Skip to main content
Privacy Policy - Impact Futures Inc

Privacy Policy

Impact Futures Inc | Data Protection and Privacy Commitment

🔒 Current Version

Introduction and Scope

Impact Futures Inc ("we," "our," or "us") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website at futureimpacts.org (the "Website") and when you interact with us through other means.

This Privacy Policy applies to all personal information collected through our Website, including information you provide when making donations, signing up for newsletters, registering for events, volunteering, or otherwise communicating with us. By using our Website, you consent to the data practices described in this policy.

Definition of Personal Information

For the purposes of this Privacy Policy, "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including but not limited to: name, postal address, email address, telephone number, payment information, and any other identifier that permits the physical or online contacting of a specific individual.

Information We Collect

We collect several types of information from and about users of our Website through various means, including:

Category of Information Specific Data Elements Collected Primary Collection Methods Purpose of Collection
Identification Information Full name, email address, physical mailing address, telephone number Donation forms, volunteer applications, newsletter subscriptions, event registrations To identify donors, volunteers, and supporters; to provide receipts and acknowledgments; to communicate about programs and events
Financial Transaction Data Payment card information (processed through secure third-party gateways), donation amounts, transaction dates, payment methods Secure donation processing systems, online payment portals To process donations securely, issue tax receipts, maintain financial records, comply with accounting standards
Communication Content Email correspondence content, contact form submissions, survey responses, feedback comments Email communications, online contact forms, feedback mechanisms, program evaluation surveys To respond to inquiries, improve services, gather feedback, document communications
Technical and Usage Data IP addresses, browser type and version, device information, operating system, referral URLs, pages visited, time spent on pages, navigation paths Automated collection through server logs, website analytics tools, security monitoring systems To analyze website performance, improve user experience, detect security threats, understand user engagement patterns
Program Participation Data Volunteer interests and availability, program preferences, event attendance records, workshop participation Volunteer application forms, event registration systems, program enrollment processes To coordinate volunteer activities, manage program participation, track engagement metrics, tailor communications

We do not collect sensitive categories of personal information such as Social Security numbers, driver's license numbers, precise geolocation data, biometric information, or health data through our primary website functions. Any such information collected through specific programs is governed by separate agreements and protections.

How We Use Your Information

We use the information we collect for various legitimate purposes related to our mission of supporting youth development and organizational operations, including but not limited to:

  • Donation Processing and Acknowledgment: To process your charitable contributions securely, generate tax-deductible receipts, maintain accurate donor records, and acknowledge your support through appropriate recognition channels
  • Program Administration: To manage volunteer applications, coordinate volunteer activities, schedule program participants, track program attendance, and evaluate program effectiveness through participant feedback
  • Communication and Outreach: To send newsletters, program updates, event invitations, impact reports, and other organizational communications to which you have subscribed or for which you have provided consent
  • Customer Service and Support: To respond to your inquiries, address your concerns, provide information about our programs, troubleshoot technical issues, and offer general support regarding your engagement with our organization
  • Website Optimization: To analyze website usage patterns, identify popular content, detect technical issues, improve navigation structures, enhance user interfaces, and optimize overall website performance
  • Legal and Regulatory Compliance: To fulfill our legal obligations, maintain records required by law, respond to lawful requests from authorities, protect our legal rights, enforce our terms of use, and prevent fraudulent or illegal activities
  • Organizational Planning: To conduct internal research, analyze supporter trends, measure engagement effectiveness, inform strategic decisions, allocate resources efficiently, and plan future initiatives
  • Security Enhancement: To monitor for security threats, detect unauthorized access attempts, protect against malicious activities, maintain system integrity, and safeguard confidential information

Legal Basis for Processing Personal Information

We process personal information based on one or more of the following legal grounds as applicable under relevant data protection laws: (1) Your explicit consent for specific processing activities; (2) Performance of a contract to which you are party or to take steps at your request prior to entering into a contract; (3) Compliance with a legal obligation to which we are subject; (4) Protection of your vital interests or those of another person; (5) Performance of a task carried out in the public interest or in the exercise of official authority vested in us; (6) Our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms. Where we rely on legitimate interests, we conduct balancing assessments to ensure our interests do not unduly impact your privacy rights.

