Imua Center – Privacy Policy

Imua Center (“we,” “us,” “our”) is committed to protecting the privacy of our donors, volunteers, clients, supporters, and website visitors. This Privacy Policy explains what information we collect, how we use it, how we protect it, and what rights you have when interacting with our website or programs.
Nonprofits are required to provide clear disclosures about personal data under privacy laws such as GDPR, CPRA/CCPA, CalOPPA, VCDPA, and others.

We collect personal and non‑personal information when you interact with our website or services. Nonprofits typically collect:

• Personal Identifiable Information (PII): 
  • Names, email addresses, phone numbers, mailing addresses
  • Donation information
  • Volunteer sign‑up information
  • Event registration details
  • Newsletter subscription details
• Technical Data: 
  • IP addresses, device identifiers, cookies, analytics, location‑related data
    These categories reflect nonprofit‑standard PII definitions and requirements

We gather information through:

• Website forms (contact, volunteer, event registration)
• Donation platforms
• Email newsletter sign‑ups
• Cookies, analytics tools, and tracking technologies
• Third‑party service providers like payment processors and email platforms
  These collection methods align with current nonprofit privacy guidelines.

Imua Center uses collected data to:

• Process donations and issue tax‑deductible receipts
• Communicate updates, newsletters, and impact stories
• Coordinate volunteer and program activities
• Manage events, safety, and logistics
• Improve website performance and user experience
• Maintain security and prevent fraud
  Such uses correspond to established nonprofit privacy principles and GDPR‑aligned purpos

If visitors from the EU/UK interact with our website, the following legal bases apply:

• Contract/legal obligation (processing donations, issuing receipts)
• Legitimate interests (security, program operations)
• Consent (marketing emails, non‑essential cookies)
  This follows nonprofit GDPR compliance guidance.

We use essential and non‑essential cookies to:

• Operate core site functions
• Analyze engagement and improve content
• Support fundraising pixels or analytics tools
  EU/UK users must be able to accept/reject non‑essential cookies, and California users must have a Do Not Sell/Share option if ad identifiers are used.

We do not sell personal data.
However, we may share information with trusted service providers who assist with:

• Payment processing (e.g., Stripe, PayPal)
• Email distribution (e.g., Mailchimp)
• CRM/donor management platforms
• Event systems and volunteer management tools
  Nonprofits are expected to disclose data relationships with such processors.

Each partner processes data under their own privacy policy, which users may review.

We implement industry‑standard safeguards such as:

• Encryption
• Access controls and secure storage
• Regular security and compliance reviews
  Security expectations for nonprofits emphasize clear safeguards.

We retain personal information only as long as needed for:

• Donation and tax‑reporting requirements
• Program participation records
• Event records
• Analytics data (typically 13 months unless otherwise required)
  This reflects best‑practice nonprofit retention recommendations.

Depending on your region, you may have rights to:

• Access your data
• Request corrections
• Request deletion
• Object to processing
• Opt‑out of marketing communications
• Request limits on data use
  These rights correspond to GDPR, CPRA, and other emerging state laws. 

To submit a request, contact us at:
📧 office@imuacenter.org

Our website and services are not intended for children under 13. We do not knowingly collect data from minors. Nonprofits must disclose how children’s data is handled. 

If you are located outside the United States, your information may be transferred to and stored on servers within the U.S. These transfers occur under applicable data protection safeguards. Nonprofit GDPR guidance requires such disclosure.