ntroduction and Scope of Policy

At HELPING HEARTS 4 MS BENEFITTING LINDA BARTOK, we understand that your privacy and the confidentiality of your personal and health-related information are paramount, particularly given the sensitive nature of Multiple Sclerosis (MS) and our mission to provide direct, targeted support. This Privacy Policy outlines our unwavering commitment to protecting the personal data we collect, use, and disclose when you interact with our organization, whether through our website, attendance at events, engagement in support programs, or through donation processing. Our dedicated focus on helping individuals affected by MS, and specifically our efforts benefiting Linda Bartok, requires us to handle sensitive information with the utmost diligence, respect, and security. This comprehensive document is designed to be transparent about our data practices, ensuring you are fully informed about how your information enables us to fulfill our mission—from coordinating respite care and adaptive technology funding to delivering specialized educational content. By engaging with our services or providing us with information, you acknowledge and consent to the practices described in this policy, trusting in our dedication to the core principles of integrity and compassion that define our work.

We adhere strictly to applicable privacy laws and regulations, and our policies are continuously reviewed to ensure compliance and best practices in data protection. We believe that clarity and transparency are essential foundations of the trust we strive to build with our beneficiaries, their families, our volunteers, and our generous donors. This policy applies to all forms of information we process, including digital, electronic, paper, and verbal communications, guaranteeing a robust and consistent standard of protection across our entire operational spectrum. This document serves as a binding commitment to handle your private details not just legally, but ethically, always keeping the well-being and confidence of our community at the forefront of every data management decision.

Section I: Information We Collect

Understanding the Data That Empowers Our Mission

We collect various types of information necessary to deliver our specialized programs, manage our organizational health, and connect with our community effectively. The data collected falls into several categories, each essential for different facets of our operation:

1. Personal Identifiable Information (PII) Collected Directly: This information is provided voluntarily when you interact with us for a specific purpose, such as applying for financial aid, signing up for a support group, registering as a volunteer, or making a donation. This is the cornerstone data that allows us to identify you and fulfill direct service requests.

• Contact Information: Full legal name, residential address (998 JARDIN DRIVE, NAPLES, FL 34104-6660 for organizational correspondence), primary telephone number ((555) 555-4MSH), and email address (info@hhmsnl.site). This is used for general communication, newsletter distribution, and event coordination.
• Demographic Information: Date of birth, gender, marital status, and primary language spoken, which helps us tailor our educational and psychosocial support programs to be culturally and age-appropriate, maximizing their relevance and impact across diverse populations within our geographical reach.
• Financial Information (Donors/Beneficiaries): Payment details (credit card information, bank account details) processed securely through third-party platforms for donations. For beneficiaries applying for aid, this includes income verification, household size, and essential financial documentation required to assess and verify need-based assistance requests, ensuring fair and targeted resource deployment. We do not store full payment card details on our internal systems.
• Volunteer/Employment Data: Professional background, skills, certifications (e.g., in therapy or counseling), references, availability, and background check results. This highly detailed information is critical for matching volunteers to the appropriate, sensitive roles, such as Respite Care, ensuring the safety and high quality of care provided to our beneficiaries, including Linda Bartok.

2. Sensitive Health and Program-Related Information (PHI): Due to our specialized mission, we must collect information related to Multiple Sclerosis to confirm eligibility and tailor our support plans effectively. This data is handled with the highest level of confidentiality and restricted internal access.

• Diagnosis and Medical Status: Confirmation of an MS diagnosis, the type of MS (e.g., Relapsing-Remitting, Progressive), primary symptoms, mobility level, and cognitive status. This specific data is vital for our Clinical Advisor, Dr. Eleanor Vance, and the Program Strategist team to create tailored, safe, and effective support plans (e.g., funding a specific mobility device, recommending a specific adaptive yoga class, or coordinating specific daily living assistance).
• Caregiver Information: Details about primary and secondary caregivers, including their relationship to the beneficiary, their emotional support needs, and the specific hours they require respite care. This information is used by Sarah Dubois, our Psychosocial Director, to manage the Respite Program and ensure the whole family unit remains stable and supported.
• Program Participation History: Records documenting the programs you have accessed, the educational workshops attended, and the outcome of the support provided (e.g., successful home modification, completion of a self-advocacy course). This is essential for internal evaluation, measuring our organizational impact, and continuously refining our service delivery model.

3. Usage and Technical Data (Collected Automatically): When you interact with our website (hosted via platforms like WordPress), we automatically collect certain technical information to improve user experience and monitor site performance.

