Privacy is important to us

Here’s a quick description of how we use, protect your data and respect your privacy. For the full details, you can read our full privacy policy.

What data do we collect?

  Contact Information

First Name, Last Name, Email, Address, Phone Number, Job Title, Company of donors to process gifts, send gift acknowledgments, and pass on their information when elected.

  Usage

Website Activity, IP Address, Cookies, Login Data, Email Analytics to enhance customer experience, maintain security and support marketing efforts.

  Company Details

Company address, Phone, Bank Account, Point of contact information to manage our relationship, pass on required information and fulfill our services.

Who do we share data with?

  Charity Partners

When elected by the donor we pass on the donors contact information including designation, company, job title, first name, last name, address, email, pledge amount, paid amount, and gift type to their designated charity.

  Vendors

We work with vendors to perform tasks on our behalf. All vendors are vetted to ensure our security and privacy standards are met

  No-Sell Policy

We do not trade or sell your data for monetary consideration.

What are your rights?

  Direct Marketing

Adjust your settings or unsubscribe from marketing communications.

  Website Cookies

Change your cookie preferences at any time.

  Data Subject Request

Exercise your privacy rights by submitting a data subject request.

How we secure data

NIST 800-171

The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect Controlled Unclassified Information. It provides guidelines on how CUI should be securely accessed, transmitted, and stored; its requirements fall into four main categories: Controls and processes for managing and protecting, Monitoring and management of IT systems, Clear practices and procedures for end users, Implementation of technological and physical security measures. CHC is not required to meet NIST SP 800-171 but does to show its dedication top security and privacy.

PCI DSS

The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. CHC is PCI compliant via Self-Assessment Questionnaire A. CHC does not store or transmit credit card numbers. All credit card information is handled by validated third party partners.

GDPR

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). CHC is GDPR compliant.

CCPA

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. CHC is compliant with the CCPA.

  • Secure System Design
  • SOC 2 Data Center
  • Web Application Firewall
  • Vulnerability Scanning and Penetration Testing
  • Encrypt data in transit and at rest
  • Email Security including DMARC, SPF and DKIM enforcement
  • Multi-factor authentication
  • Continuing education to stay up to date on the latest cyber threats
  • Business Continuity and data recovery plans to avoid any outages
  • Latest cloud security technology
  • Intrusion prevention system
  • 24/7 Continuous monitoring
  • Continuous monitoring
  • Principle of least privilege
  • Detailed employee and vendor policies
  • TrustedSite Verified Business, Certified Secure, Malware Free and Spam Free.