Information Sharing and Disclosure

We respect your privacy and maintain strict confidentiality regarding your personal information. We do not sell, rent, lease, or trade your personal information to third parties for their marketing or commercial purposes. We may share your information in the following limited and controlled circumstances:

Category of Recipient Purpose of Sharing Types of Information Shared Protection Measures
Payment Processing Partners To securely process charitable donations, manage recurring payments, handle transaction settlements, and prevent payment fraud Payment card details (tokenized), transaction amounts, billing information, contact details necessary for payment confirmation PCI-DSS compliant processors, encryption during transmission, contractual data protection obligations, limited data retention periods
Service Providers and Vendors To obtain specialized services including email distribution, website hosting, data analytics, customer relationship management, and technical support Contact information for communications, usage data for analytics, technical information for troubleshooting, limited identifiers for service delivery Service agreements with confidentiality clauses, data processing agreements, security requirements, restricted access controls, regular compliance audits
Legal and Regulatory Authorities To comply with court orders, subpoenas, lawful discovery requests, regulatory requirements, tax reporting obligations, or other legal processes Information specifically requested through proper legal channels, limited to what is legally required, with careful review of each request Legal review before disclosure, minimization of disclosed information, protection of privileged communications, assertion of applicable privileges
Professional Advisors To obtain legal advice, accounting services, audit services, consulting services, or other professional guidance necessary for organizational operations Information necessary for specific professional services, under strict confidentiality obligations, limited to required scope Confidentiality agreements, professional ethical obligations, secure transmission methods, need-to-know access restrictions
Organizational Successors In connection with a merger, acquisition, reorganization, sale of assets, or other change of control transaction involving Impact Futures Inc Donor records, volunteer information, program data, contact information, operational records as necessary for transaction Confidentiality agreements during due diligence, privacy impact assessments, notification to affected individuals where required

Data Protection Agreements with Third Parties

All third-party service providers, vendors, contractors, and partners with access to personal information are contractually obligated to: (1) Process personal information only for the specific purposes for which it was disclosed; (2) Implement appropriate technical and organizational security measures to protect the information; (3) Comply with applicable data protection laws and regulations; (4) Notify us promptly of any data security incidents; (5) Return or securely destroy personal information upon termination of services; (6) Not disclose personal information to additional parties without our prior written consent; (7) Cooperate with our privacy compliance assessments and audits. These contractual protections are reviewed regularly and updated as necessary to reflect evolving legal requirements and best practices.

Data Security and Protection Measures

We implement a comprehensive information security program with appropriate technical, physical, and administrative safeguards designed to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our security measures are regularly reviewed and updated to address evolving threats and incorporate industry best practices.

Our security program includes the following key elements:

  • Encryption Technologies: Implementation of industry-standard encryption for data in transit using Transport Layer Security (TLS) protocols and for sensitive data at rest using Advanced Encryption Standard (AES) algorithms
  • Access Control Systems: Role-based access controls, principle of least privilege, multi-factor authentication for administrative access, regular review of access permissions, and immediate revocation of access upon role changes or termination
  • Network Security Measures: Firewall configurations, intrusion detection and prevention systems, regular security patch management, vulnerability scanning, penetration testing, and secure network architecture design
  • Physical Security Controls: Secure facilities with controlled access, surveillance systems, environmental controls, secure disposal of physical records, and visitor management procedures for office locations
  • Incident Response Procedures: Documented incident response plans, security monitoring systems, breach notification protocols, forensic investigation capabilities, and regular incident response drills
  • Employee Training and Awareness: Regular privacy and security training for all personnel, confidentiality agreements, security policy acknowledgments, and ongoing awareness programs about emerging threats
  • Vendor Security Management: Security assessments for third-party vendors, contractual security requirements, regular vendor compliance reviews, and monitoring of vendor security practices
  • Data Backup and Recovery: Regular encrypted backups, tested restoration procedures, geographically dispersed backup storage, and business continuity planning

While we employ reasonable security measures appropriate to the sensitivity of the information we handle, no method of transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure. We continuously evaluate and enhance our security practices to address new threats and vulnerabilities as they emerge.

Data Retention and Disposal Practices

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Our retention periods are determined based on the following criteria:

  • Legal and Regulatory Requirements: Retention periods mandated by applicable laws, regulations, industry standards, or contractual obligations, such as tax laws requiring retention of financial records for seven years
  • Business Purposes: The duration necessary to maintain ongoing relationships, provide continued services, honor historical commitments, or support legitimate organizational needs
  • Nature and Sensitivity of Information: More sensitive information may have shorter retention periods or additional protection measures during retention
  • Consent Status: Information processed based on consent is retained only as long as consent remains valid and has not been withdrawn
  • Statute of Limitations: Retention for potential legal claims, disputes, or investigations within applicable limitation periods

Specific retention periods for common categories of information include:

