Privacy policy.

Robinson – Capuno International Privacy Policy

Effective date: December 9, 2025

Robinson – Capuno International (“we,” “us,” “our,” “RCI”) respects your privacy and takes seriously our responsibility to safeguard personal information. This Privacy Policy explains what information we collect on our website and through our programs, how we use and protect it, your rights, and how donation and contact information are secured. We do not sell, rent, trade, or otherwise share personal donor contact lists with outside organizations.

1. Scope & Who we are

This policy applies to personal information collected through our website, mobile pages, donation forms, event registrations, volunteer forms, email sign-ups, and other communications with RCI. The data controller for the information described below is Robinson – Capuno International.
Contact: privacy@robinsoncapuno.org (or mail: Robinson – Capuno International, [Insert street address], [City, State, Zip]).

2. Information we collect

We collect only the information that is necessary to deliver services, communicate with supporters, process gifts, and meet legal and tax obligations. Categories include:

  • Identity & contact information: name, mailing address, email address, telephone number.

  • Donation and payment information: donation amount, gift date, donation method, and limited payment identifiers (e.g., last four digits of card). We do not store full card numbers on our servers.

  • Transactional & engagement data: donation history, event registrations, volunteer records, membership status.

  • Technical & website data: IP address, browser/OS, device identifiers, cookie identifiers, timestamps, pages visited, and analytics data.

  • Communications: content of messages you send to us (email, chat, contact forms).

  • Optional sensitive categories: where you choose to provide them (e.g., employment, employer for matching gifts, or limited health information for event accommodations). We avoid collecting special-category data unless you explicitly provide it and we explain the purpose.

(Examples above follow common nonprofit data categories and disclosure best practices for transparency.) Termly+1

3. How we use personal information

We use personal data for these primary purposes:

  • To process and acknowledge donations and provide receipts (legal/tax records).

  • To operate and improve our programs and events, and to administer volunteer activities.

  • To communicate program updates, newsletters, and requests for support when you opt in.

  • To comply with legal and financial obligations (e.g., tax reporting, anti-fraud monitoring).

  • To protect our organization and supporters (fraud prevention, security, dispute resolution).

  • To support analytics and site operation (site security, UX improvements).

We limit use to the purpose stated when the data was collected and to lawful bases required by applicable law (contract performance, legal obligation, legitimate interest, or consent where required). For California or EU residents, statutory rights listed below may apply. TrustCloud+1

4. Donation processing & safeguards

We treat gift transactions seriously and follow current industry standards to protect payment information:

  • No storage of full payment card numbers on our servers. We rely on trusted, PCI-compliant third-party payment processors to collect and process full payment card details. These processors are contractually required to meet Payment Card Industry Data Security Standard (PCI DSS) requirements (PCI DSS 4.0 and later). The Nonprofit Alliance

  • When you give online, your payment is processed by our payment provider over secure connections (HTTPS/TLS). We store only necessary donor records (name, donation amount, date, receipt) and, where applicable, the last four digits of the card for reconciliation.

  • Encryption: Payment data passed through our systems is encrypted in transit and, where retained for legitimate operational reasons, encrypted at rest.

  • Access controls: Only authorized personnel with a business need have access to donor databases; access is role-based and requires strong authentication.

  • Vendor due diligence: We evaluate and require written security commitments from payment processors and other vendors handling sensitive data and maintain Data Processing Agreements (DPAs) when required.

These technical and organizational measures are aligned with nonprofit industry best practices for donor security. OneCause+1

5. How we secure contact and other personal information

We use reasonable administrative, technical, and physical safeguards to protect personal information, including but not limited to:

  • Encrypted transmission (HTTPS/TLS) for web forms and login pages.

  • Encryption at rest for sensitive databases and backups.

  • Role-based access control and multi-factor authentication for staff accounts with data access.

  • Regular security testing (vulnerability scanning, patching) and periodic third-party audits where appropriate.

  • Employee training on data protection and least-privilege policies.

  • Incident response plan and vendor coordination to investigate and remediate breaches.