• Website Usage Data: Information about how you access and use the website, including pages visited, time spent on pages, clickstreams, and the sequence of navigation within the site. This data helps our team understand which resources (e.g., educational articles vs. contact forms) are most popular and accessible, guiding website improvement initiatives.
• Device and Network Information: Internet Protocol (IP) address, browser type, device type (desktop, mobile), operating system, and geographic location based on IP address. This helps us troubleshoot technical issues, ensure mobile accessibility, and understand the general demographic reach of our online awareness efforts.

Section II: How We Use Your Information

Transforming Data into Dedicated Support and Community Impact

The information we collect is utilized across multiple organizational functions, each aligned with our mission of supporting those affected by MS and managing the organization with integrity.

1. Fulfilling Our Core Mission and Program Delivery: The most critical use of your PII and PHI is to directly support your or your loved one’s needs, as outlined in our mission statement focused on upliftment and empowerment.

• Individualized Support Planning: We use health and demographic information to assess eligibility for direct financial aid, specialized adaptive equipment funding, and necessary home modifications, ensuring resources are distributed fairly and effectively to meet proven, high-priority needs, especially for our designated beneficiary, Linda Bartok.
• Service Coordination: Contact and program data are used to coordinate the logistics of service delivery, such as scheduling a volunteer for transportation to a medical appointment, managing the delivery and setup of adaptive technology (coordinated by David Rodriguez), and ensuring you receive the correct materials for educational workshops.
• Psychosocial Care: Sensitive information is used by our licensed staff to appropriately place individuals into peer support groups or match caregivers with respite services, ensuring a therapeutic and safe environment for emotional sharing and professional intervention.

2. Organizational Management, Fundraising, and Communications: Maintaining the health and public trust of the organization requires careful use of contact and financial data.

• Processing Donations: Financial information is used exclusively to process your generous donations, issue tax receipts, and acknowledge your contribution to our mission, maintaining the highest levels of transparency and accountability in our financial dealings.
• Communication and Outreach: We use contact information to send you updates about our programs, invitations to community events (like the “Hearts for Hope” Walk/Run), information on MS research advancements, and our monthly digital newsletter. You always have the ability to opt-out of non-essential communications.
• Volunteer Management: We use volunteer data to schedule shifts, match skills to organizational needs (e.g., pairing a volunteer with an accounting background to assist with pro-bono financial literacy workshops), and manage the lifecycle of background checks and training certifications required for sensitive roles.

3. Internal Research, Evaluation, and Quality Improvement: We use aggregated and de-identified data (data stripped of all personal identifiers) to assess and improve our services.

• Impact Reporting: We analyze trends in program participation and outcome data (without revealing individual identities) to measure our overall impact on the MS community, informing our strategic planning and reporting to our Board of Directors and major funders about the effectiveness of our model.
• Program Refinement: Usage data helps us identify gaps in our service delivery or accessibility issues with our website, leading to continuous improvement in the quality, relevance, and reach of our educational and support resources. For example, if a workshop has low attendance, we use usage data to understand if the scheduling or format was the issue.

4. Legal Compliance and Security: In rare circumstances, we use and disclose personal information to meet legal and safety requirements.

• Compliance: We may use and disclose your information as required by law, such as to respond to a subpoena, comply with government audits, or adhere to court orders, ensuring we operate within all judicial and administrative frameworks.
• Safety and Security: We use information to protect the rights, property, or safety of Helping Hearts 4 MS, our beneficiaries, our staff, and the public, including investigating potential threats, fraud, or violations of our internal policies and community standards, upholding our commitment to a safe and trustworthy environment.

Section III: Data Sharing and Disclosure

Strict Limitations on Sharing, Never Selling Your Information

HELPING HEARTS 4 MS does not and will never sell, rent, or trade your personal information, including sensitive health data, to any third-party marketing firms or external organizations for commercial gain. Our commitment to you is based on ethical service, not commercial exploitation. Disclosure of your data occurs only under tightly controlled circumstances necessary to run our non-profit mission or comply with the law.

1. Third-Party Service Providers: We engage external companies to perform essential functions on our behalf. These providers are strictly contractually obligated to protect your data and are forbidden from using your personal information for any purpose other than providing the contracted services to our organization.

• Payment Processors: Companies that securely handle donation transactions and process grant disbursements (e.g., for financial aid).
• IT and Data Hosting Providers: Firms that manage our secure servers, databases, and network infrastructure, ensuring the technical integrity and continuous protection of our stored data, including backup and recovery services.
• Email and Communication Platforms: Services that manage our mass communication, digital newsletters, and secure, encrypted virtual support meeting platforms, ensuring efficient and confidential community engagement.
• Professional Services: Accountants, auditors, and legal counsel who require limited access to specific data for financial auditing, tax compliance, or legal representation, maintaining the highest professional standards of confidentiality.

