VELLORE CMC FOUNDATION, INC.
What personal information do we collect from people who donate via personal check/website, or simply visit our website/our social media apps?
When you send a contribution by check or give online, we ask for your contact information: name, email address, mailing address, preferred phone number. On the website this information is gathered via Registration. Registration is required in order to donate online, subscribe to a newsletter, or fill out a form. The website does not store personal financial information. One does not need to register to simply visit the website.
In 2014, in order to safeguard donors’ financial information, we stopped providing donors the option to send their credit card information through the mail. They are advised that our secure server is the safest way to charge a gift to a credit card. People who continue to send their credit card information to charge a gift are processed in the office through Chase “Authorize.Net” and advised that future gifts should be made via our secure server. All donor credit card information is redacted from paper communications immediately; it is never kept on file. Checks are scanned using Chase’s proprietary scanner with secure transmission. After scanning, donor checking account numbers are redacted.
Online giving is processed through JP Morgan Chase. Personal data are transmitted directly to their server and are never tracked on our server. Chase’s PaymentTech System processes donor information, contacts donor’s bank and transfers funds to the Foundation’s account. No personal credit card information is stored by Chase or ever conveyed to the Foundation.
How do we store and protect donor/visitor information?
As soon as we receive your contact information via mail or website registration, we enter it into our Database. We use Donor Perfect, one of the leading programs designed for non-profit donor-driven organizations. We host Donor Perfect on our own server.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We use Malware software that is highly rated for security. Your personal information is stored in our secure network and is only accessible to staff who have permission to access such information; they are required to keep the information confidential. Donors who request to be kept anonymous are registered as such in the database.
What do we do with our mailing list?
We send approximately four newsletters and the annual report out to registered people at the home addresses they have provided. Registrants can opt for “No Mail.” In addition, we send monthly e-newsletters to CMC alumni and people who request an e-newsletter when they register. Constant Contact is our provider for this service, and they have a “Safe Unsubscribe” feature visible on every email. Our bulk mail fulfillment center does not maintain any portion of our list. We provide a new list for each mailing.
We never share or sell this information. We do not give out contact information to anyone; if a CMC alumnus is trying to reach another alumnus, we refer him/her to the Alumni Relations office in Vellore. Other requests for contact info are sent to the person being sought for approval before giving out information to the seeker.
Do we use ‘cookies’?
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. Exceptions include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
Third Party Links
We do not include or offer third party products or services on our website.
Does our site allow third party behavioral tracking?
We do not allow third party behavioral tracking.
We have not enabled Google AdSense on our site.
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
COPPA (Children Online Privacy Protection Act)
The Children’s Online Privacy Protection Act (COPPA) puts parents in control of their children under 13. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We never market to children under 13.
Fair Information Practices
In order to be in line with Fair Information Practices our policy is to take the following responsive action should a data breach occur:
- Notify the users via email within 7 business days
- We will notify the users via in site notification within 7 business days
We also adhere to the individual redress principle, which ensures that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle gives individuals recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CANSPAM we agree to the following:
- No false or misleading subjects or email addresses
- We identify message content in the subject line
- The Foundation’s physical address is clearly provided
- We honor opt-out/unsubscribe requests immediately
- We allow users to unsubscribe by using the link at the bottom of each email
- We offer instructions to otherwise unsubscribe: if at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org to be promptly removed from all correspondence.