While no system is perfectly secure, we maintain procedures to reduce risk and respond quickly to incidents in accordance with applicable law. For donations, we additionally follow payment-processor requirements and PCI guidance. The Nonprofit Alliance+1

6. Data sharing & disclosures — we do not share donor lists

We do not sell, rent, trade, or otherwise share our donor lists or contact lists with third parties for their marketing use. Limited exceptions where we may disclose personal information:

  • To third-party service providers who perform services on our behalf (payment processors, email delivery, CRM hosting, analytics). These providers are contractually limited to process data only for our purposes and must maintain appropriate safeguards (Data Processing Agreements). TrustCloud

  • When required by law, court order, or to comply with lawful requests by government or law enforcement.

  • To protect the vital interests of an individual or the public (e.g., imminent harm).

  • With your explicit consent.

When we use service providers, we require them to use appropriate security and confidentiality measures and to limit use to the services they perform for RCI.

7. Cookies, tracking & analytics

Our site uses cookies and similar technologies to operate (essential cookies), provide analytics, and deliver content and ads where applicable. You can manage cookie preferences through the tool provided on our website and by adjusting your browser settings. For EU visitors, we offer cookie consent that complies with applicable rules concerning consent for non-essential cookies. (See our Cookie Notice [link] for details.)

8. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described (administration, tax and legal obligations, donor stewardship), or as required by law. Retention periods differ by data category (e.g., financial records are typically retained for at least 7 years for tax and audit reasons). Where laws require specific retention periods, we follow those requirements.

9. Your rights & choices

Depending on your location and applicable law, you may have the right to:

  • Access personal information we hold about you.

  • Request correction or updating of inaccurate information.

  • Request deletion of your personal information (subject to legal limitations and our need to retain certain records for tax, legal, or safety reasons).

  • Opt out of marketing communications (every email contains an unsubscribe link; you may also contact privacy@robinsoncapuno.org).

  • For California residents: exercise rights under the California Consumer Privacy Act/CPRA (right to know, delete, correct, opt out of sale/sharing, nondiscrimination). We provide methods to submit requests and will respond within statutory timeframes. California AG+1

To exercise these rights, contact privacy@robinsoncapuno.org. We will verify identity before fulfilling requests to protect your data and prevent unauthorized disclosures.

10. International transfers

If your data is transferred or accessed from outside your country (for example, our servers or service providers located in other jurisdictions), we use appropriate safeguards such as standard contractual clauses, DPAs, and technical protections to provide an adequate level of protection as required by applicable law (e.g., GDPR requirements). TrustCloud

11. Children

We do not knowingly collect personal data from children under 13 for U.S. audiences (or under the applicable minimum age elsewhere) without parental consent. If we learn that we have collected such data without required consent, we will delete it. If you suspect a child’s information has been provided to us without consent, contact privacy@robinsoncapuno.org.

12. Third-party links & social platforms

Our site may include links, plug-ins, or integrations with third-party websites (social media, fundraising platforms). These services have their own privacy practices; this policy does not apply to those third parties. When you authenticate or donate via third-party platforms, their privacy notice governs that transaction. We encourage you to review the privacy practices of any third-party services you use. OneCause

13. Changes to this policy

We may update this Privacy Policy to reflect changes in law, technology, or our practices. When we make material changes, we will post a prominent notice on our website and update the “Effective date” above. We encourage you to review this policy periodically.

14. Security incident & breach notification

If we become aware of a security breach affecting your personal data, we will investigate, notify affected individuals and regulators as required by law, and take steps to mitigate harm. Our incident response is aligned with best practices and legal obligations.

15. More about donor privacy (short summary)

  • We value donor confidentiality and will never sell or share donor lists for marketing. American Printing House for the Blind

  • We use PCI-compliant processors for card transactions and do not retain full card numbers on our servers. The Nonprofit Alliance

  • Donors may opt out of communications at any time; opt-out instructions appear in every fundraising email.

16. Contact & complaints

Questions, requests, or complaints regarding this policy or our data practices should be sent to:

Email: privacy@robinsoncapuno.org
Mail: Robinson – Capuno International, [Insert street address], [City, State, Zip]

If you are an EU resident and unsatisfied with our response, you may also lodge a complaint with your local supervisory authority. California residents may direct privacy inquiries to the California Attorney General’s office or use the contact methods described above. California AG+1

A final note

Trust is the foundation of charitable work. We are committed to protecting the privacy and security of supporters who make our work possible. We follow up-to-date industry standards (e.g., PCI guidance for payments, privacy laws such as GDPR/CCPA/CPRA where applicable, and ISO/organizational best practices) and review our measures regularly to keep pace with evolving threats. The Nonprofit Alliance+2California AG+2