Privacy Policy

Last Modified: 02/28/2025

We created this privacy policy to explain how information you provide to us is used and shared. This privacy policy applies to personal information collected from contributors, participants and attendees of our programs and events, as well as other users who visit, interact, and/or use our website and online platform. Please read this policy carefully, as it contains important information on how and why we collect, store, use, and share your personal information. This policy also explains your rights concerning your personal information and how to contact us or supervisory authorities if you have a privacy-related complaint.

1. Key Terms. It would be helpful to start by explaining some key terms used in this policy:

“We,” “us,” or “our” refers to Curebound, Inc., a United States 501(c)(3) public charity (EIN: 46-0552414).

“Our website” refers to this website, www.curebound.org, unless otherwise specified.

“Personal information” refers to any information relating to an identified or identifiable individual.

2. What Personal Information We Collect and How It’s Collected. We collect most of the personal information directly from you when you provide it to us voluntarily, such as through our website, communications with us via e-mail/phone/video conference, or in person when participating in our programs or events. Some personal information is collected automatically when you visit our website through third- party technologies like Google Analytics Tracking. The categories listed below is intended to give you an idea of what we collect. Note that some categories may overlap or include additional information not specifically mentioned here.

Identifiers such as your full legal names, alias, e-mail addresses, mailing/physical addresses, phone numbers, dates of birth, social security numbers, tax identification numbers, signatures, passport numbers, driver’s license numbers, and similar identifiers.

Financial Information such as your bank account numbers, ABA RTNs (Routing Transit Numbers), IFSC codes (Indian Financial System Codes), BIC codes (Bank Identifier Codes), and IBAN codes (International Bank Account Numbers), in order to process payments for events and programs, and donation payments.

Other Information such as your education, employment, and/or other data that you provide when participating in our programs, events, or application processes that helps us understand your demographics.

Internet Or Other Electronic Network Activity Information such as your operating system, IP addresses, geolocation data, browser type and language, referring and exit pages, keywords, date and time of access, duration of visit, and website sections visited. Like most websites, this information is automatically collected through cookies and pixel tags (web beacons), which store data on your computer’s hard drive. You can adjust your browser settings to reject cookies, but this may limit certain website functionalities.

3. Third-Party Web Tools. We may employ third-party service providers and data processors to facilitate our Services, provide the Services on our behalf, perform services related to the Websites or Mobile Applications or assist us in analyzing how our Services are used. We may also work with third party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

• Google Analytics We use Google Analytics to understand which links, buttons, tabs, and search filters are most popular so that we can develop site features and improve our visitors’ user experience. IP addresses are anonymized and never stored. Anonymous demographic information is gathered using Google Demographics and Interests reports. When you visit a website that has partnered with the Google
Display Network, Google stores a number in your browser using a persistent cookie to remember your visits. This number uniquely identifies a web browser, not a specific person. Browsers may be associated with a demographic category, such as a gender or age range, based on the sites that were visited.

You can opt out of all Google Analytics tracking by installing a browser extension available for most major browsers. Read the Google Analytics Privacy Policy.

How and Why We Use Your Personal Information. We only use your personal information for legitimate reasons in accordance with the law. Our purposes for the information are:

Programs and Events. We use personal information to administer and improve our programs and events, including managing participant information, tracking website visits, and organizing activities.

Communications. We use personal information to connect with program participants, event attendees, contributors, and website users. This includes providing updates, responding to inquiries, and delivering relevant information about our organization, events, initiatives, and opportunities.

Research and Evaluation. We use personal information to assess program effectiveness and identify patterns among participant characteristics. This helps us evaluate inquiries through our contact forms and continuously refine our programs. We also use personal information to compile metrics, such as participation numbers and demographic data (age, gender, race). These findings may be shared with management and included in our impact reports to demonstrate our program outcomes and reach. All published information will be aggregated and anonymized to protect participant privacy.

Tax and Legal Compliance. We use personal information to comply with tax reporting requirements and to fulfill any legal and regulatory obligations imposed under United States federal and state law and the laws of other jurisdictions that may apply to us.

Website Analysis and Improvement. We use personal information such as IP addresses and browsing patterns to analyze website usage and enhance functionality, content, and user experience.

Technical Support and Security. We use personal information to identify, prevent, and address technical issues, including troubleshooting problems, maintaining web security, and investigating potential unauthorized access to our systems.

Other Purposes. We may use personal information for any other purpose fully disclosed at the time of collecting the information or with your consent.

Promotional Communications. We may use your personal information to send you updates by e-mail about our programs, events, and initiatives. We have a legitimate interest in processing your personal information for promotional purposes, so we do not usually need your consent to send you these communications. However, where consent is needed, we will ask for this consent separately and clearly. We will always treat your personal information with the utmost respect and never sell or share it with other entities for marketing purposes. You have the right to opt out of receiving promotional communications at any time by using the “unsubscribe” link in e-mails.

Who We Share Your Personal Information With. We share personal information with the following:

Service Providers. We share personal information with service providers we use to facilitate our programs and events, such as contractors, payment processors to receive donations and event payments. We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.