2. With Your Explicit Consent: We will only share sensitive information (e.g., a specific mobility need or diagnosis details) with external entities when necessary to procure aid and only after receiving your clear, specific, and affirmative written or verbal consent.

• Referrals: If we refer you to a local resource, such as a physical therapist or home modification specialist, we will only share the necessary information required for that entity to begin supporting you (e.g., sharing mobility level but not financial history).
• Fundraising Transparency: In rare instances, and only with prior written permission, we may share a high-level, anonymized summary of a successful aid story (e.g., “A beneficiary received a power wheelchair”) to a donor to demonstrate the impact of their contribution, but never disclosing PII without explicit consent.

3. Legal Obligations and Protection: We reserve the right to disclose information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, regulatory requirements, or valid governmental request, such as a subpoena, search warrant, or court order.
• Protect and defend the rights or property of HELPING HEARTS 4 MS, our staff, or the public, including investigating potential fraud or abuse.
• Act in urgent circumstances to protect the personal safety of beneficiaries, volunteers, or the public, prioritizing immediate human welfare above all else.

4. Aggregated and De-Identified Data: We may share or publicly report aggregated statistical data that cannot be traced back to any specific individual. This includes metrics like the total number of individuals served in a year, the total funds distributed for adaptive equipment, or the demographic profile of workshop attendees. This data is essential for our advocacy efforts and community impact reports without compromising individual privacy.

Section IV: Data Security and Retention

Our Dedication to Protecting Your Confidential Information

1. Security Measures and Protocols: The security of your personal information is paramount to maintaining the integrity of our mission. We implement a rigorous combination of technical, administrative, and physical security measures designed to prevent unauthorized access, use, disclosure, alteration, or destruction of the data we hold.

• Technical Safeguards: All sensitive electronic data, particularly PHI and financial information, is stored on secure, encrypted servers (both at rest and in transit) protected by firewalls and robust network security protocols. We utilize SSL/TLS encryption for all data submitted through our website contact and donation forms, ensuring secure transmission. Regular penetration testing and vulnerability assessments are performed on our digital infrastructure.
• Administrative Safeguards: Access to sensitive beneficiary data is strictly limited on a “need-to-know” basis, meaning only the specific team members (like Dr. Vance and the Program Coordinator) who require the information to execute a support plan can access it. All staff and volunteers with access to PII undergo mandatory, recurrent privacy and security training covering data handling best practices, ethical disclosure protocols, and our commitment to confidentiality. We use complex, multi-factor authentication systems for internal access to sensitive databases.
• Physical Safeguards: Paper records containing PII or PHI are stored in locked cabinets within secured offices at our 998 JARDIN DRIVE location. Access to our office premises is controlled, and physical media (like external hard drives or backup tapes) containing personal information are stored off-site in secure, encrypted facilities.

2. Data Retention Policy: We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Beneficiary Records: Records related to program participation and financial aid are generally kept for the duration of the beneficiary’s active relationship with the organization, plus a legally mandated period (typically seven years) afterward for audit and compliance purposes.
• Donor Records: Donation records and associated financial documentation are retained for a minimum of seven years to comply with tax and auditing regulations.
• Volunteer Records: Volunteer information, including background checks, is retained for the duration of their service plus a short administrative period thereafter, necessary for reference checks or potential legal inquiries.
• Deletion Protocol: Once the retention period expires, we will securely destroy or permanently de-identify the information, ensuring that it cannot be reconstructed or linked back to you.

Section V: Your Rights and Choices

Control Over Your Personal Information

We are committed to ensuring you have control over your personal data. Depending on your jurisdiction (e.g., if you are a resident of the European Economic Area under GDPR or California under CCPA), you may have specific rights regarding your data. We strive to extend these protections to all our community members globally where feasible.

1. Right to Access and Correction: You have the right to request access to the personal information we hold about you and to request that any inaccuracies in that data be corrected or completed. Upon receiving a verified request, we will provide you with a copy of your data in a clear, accessible format.

2. Right to Deletion (Right to be Forgotten): You have the right to request the permanent deletion of your personal information when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent, subject to any overriding legal obligations (such as tax compliance or mandatory program record retention).

3. Right to Object and Restrict Processing: You have the right to object to the processing of your personal data for certain purposes (such as direct marketing or non-essential communications). You also have the right to request that we temporarily restrict the processing of your data while its accuracy is being verified or if you are disputing the legal basis for processing.

