, resume information, professional skills and qualifications, availability, training completion records, and records related to background checks as mandated by our safety and legal protocols.
  • For Website Visitors and Communicants: If you sign up for a newsletter or submit a contact form, we collect your name and email address.

2.2. Sensitive Personal Information (SPI)

Sensitive Personal Information is data that, if improperly disclosed, could lead to unfair treatment, discrimination, or financial hardship. We collect SPI only when strictly necessary to fulfill a specific program requirement or legal obligation, and it is handled with the highest level of confidentiality and security.

  • Needs-Based Data: For beneficiaries seeking targeted support (e.g., emergency financial aid, specific educational placement), we may collect information regarding household income level, specific financial hardship details, health-related information (only as relevant to program eligibility, such as a documented learning disability requiring specific educational accommodations), and, in some cases, documentation verifying residency or legal status required for specific grant funding purposes.
  • Safety and Compliance Data: For all staff and volunteers, we collect date of birth and may collect social security numbers or similar identification for mandatory background checks, payroll processing, and tax reporting requirements. This sensitive information is never stored digitally on accessible servers and is often managed through secure, encrypted HR or payroll systems that meet stringent industry security standards.

2.3. Non-Personal Information (NPI) and Digital Activity Data

NPI is data that does not directly identify you but relates to your interaction with our digital platforms. This information helps us improve our website and communications.

  • Digital Analytics: We automatically collect data related to your visits to our website, including your IP address, browser type and operating system, the pages you viewed, the time and date of your visit, and the referring website or search query that brought you to us. This information is typically aggregated and anonymized for statistical analysis purposes, allowing us to understand site traffic patterns and optimize our user experience.
  • Cookies and Tracking Technologies: We utilize cookies, pixel tags, and similar technologies to enhance your browsing experience, remember your preferences, and help us analyze our website traffic and usage. Cookies are small text files placed on your device. You have the ability to accept or decline cookies through your browser settings, though declining certain cookies may affect the functionality of our website.

3. Methods of Information Collection

We employ several distinct methods for collecting personal information, all designed to be as transparent and secure as possible, ensuring that individuals are fully aware of when and why their data is being gathered.

3.1. Direct Interaction and Forms

The majority of PII is collected directly from you when you voluntarily provide it through overt actions. This includes:

  • Online and Paper Forms: Filling out a “Contact Us” form on our website, completing an application for a specific program (e.g., the vocational training series), signing up for a newsletter, or completing a paper registration form at a community event.
  • Verbal Communication: Providing information to a staff member or intake specialist during a scheduled phone consultation or in-person meeting for a needs assessment.
  • Contractual/Commitment Forms: Submitting a volunteer agreement, employment contract, or a formal grant application that requires detailed personal and financial information.
  • Donor Submissions: Completing a donation transaction either online or via mail, including submitting your name, address, and intended designation of funds.

3.2. Automated Collection of Digital Data

As mentioned in the previous section, we collect NPI automatically when you interact with our website. This process is passive and integral to modern website operation.

  • Server Logs: Our servers automatically record standard log data, including requests, time stamps, IP addresses, and error messages, which are essential for maintaining website security, diagnosing technical problems, and preventing malicious activity.
  • Analytics Services: We use third-party analytics tools (such as Google Analytics) to passively collect data about visitor engagement, including the duration of a visit, the navigation path taken through the site, and the conversion rates for key actions (e.g., form submissions or donation clicks). This data collection process is governed by the privacy policies of the respective service providers, but the data is used solely for our internal optimization purposes.

3.3. Indirect Collection from Third Parties

In some necessary instances, we collect information about you from external, trusted sources, always with your knowledge or as legally permissible.

  • Payment Processors: When you make an online donation, financial transaction data (e.g., card number, security code) is securely handled by third-party payment processors. While we do not store these sensitive details, the processor provides us with necessary confirmation details (e.g., transaction ID, name, address) to record the donation and issue a tax receipt.
  • Background Check Agencies: For all staff and regular volunteers, we contract with specialized, certified agencies to conduct mandated background checks. These agencies provide us with a summary report confirming eligibility to work with vulnerable populations, but they do not typically share the raw underlying data (e.g., criminal history details) with us, maintaining a necessary layer of separation and privacy.
  • Publicly Available Information: We may, in the context of research or due diligence for major fundraising campaigns, gather publicly available information, such as professional titles or public addresses, to better understand potential donors and partners, always adhering strictly to ethical fundraising guidelines and local laws.

