Privacy Policy

Last Updated: January 17, 2026
Effective Date: January 17, 2026

1. Introduction

Fundación Rimas ("we," "our," or "us") is a 501(c)(3) nonprofit organization committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website fundacionrimas.org (the "Website"), make donations, sign up for our newsletter, or otherwise interact with us.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and other applicable privacy regulations.

By using our Website, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Website.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

  • Contact Us: Name, email address, organization name, and message content when you submit our contact form.
  • Make Donations: Name, email address, billing address, and payment information processed through our third-party payment processor (Donorbox).
  • Subscribe to Our Newsletter: Email address for receiving updates about our programs and impact.
  • Apply for Programs: Personal information related to program applications, which may include name, age, contact information, and background information.
  • Volunteer or Partner: Contact and professional information for partnership inquiries.

2.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information through cookies and similar technologies:

  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, click patterns, scroll depth, and navigation paths.
  • Location Data: General geographic location based on IP address (country/region level).
  • Referral Information: The website or source that referred you to us.
  • Technical Data: IP address, browser settings, and time zone.

2.3 Information from Third Parties

We may receive information from:

  • Payment Processors: Transaction confirmation and donor information from Donorbox.
  • Social Media Platforms: If you interact with us through social media, we may receive information according to your privacy settings on those platforms.
  • Partners and Sponsors: Information shared in connection with joint programs or initiatives.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Fulfill Our Mission

  • Process and acknowledge donations
  • Administer programs and grants for youth participants
  • Communicate about our initiatives and impact
  • Coordinate with partners and volunteers

3.2 To Communicate With You

  • Respond to inquiries and provide customer support
  • Send newsletters and updates (with your consent)
  • Provide donation receipts and tax documentation
  • Share information about events and opportunities

3.3 To Improve Our Services

  • Analyze website usage to improve user experience
  • Understand donor and supporter engagement
  • Measure the effectiveness of our programs
  • Conduct research and reporting on our impact

3.4 To Ensure Security and Compliance

  • Protect against fraud and unauthorized access
  • Comply with legal obligations and nonprofit reporting requirements
  • Enforce our terms of service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Consent: When you opt-in to receive newsletters, accept cookies, or voluntarily provide information.
  • Contractual Necessity: To process donations and fulfill our commitments to donors and partners.
  • Legitimate Interests: To improve our services, analyze website performance, and pursue our charitable mission, where these interests do not override your rights.
  • Legal Obligation: To comply with tax laws, nonprofit regulations, and other legal requirements.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us recognize your browser, remember your preferences, and understand how you interact with our Website.

5.2 Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Required for basic website functionality, security, and cookie consent preferences Session / 1 year
Analytics Cookies Google Analytics (GA4) - helps us understand how visitors use our site Up to 2 years
Functional Cookies Remember your language preference and other settings 1 year

5.3 Third-Party Cookies

We use the following third-party services that may set cookies:

5.4 Managing Cookies

You can manage your cookie preferences through our cookie consent banner when you first visit our site. You can also control cookies through your browser settings:

Please note that disabling certain cookies may affect the functionality of our Website.

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

6.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Website and conducting our mission:

  • Payment processors (Donorbox) for donation processing
  • Email service providers for newsletter distribution
  • Analytics providers (Google) for website improvement
  • Cloud hosting providers for website operation

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

6.2 Legal Requirements

We may disclose your information when required by law, such as:

  • Responding to legal process (subpoenas, court orders)
  • Complying with government requests
  • Protecting our rights, property, or safety
  • Investigating potential violations of our policies

6.3 With Your Consent

We may share your information with other parties when you have given us explicit consent to do so.

6.4 Aggregate Data

We may share anonymized, aggregated data that cannot identify you personally for research, reporting, or promotional purposes.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law:

  • Contact Form Submissions: 3 years from last contact
  • Donation Records: 7 years (as required for tax and nonprofit compliance)
  • Newsletter Subscriptions: Until you unsubscribe
  • Website Analytics: 26 months (Google Analytics default)
  • Cookie Consent Preferences: 1 year

After the retention period, we securely delete or anonymize your personal information.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: SSL/TLS encryption for all data transmitted to and from our Website
  • Secure Payment Processing: All donations are processed through PCI-DSS compliant payment processors
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Security Reviews: Periodic assessment of our security practices

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

9.1 Rights for All Users

Regardless of your location, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Unsubscribe: Opt-out of marketing communications at any time
  • Cookie Preferences: Manage your cookie settings through our consent banner

9.2 Additional Rights for EEA Residents (GDPR)

If you are located in the European Economic Area, you also have the right to:

  • Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Restriction: Request that we limit how we use your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint: File a complaint with your local data protection authority

9.3 Additional Rights for California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know: Request disclosure of personal information collected, used, and shared
  • Delete: Request deletion of your personal information
  • Non-Discrimination: Not be discriminated against for exercising your privacy rights
  • Opt-Out of Sale: We do not sell personal information, but you may still submit a "Do Not Sell" request

9.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

10. International Data Transfers

Fundación Rimas is based in Puerto Rico, United States. If you access our Website from outside the United States, your information may be transferred to, stored, and processed in the United States.

For users in the EEA, we ensure that any international data transfers comply with GDPR requirements through appropriate safeguards, such as Standard Contractual Clauses or reliance on service providers' certifications.

11. Children's Privacy

Our Website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our Website. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@fundacionrimas.org.

For our youth programs, we collect information directly from parents, guardians, or authorized representatives in accordance with applicable child protection laws.

12. Third-Party Links

Our Website may contain links to third-party websites, including our payment processor (Donorbox) and social media platforms. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a notice on our Website
  • Send an email notification to registered users (for material changes)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Fundación Rimas

Attn: Privacy Officer

644 Ave. Fernández Juncos

San Juan, PR 00907

Email: privacy@fundacionrimas.org

General Inquiries: info@fundacionrimas.org

Back to Home