4. Right to Data Portability: Where technically feasible, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another organization without hindrance from us.

5. Managing Communications and Opting-Out: You can opt-out of receiving non-essential communications (like our newsletter or general outreach emails) at any time by clicking the “unsubscribe” link located at the bottom of the email, or by contacting us directly at info@hhmsnl.site. Please note that we may still send you necessary transactional emails relating to your program participation, donations, or official administrative notices.

To exercise any of these rights, please submit a formal, verifiable request via email to info@hhmsnl.site or by mail to our physical address. We commit to responding to all verifiable requests within a legally required and reasonable timeframe, typically within 30 days of receipt.

Section VI: Cookies and Tracking Technologies

How We Use Digital Tools for Website Functionality

Our website uses “cookies” and similar tracking technologies to enhance user experience, analyze site usage, and support our non-profit operations. Cookies are small data files stored on your device that help us remember your preferences and improve overall site functionality.

1. Types of Cookies We Use:

• Strictly Necessary Cookies: Essential for the basic operation of the website, enabling core functions like site navigation, secure login access for volunteers, and processing of donation forms. These cannot be turned off.
• Analytical/Performance Cookies: These collect aggregated, anonymous information about how visitors use our website—which pages are most visited, which educational links are clicked, and if users encounter any error messages. This data helps us improve the structure and content of the site to better serve the MS community.
• Functionality Cookies: These remember choices you make (such as language preference or text size) to provide a more personalized and convenient experience for subsequent visits.

2. Third-Party Analytics: We may utilize third-party services, such as Google Analytics, to help us understand web traffic and usage patterns. These third parties may use their own cookies to track your behavior across other websites, though this tracking is external to and managed by their own privacy policies.

3. Managing Your Cookie Preferences: Most web browsers are initially set up to accept cookies automatically. You have the ability to accept or decline cookies. You can manage your preferences through your browser settings, allowing you to delete existing cookies and block future cookies. However, please be aware that disabling strictly necessary cookies may prevent you from using certain essential features of our website, such as secure forms for enrollment or donation processing. We rely on transparency to empower you to make informed decisions about your digital interaction with our organization.

Section VII: Children’s Privacy

Protecting Young Family Members

Our mission involves supporting the entire family unit, including children and teens of individuals with MS. However, our website and primary services are not directly targeted at children under the age of 13, and we do not knowingly collect Personal Identifiable Information from children under 13 without verifiable parental consent.

If a child under 13 wishes to participate in a specific family-focused activity or educational program, we require explicit, verifiable consent from a parent or legal guardian before collecting any PII related to the child, in compliance with the Children’s Online Privacy Protection Act (COPPA). If we become aware that we have inadvertently received personal information from a child under the age of 13 without proper consent, we will promptly delete that information from our records and terminate any related accounts. If you believe a child has provided us with PII, please contact us immediately at info@hhmsnl.site or via our phone line so we can take immediate corrective action.

Section VIII: Third-Party Websites

Disclaimer for External Links

Our website and communications may contain links to third-party websites, resources, or services (such as external neurology clinics, research sites, or adaptive equipment vendors) that are not operated by or affiliated with HELPING HEARTS 4 MS. These links are provided solely for your convenience and informational purposes to augment the support we provide.

We have no control over the privacy practices, policies, or content of these third-party websites. Once you leave our domain, the protection of your personal information is governed by the policies of that external site. We strongly encourage you to review the privacy policy of every website you visit, especially if you plan to provide them with any personal information. HELPING HEARTS 4 MS assumes no responsibility or liability for the content, security, or privacy practices of any linked third-party sites.

Section IX: Changes to This Privacy Policy

Policy Review and Update Protocol

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes to this policy, we will revise the “Effective Date” at the top of the page.

For significant changes, we will notify you through prominent notice on our website homepage or by sending an email notification to the primary email address on file, providing a reasonable period for you to review the changes before they take effect. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of our services or website following the posting of changes constitutes your acceptance of those changes.

Section X: Contact Us and Dispute Resolution

Your Questions and Concerns Are Our Priority

If you have any questions, concerns, complaints, or comments regarding this Privacy Policy, our data practices, or if you wish to exercise your data rights, please contact our dedicated Privacy Compliance Officer:

Detail	Information
Organization Name	HELPING HEARTS 4 MS BENEFITTING LINDA BARTOK
Privacy Contact	Privacy Compliance Officer
Physical Address	998 JARDIN DRIVE, NAPLES, FL 34104-6660
Primary Email	info@hhmsnl.site