4. Use of the Information We Collect

The information collected by CARING HEARTS2 INCORPORATED is utilized exclusively to further our mission, manage our operations efficiently, and comply with legal obligations. We commit to using your data only in ways that are consistent with the purpose for which it was originally collected, or for compatible and related purposes that directly support our charitable objectives.

4.1. Fulfillment of Our Mission and Program Delivery

The primary use of the information we collect from beneficiaries and participants is to effectively enroll, manage, and deliver the specific programs and support services they require.

  • Needs Assessment and Targeting: Sensitive Personal Information (SPI) related to income, family size, or specific hardship is used to verify eligibility for targeted aid programs (e.g., scholarships, emergency housing support) and ensure our limited resources reach those in the most profound need, maximizing the positive impact of our support.
  • Program Management and Scheduling: PII (names, contact numbers) is essential for scheduling tutoring sessions, coordinating attendance at vocational workshops, tracking participation rates, and communicating any necessary changes or updates regarding a program’s logistics or curriculum.
  • Referrals and Coordination: When necessary, and only with your explicit verbal or written consent, we use your information to facilitate referrals to trusted partner organizations, such as local food banks, counseling services, or housing resources, ensuring a seamless and comprehensive continuum of care that addresses all facets of a family’s needs.

4.2. Operational Management and Internal Function

We use your information to maintain the efficiency, transparency, and high ethical standards of our internal operations.

  • Volunteer and Staff Administration: Data is used for critical HR functions, including processing payroll, conducting performance reviews, managing volunteer assignments, ensuring compliance with labor laws, and communicating organizational news and training requirements to our team.
  • Financial Accountability and Reporting: Donor PII and transaction records are used to accurately process donations, issue timely and compliant tax receipts, and report financial activities to regulatory bodies and our Board of Directors, ensuring we meet all legal requirements for non-profit financial transparency.
  • Risk Management and Safety: Information gathered from background checks and emergency contact forms is used solely to ensure the safety and security of our program participants, staff, and volunteers, allowing us to respond rapidly and appropriately to any emergencies or security concerns within our facilities or during offsite events.

4.3. Fundraising, Development, and Communications

A portion of the PII we collect is dedicated to securing the continued funding necessary to sustain and expand our charitable work, a critical component of our operational mandate.

  • Donor Acknowledgement and Stewardship: We use PII and donation history to thank donors, communicate the impact of their gifts through personalized reports, and maintain an ongoing relationship. Unless anonymity is explicitly requested, we may use names to publicly acknowledge supporters in annual reports or event materials, fostering a culture of gratitude and inspiring further generosity within the community.
  • Marketing and Outreach: We use PII (primarily email addresses) to share organizational newsletters, program success stories, and upcoming event invitations, keeping our community informed and engaged. All marketing communications include clear, easy-to-use mechanisms for you to opt-out of future mailings, honoring your communication preferences at all times.
  • Grant Reporting and Analysis: We use anonymized and aggregated demographic data (derived from participant PII and SPI) to fulfill reporting requirements for grantors and foundations. This allows us to demonstrate the reach and effectiveness of our programs without disclosing any individual identifying details, which is crucial for securing the funding that makes our mission possible.

5. Data Sharing and Disclosure

CARING HEARTS2 INCORPORATED will never sell, rent, or lease your personal information to third parties for commercial gain. We only share or disclose information under strictly controlled circumstances, either when necessary for operations, to fulfill a legal obligation, or with your explicit, informed consent.

5.1. Third-Party Service Providers and Vendors

We engage various trusted external companies and individuals to perform functions on our behalf. These service providers are given access only to the PII or NPI necessary to perform their specific functions and are contractually obligated to maintain the confidentiality and security of that information, adhering to strict data protection standards that mirror our own commitment to privacy.