Other Third Parties. We may from time to time share personal information with other third parties we use to assist with our general operations, such as legal and tax counsel, accountants, as well as external auditors in relation to the audit of our books and records. We may share personal information with third parties approved by you, including social media sites you choose to link your account to or third-party payment providers. We will typically anonymize information when we share with third parties, but this may not always be possible. That said, the recipient of the information will typically be bound by confidentiality obligations.

• Government Agencies. Lastly, we may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We have never sold, nor will we ever sell, any personal information to a third party. In the preceding 12 months, we have only disclosed personal information to our service providers and other third parties to the extent conducive to our operations. The categories of personal information disclosed are those outlined earlier above (see What Personal Information We Collect and How It’s Collected).

Where Your Personal Information is Held. Information may be held at our office(s) and those of our service providers, third party agencies, representatives, and agents as described above (see Who We Share Your Personal Information With). These third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see Residents of the European Economic Area.

How Long Your Personal Information Will Be Kept. We will keep your personal information only for as long as is necessary:

To process payments and to administer our programs, events, and related services;

To respond to any questions, complaints, or claims made by you or on your behalf;

To show that we treated you fairly; or

To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information depending on applicable law. For instance, U.S. tax law may require us to keep these records for a certain number of years. When it is no longer necessary to retain your personal information, we will delete or anonymize it.

9. Residents of the European Economic Area. Although we do not have an active presence in the European Economic Area (EEA), we are fully aware of our responsibility to safeguard the personal information of EEA residents. As our operations are primarily based in the United States, it may be necessary for us to share your personal information with our office, service providers, and other relevant parties located outside the EEA. We want to assure you that we implement appropriate measures to comply with data protection laws and ensure the security of your personal information. These measures may involve utilizing standard contractual clauses approved by the European Commission or obtaining your explicit consent for such transfers.

By interacting with our Organization and using our website, you acknowledge and consent to the transfer of your personal information outside the EEA. We are committed to protecting your personal information and will communicate any changes related to data transfers outside the EEA.

We hope that we can resolve any query or concern you raise about our use of your information. The GDPR also gives you right to lodge a complaint with a supervisory authority, in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. If you would like further information, please contact us (see How To Contact Us).

10. Children Under 13. We do not knowingly collect personal information from or market to children under the age of 13. If we discover that we have inadvertently collected personal information from anyone under age 13, we will promptly delete it. As stated in this privacy policy, we use collected information only for the intended purposes and do not disclose it to third parties, except as necessary to facilitate our programs and events or as mandated by law. We maintain appropriate security measures to protect the collected information. This privacy policy serves as direct notice to program and event participants, and other users about our data collection practices, explaining what information is being collected and how it will be used.

11. Your Rights. Under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), you have the following rights:

Right to Access (GDPR): You have the right to access and obtain a copy of your personal information held by us.

Right to Rectification (GDPR): You have the right to request the correction of inaccurate or incomplete personal information.

Right to Erasure (GDPR): You have the right to request the deletion of your personal information, subject to certain exceptions.

Right to Restrict Processing (GDPR): You have the right to request the restriction of processing of your personal information in certain circumstances.

Right to Data Portability (GDPR): You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another data controller.

Right to Object (GDPR): You have the right to object to the processing of your personal information, including for direct marketing purposes and in certain other situations.

Right Not to be Subject to Automated Decision-Making (GDPR): You have the right not to be subject to decisions based solely on automated processing, including profiling, if it produces legal effects or significantly affects you.

Right to Know (CCPA): You have the right to know the categories of personal information collected, the sources of collection, the purposes of collection, the categories of third parties with whom the information is shared, and the specific pieces of information collected about you.

Right to Opt-Out (CCPA): You have the right to opt-out of the sale or disclosure of your personal information to third parties.

Right to Deletion (CCPA): You have the right to request the deletion of your personal information, with certain exceptions.

Protection Against Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights under the CCPA.

Please note that certain exceptions and limitations may apply to these rights as outlined in the respective regulations.

12. Keeping Your Personal Information Secure. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

13. How to Exercise Your Rights. If you would like to exercise any of your rights as described in this privacy policy, please contact us at info@curebound.org.

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period. When you contact us, you will need to provide us with enough information to identify you, including your full name and e-mail address, and a description of what right you want to exercise and the information to which your request relates. Note that we are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf. Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

14. Changes to This Privacy Notice. This privacy notice was published on [date first published] and last updated on the date provided above. We may change this privacy notice from time to time–when we do, we will post any such changes to this page and inform you by posting notice of the same on our website.

15. How to Contact Us. If you have questions about this policy or would like this notice in another format (for example: audio, large print, braille), please contact us at info@curebound.org. Additionally, the contact information for our representative and Data Protection Officer is provided below.

Our Representative: Karen Hooper, Chief Operating Officer | karen@curebound.org

Our Data Protection Officer: Karen Hooper, Chief Operating Officer | karen@curebound.org