Privacy Policy
The American Action Fund for Blind Children and Adults (AAF) values your privacy and is committed to protecting your personal information. This policy explains how we collect, use, and safeguard your data, whether you interact with us online at actionfund.org or offline through our direct mail programs. If you have questions or concerns, please contact us at [email protected] or American Action Fund, Attn: Privacy Policy, 1800 Johnson Street, Baltimore, Maryland 21230.
Privacy Policy for Users of Actionfund.org
What Information We Collect
When you use Actionfund.org, we may collect:
- Basic contact details: Name, address, email, and phone number (e.g., when you make a donation or request a service).
- Payment information: Credit card details for transactions, processed securely via PayPal Payflow Pro (see their Privacy Policy for details).
- Technical data: IP address, browser type, or device information via cookies to improve your experience.
How We Use Your Information
We use your data to:
- Process donations or service requests you initiate.
No personal information acquired through your use of this website is shared with any third party except as is necessary to fulfill a request for a service or to donate. Sensitive data, like full credit card number, is never shared.
Payment Security
We follow Payment Card Industry (PCI) standards to protect your payment information:
- Credit card details are not stored in our databases or on our servers.
- For recurring donations, we use a secure “token” to identify you to our payment gateway (PayPal Payflow Pro). This token restricts transactions to amounts and frequencies you authorize.
Website Security
- We use Secure Socket Layer (SSL) encryption to protect data sent between your device and our servers.
- Our servers and networks are safeguarded with firewalls and industry-standard security practices.
- Cookies
- Our website may use cookies, small files stored on your device, to personalize your experience (e.g., remembering your preferences). We do not use cookies for advertising or tracking you across other sites. You can manage cookie settings in your browser.
Access
- Only those who need access to perform their duties can view your data. They use personal logins and complex passwords, and access is revoked when their role changes or ends.
Your Rights
You can:
- Review, update, or delete your personal data by emailing [email protected] or writing to us at the address above.
Privacy Policy for Offline Users
What Information We Collect
When you respond to our direct mail through the U.S. Postal Service, we may collect:
- Basic contact details: Your name and mailing address.
- Donation information: Details of your contribution (e.g., amount donated), but not credit card numbers or full payment details.
How We Use Your Information
We use your data to:
- Process your donation or response through secure third-party vendors, Engage USA (our lockbox vendor for mailed payments) or Saturn (Saturn uses an Authorize.net account setup and managed by AAF. Saturn enters donor details through a secure web form with a web hook to the Authorize.net account. AAF manages changes and refunds directly in the Authorize.net account.)
- Send you future mailings about our mission, ways to help, and donation opportunities.
- We do not share sensitive data beyond what is necessary to process your response, manage our mailing list, or analyze donors and donations. Personal Identifiable Information (PII) may be stored in secure third-party environments as part of these processes.
Payment Security
- Mail-In Payments: Credit card details or other payment information from mail responses are processed securely by Engage USA and not stored in our databases or on our servers. Our vendor adheres to strict security standards and provides a SOC1 report (a professional audit of their controls) to ensure your data is protected.
- Mass Mail Payments: Saturn processes these payments via Authorize.net.
- Recurring Payments: We process recurring donations through PayPal Payflow Pro and Authorize.net ensuring data protection.
Mailing List Management
- We maintain a list of donors, including name, address, and contribution history, on our secure servers.
- This list helps us send future mailings to previous supporters and identify potential new donors through exchanges of prospect lists with other organizations and in partnership with Wiland, Inc.
Access
Only those who need access to perform specific duties (e.g., managing mailings) can view your data. They use personal logins and complex passwords, and access is revoked when their role changes or ends.
Your Rights
You can:
- Request to stop receiving mail or opt out of name exchanges with other organizations by emailing [email protected] or writing to American Action Fund, Attn: Privacy Notification, 1800 Johnson Street, Baltimore, MD 21230.
Additional Information
How Long We Keep Data
We retain your information in our system indefinitely as active or inactive. Inactive contacts are listed as ‘do not mail’ or ‘do not contact’ and kept in the system to compare with and remove from future prospect mail list exchanges.
Data Breach Response
If a breach occurs, we will notify affected users promptly and take steps to mitigate harm, as required by applicable laws.
Legal Compliance
We comply with United States privacy laws and strive to meet international standards (e.g., GDPR for transaction-related data, CCPA) where applicable.
Updates to This Policy
We may update this policy as needed. Changes will be posted on actionfund.org, and significant updates will be emailed to users when necessary. Revisions addressing AAF data sharing, GDPR, or PCI-DSS compliance will be clearly communicated.
Complaints
Please email [email protected] with any complaints about this policy.