  • Examples: This includes companies that process our donation transactions (as detailed in Section 3.2), software providers for our Customer Relationship Management (CRM) system, email communication platforms for sending newsletters, and IT support services that manage our data infrastructure.

5.2. Legal Compliance and Law Enforcement

We reserve the right to disclose your personal information if required to do so by law or in the good faith belief that such action is necessary to:

  • Comply with a legal process (e.g., subpoena, court order) served on CARING HEARTS2 INCORPORATED.
  • Protect and defend the rights or property of CARING HEARTS2 INCORPORATED, including enforcing our terms of use or agreements.
  • Act in urgent circumstances to protect the personal safety of users of our services, the public, or our personnel.
  • Investigate fraud, security issues, or technical problems related to the organization or our digital systems.

5.3. With Program Partners (With Consent)

As a community-focused NGO, we frequently collaborate with other local service providers to address the holistic needs of our beneficiaries.

  • If a beneficiary requires a service that we do not directly offer (e.g., intensive addiction counseling, specialized legal aid), we may, only after obtaining their explicit, documented consent, share necessary PII (such as name and contact information) with a trusted, vetted partner organization to facilitate a direct and smooth referral process. Consent for these specific sharing activities is always voluntary and revocable.

5.4. Organizational Changes

In the event that CARING HEARTS2 INCORPORATED undergoes a merger, acquisition, or restructuring, user information may be part of the assets transferred. We will provide timely notification to our users regarding any such change in ownership or control of their personal data and outline any resulting changes to this Privacy Policy.

6. Data Security and Protection Measures

We are unwavering in our commitment to protecting your personal information from unauthorized access, loss, misuse, or alteration. We have implemented a comprehensive, multi-layered security framework that combines administrative, technical, and physical safeguards designed to ensure the integrity and confidentiality of your data across all stages of its lifecycle within our organization.

6.1. Technical Security Measures

  • Encryption: Our website and all online data submission forms utilize industry-standard SSL/TLS encryption to secure all data transmitted between your browser and our servers, preventing interception during transit. Sensitive internal data, especially SPI related to staff and beneficiaries, is stored within encrypted and access-controlled databases.
  • Access Control: Access to PII and SPI is strictly limited to those staff and authorized volunteers who require the information to perform their specific job functions (a “need-to-know” basis). Access is enforced through strong password policies, multi-factor authentication (MFA) for key systems, and regular review of user permissions.
  • Firewalls and Monitoring: We maintain enterprise-level network security tools, including firewalls, intrusion detection systems, and regular security monitoring, to continuously safeguard our digital infrastructure against external threats and detect suspicious activity in real-time.

6.2. Administrative and Physical Safeguards

  • Staff Training: All CARING HEARTS2 INCORPORATED employees and regular volunteers receive mandatory, recurrent training on data protection protocols, confidentiality requirements, and ethical handling of sensitive information, emphasizing the importance of privacy compliance in their day-to-day duties.
  • Physical Security: Hard-copy documents containing PII or SPI are minimized, and those that are retained (e.g., signed contracts, background check reports) are stored in locked cabinets within secured offices at our Danbury facility, accessible only to authorized personnel. Documents scheduled for disposal are permanently destroyed using professional-grade shredding services.

6.3. Data Retention Policy

We retain your personal information only for as long as is necessary to fulfill the purpose for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Program Data: Data related to program beneficiaries is typically retained for the duration of the program plus a specific period (e.g., 5-7 years) as required by grant funders for compliance auditing.
  • Donor Data: Financial transaction records are maintained as required by tax law (e.g., seven years).
  • Volunteer/Staff Data: Employment and volunteer records are retained for the duration of engagement plus a legally mandated period (which varies by jurisdiction and type of document).
  • Once the retention period expires, we securely destroy or permanently anonymize the information.

7. Your Rights and Choices Regarding Your Data

We respect your right to control your personal information. Depending on your jurisdiction and relationship with CARING HEARTS2 INCORPORATED, you may have specific rights regarding the data we hold about you. We commit to honoring all valid requests concerning these rights.

