Privacy Policy

St Mary of Carmen Society, Inc.

Last Updated: April 23, 2025

The St Mary of Carmen Society, Inc., located in Newton, Massachusetts, USA, operates this website to collect donations, publicize events, and share our mission and history. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

We collect the following types of information:

  • Personal Information: Names, email addresses, phone numbers, mailing addresses, donation amounts, and any other information you submit through forms (e.g., donation or newsletter signup forms).
  • Payment Information: When you donate or purchase event tickets, our third-party processor, Zeffy, collects and handles payment data (e.g., credit card details). We do not store this information on our servers.
  • Website Usage Data: We use Google Analytics and Microsoft Clarity to collect anonymized data about how visitors use our site, such as pages visited, time spent, and device type. This may include cookies or similar tracking technologies.

2. How We Collect Information

  • Through Zeffy: When you make a donation or buy tickets via Zeffy’s secure platform.
  • Newsletter Signup: When you subscribe to our newsletter through Mailchimp.
  • Website Tools: Google Analytics and Microsoft Clarity automatically gather usage data when you visit our site.

3. How We Use Your Information

We use your data to:

  • Process donations and send ticket confirmations.
  • Email or mail thank-you notes to donors.
  • Store records for fundraising purposes and future marketing (e.g., event updates).
  • Analyze site traffic to improve our website and outreach.

4. How We Share Your Information

We share your data only as necessary:

  • Zeffy: Processes payment data securely on our behalf. See Zeffy’s privacy policy for details.
  • Mailchimp: Manages our newsletter and stores subscriber emails. See Mailchimp’s privacy policy for more.
  • Local Partner Charities: We may share limited data (e.g., names or emails) with trusted local partners for joint events or initiatives.
  • Legal Requirements: We may disclose data if required by law or to protect our rights.

We do not sell your personal information.

5. Where Your Data Is Stored

  • Payment Data: Handled and stored by Zeffy’s secure systems.
  • Other Data: Stored in our website database, hosted by Bluehost, and backed up to Google Drive.
  • Newsletters: Emails are stored in Mailchimp.
  • Email Logging: When you interact with our site (e.g., submit a donation or contact form), we may send emails containing your personal information (e.g., name, email address). These emails are logged and stored securely for site management purposes, such as troubleshooting or record-keeping. Logs are accessible only to authorized administrators.

6. Security Measures

We take steps to protect your data:

  • Our site uses HTTPS encryption via Bluehost.
  • Payment security is managed by Zeffy, a PCI-compliant processor.
  • Admin access to our website, server, and database is secured with two-factor authentication (2FA).
  • Additional protections are provided by Wordfence and Cloudflare.
  • While we strive to keep your data safe, no system is 100% secure. We’ll notify you promptly if a breach occurs.

7. Cookies and Tracking

We use cookies via Google Analytics and Microsoft Clarity to understand site usage. These tools may collect anonymized data like your IP address or browser type. You can opt out by adjusting your browser settings or using tools like the Google Analytics Opt-Out Browser Add-On.

8. Your Rights

You have rights over your data:

  • Access: Ask us what data we hold about you.
  • Correction: Request updates to inaccurate info.
  • Deletion: Ask us to remove your data (except where we’re legally required to keep it, e.g., donation records).
  • Opt-Out: Unsubscribe from our newsletter anytime via the link in each email.

To exercise these rights, contact us at [email protected].

9. Our Audience

Our site primarily serves users in the United States, with rare visitors from the EU or California. If you’re from the EU (subject to GDPR) or California (subject to CCPA), you have additional rights to access, delete, or opt out of data sharing. Reach out to us for assistance.

10. Third-Party Links

  • Our site may link to external sites (e.g., Zeffy, Mailchimp). We’re not responsible for their privacy practices—please review their policies.
  • Our site may include embedded content (e.g., videos, images) from third-party websites. These sites may set cookies or track your interactions, as described in their privacy policies.

11. Children’s Privacy

We do not target or knowingly collect data from children under 13.

12. Contact Us

Questions about this policy or your data? Email us at [email protected] or write to:
St Mary of Carmen Society
P.O. Box 95094
Nonantum, MA, 02495

13. Changes to This Policy

We may update this policy as needed. Check back here for the latest version.