  • Donor Records: Seven years from last transaction for tax and accounting purposes, with permanent retention of donation amounts and dates in anonymized form for historical records
  • Volunteer Information: Three years after last volunteer activity, with extended retention for background check records as required by law
  • Newsletter Subscriptions: Retained until subscription cancellation or two years of inactivity, whichever occurs first
  • Program Participant Data: Five years after program completion, with extended retention for evaluation and research purposes in anonymized form
  • Website Analytics Data: Twenty-six months from collection, with aggregated statistics retained indefinitely for trend analysis

Upon expiration of applicable retention periods, we securely dispose of personal information using methods appropriate to the media type, including secure electronic deletion and physical destruction of records. Our disposal processes are documented and periodically audited to ensure compliance with retention schedules.

Your Privacy Rights and Choices

Comprehensive Overview of Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have various rights regarding your personal information. We are committed to facilitating the exercise of these rights in accordance with legal requirements:

  • Right of Access: You may request confirmation as to whether we are processing your personal information and, if so, request access to that information along with details about the processing activities, categories of data, recipients, retention periods, and the source of the information if not collected directly from you
  • Right to Rectification: You may request correction of inaccurate or incomplete personal information we hold about you, including by providing supplementary statements to complete incomplete information
  • Right to Erasure (Right to be Forgotten): Under certain circumstances, you may request deletion of your personal information, including when: the information is no longer necessary for the purposes collected; you withdraw consent and no other legal basis exists; you object to processing and no overriding legitimate grounds exist; the information has been unlawfully processed; or deletion is required to comply with legal obligations
  • Right to Restriction of Processing: You may request restriction of processing of your personal information in specific situations, including when: you contest the accuracy of the information (for a period enabling verification); the processing is unlawful but you oppose erasure; we no longer need the information but you require it for legal claims; or you have objected to processing pending verification of legitimate grounds
  • Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may receive your personal information in a structured, commonly used, and machine-readable format and transmit it to another controller where technically feasible
  • Right to Object: You may object to processing of your personal information based on legitimate interests, and we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
  • Right to Lodge Complaints: You have the right to lodge complaints with relevant data protection authorities regarding our processing of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, including by denying services, charging different prices, or providing a different quality of service

To exercise any of these rights, please contact us using the information provided in the Contact Information section below. We will respond to verified requests within the timeframes required by applicable law, typically within 30 days. We may request additional information to verify your identity and prevent unauthorized access to personal information. Some rights may be subject to limitations or exceptions under applicable laws.

Children's Privacy Protections

Our primary Website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 through general website interactions. If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, please contact us immediately using the contact information below. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our systems promptly.

Youth Program Participants

For participants in our youth programs who are minors, we implement additional privacy protections: (1) Separate privacy notices specifically designed for youth and parents; (2) Parental consent requirements for participation and data collection; (3) Limited data collection focused only on program administration; (4) Special security measures for youth data; (5) Restricted access to youth information; (6) Age-appropriate privacy education for participants; (7) Enhanced data retention limitations for youth records. Program-related data collection for minors is handled separately from general website data collection and is governed by additional privacy safeguards, consents, and agreements.

International Data Transfers and Cross-Border Considerations

Impact Futures Inc is headquartered in the United States. If you are accessing our Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our primary database operations occur. The data protection laws of the United States may differ from those in your country of residence.

When we transfer personal information from certain regions (such as the European Economic Area, United Kingdom, or Switzerland) to the United States, we implement appropriate safeguards as required by applicable laws. These safeguards may include: (1) Execution of standard contractual clauses approved by relevant authorities; (2) Implementation of binding corporate rules where applicable; (3) Reliance on adequacy decisions where available; (4) Application of additional technical and organizational measures to ensure protection equivalent to that in the country of origin. By using our Website or providing us with your information, you understand that your information may be transferred to our facilities and to those third parties with whom we share it as described in this Privacy Policy.

Contact Information and Privacy Inquiries

🏢 Impact Futures Inc, New London, Connecticut, USA
📧 info@futureimpacts.org
🌐 futureimpacts.org

For privacy-related inquiries, to exercise your data protection rights, to report privacy concerns, or to request additional information about our privacy practices, please contact us via email with the subject line "Privacy Request." We strive to respond to all legitimate requests within the timeframes required by applicable law. For security purposes, we may need to verify your identity before processing certain requests.

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or technological developments. The "Current Version" designation at the top indicates the most recent revision of this policy. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information. Material changes to this policy will be communicated through prominent notices on our Website or through direct communications where appropriate.