7.1. Right to Access and Correction

You have the right to request access to the personal information we hold about you. Upon receipt of a valid request, we will provide you with a copy of the data we process, along with details regarding the source of the data, the purposes for processing, and the categories of third parties with whom we share it. Furthermore, you have the right to request that we correct any inaccurate, incomplete, or outdated personal information we maintain. We will promptly rectify errors and inform any third parties to whom the inaccurate information was disclosed.

7.2. Right to Deletion (Right to be Forgotten)

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent for processing and there is no overriding legitimate interest for us to continue processing it. Please note that this right is subject to certain limitations, particularly concerning data we are legally required to retain for tax, regulatory, or audit purposes (e.g., donor financial records, employee contracts). In such cases, we will inform you of the necessity for continued retention and restrict further processing of that data.

7.3. Right to Opt-Out of Marketing Communications

You have the unconditional right to opt-out of receiving fundraising, marketing, and general informational newsletters from us at any time.

  • Email: Every promotional email we send includes a clear and conspicuous “Unsubscribe” link at the bottom. Clicking this link will immediately remove you from that specific mailing list.
  • Mail: To opt-out of physical mailings (e.g., annual reports, appeals), please contact our administrative office via the contact information provided below, specifying your full name and address, and we will update your communication preferences within a reasonable timeframe.

7.4. Exercising Your Rights

To exercise any of these rights, please submit a written request via email to our Data Protection Coordinator at info@chearts.site with the subject line “Data Subject Rights Request.” To protect your data, we may take reasonable steps to verify your identity before fulfilling the request, which may involve asking you to confirm information we already hold about you. We commit to responding to all legitimate requests within thirty (30) days of receipt and verification.

8. Children’s Privacy

CARING HEARTS2 INCORPORATED is deeply committed to protecting the privacy of children, especially those under the age of 13, in compliance with the U.S. Children’s Online Privacy Protection Act (COPPA) and similar regulations. We do not knowingly collect Personally Identifiable Information from children under 13 through our website or digital channels without verifiable parental consent. For any program that involves children under 18, we require the explicit, written consent of a parent or legal guardian for the child’s participation and for the collection and use of their information. If a parent or guardian discovers that a child under 13 has provided us with PII without their consent, they should immediately contact us, and we will take prompt action to remove the information from our records. Our in-person programs strictly adhere to all safety and privacy protocols designed to protect minors.

9. Links to Third-Party Websites

Our website and communications may occasionally contain links to external third-party websites, such as partner organizations, government resource portals, or news articles related to our mission. These links are provided solely for your convenience and informational purposes. Please be aware that CARING HEARTS2 INCORPORATED has no control over the content, security, or privacy practices of these external sites. Once you leave our domain, your activity is governed by the privacy policy of the third-party website you are visiting. We strongly encourage you to review the privacy statements of any website you visit before disclosing any personal information.

10. Changes to This Privacy Policy

CARING HEARTS2 INCORPORATED recognizes that our community initiatives, legal requirements, and technological landscape are constantly evolving. As such, we reserve the right to update or modify this Privacy Policy periodically to reflect changes in our practices, services, and applicable law. When we make material changes to this policy, we will provide conspicuous notice to our users through the following methods:

  • Website Banner: Posting a prominent notice on the homepage of our website for a minimum of thirty (30) days following the update.
  • Email Notification: Sending an email notification to all individuals on our main contact list who have not opted out of policy updates, summarizing the key changes.

The “Effective Date” at the top of this policy will always indicate when the latest revisions took effect. We encourage you to review this policy whenever you interact with us to remain informed about our privacy practices and your rights.

11. Contact Information for Privacy Concerns

If you have any questions, comments, or concerns regarding this Privacy Policy, our data handling practices, or if you wish to exercise any of your aforementioned data subject rights, please do not hesitate to contact our designated Data Protection Coordinator. We are committed to resolving all privacy-related issues promptly, respectfully, and transparently.

Data Protection Coordinator

CARING HEARTS2 INCORPORATED

Address: 44 ABBEY LANE 4111, DANBURY, CT 06810

Email: info@chearts.site (Please use the subject line: Privacy Policy Inquiry)