1. Introduction and Scope of this Policy

This Comprehensive Data Protection and Privacy Policy (“Policy”) sets forth the exhaustive framework governing the collection, utilization, maintenance, and disclosure of information gathered from users (“Users”) of the FREE HEARTS website, its affiliated digital properties, and all programs and services offered by FREE HEARTS (collectively, the “Services”). FREE HEARTS is a dedicated non-profit organization committed to spreading love and compassion and empowering individuals through emotional well-being and personal growth, as articulated in our mission statement. In fulfilling this critical mission, we are deeply committed to protecting the privacy and confidentiality of all individuals who interact with our organization, including participants, donors, volunteers, and website visitors. This document details our unwavering commitment to responsible data stewardship, transparency, and compliance with applicable data protection standards. By accessing or utilizing any part of our Services, registering for a program, making a donation, or engaging in any communication with FREE HEARTS, you expressly accept and consent to the practices described in this Policy, acknowledging the legal implications regarding the processing of your personal information as defined herein. Should you disagree with any term or practice described in this Policy, your sole recourse is to cease use of the Services immediately and refrain from providing any further personal information to our organization. This Policy applies uniformly across all platforms and methods of data interaction, whether electronic, written, or verbal.

2. The Nature and Categories of Information We Collect

In order to effectively administer our emotional well-being programs, process charitable contributions, coordinate volunteer efforts, and ensure the operational integrity of our organization, FREE HEARTS collects various types of information, which can be broadly categorized as Personal Identifiable Information (PII) and Non-Personal Identifiable Information (Non-PII). The precise nature of the data collected is strictly contingent upon your specific interaction with FREE HEARTS, whether you are registering a child for a youth workshop or simply browsing our online resources.

2.1. Personal Identifiable Information (PII) Collected

This category encompasses information that can be used to specifically identify you or a member of your family, and it includes, but is not limited to, the following specific data points:

• Identity and Contact Data: This includes full legal name, preferred name, mailing address (2452 WRTLE AVE, HERMOSA BEACH, CA 90254 is our main office location, but we collect your residential address for administrative purposes), unique email address (info@frhearts.site is our main point of contact), telephone number (both mobile and landline), and emergency contact information, including the names and phone numbers of individuals to be contacted in a crisis. We collect this data primarily through online registration forms, donation platforms, and direct communication channels.
• Program and Demographic Data: For participants, we collect crucial information necessary for program fit and safety, which may include the participant’s age, date of birth, grade level, specific program enrollment history, and detailed notes on behavioral or developmental milestones observed during their participation. We also collect the relationship of the guardian to the participant (e.g., Parent, Guardian, Authorized Caregiver).
• Financial and Transaction Data: When you make a charitable donation to FREE HEARTS or pay for program fees, we collect information required to process the transaction, which encompasses the amount of the donation or fee, the date and time of the transaction, and, if applicable, the last four digits of the credit card number, card type, and billing address. Note: We do not directly store full credit card details; these are securely processed and retained by our third-party, PCI-compliant payment processors.
• Sensitive Information for Service Delivery: For certain therapeutic, educational, or highly specialized wellness programs, and strictly with explicit, informed consent from the adult user or the legal guardian of a minor, we may collect highly sensitive information. This data may include limited mental and emotional health history relevant to the program’s scope (e.g., noted anxieties, learning styles, emotional regulation challenges), allergy information for food-related events, and relevant medical conditions that impact participation safety. This information is meticulously protected and its collection is strictly limited to what is essential for safe and effective program customization and delivery.
• Professional and Volunteer Data: For individuals applying to work or volunteer with FREE HEARTS, we collect application materials, including résumés, employment history, educational background, personal references, and the results of mandated background checks. This is necessary to ensure the integrity, safety, and expertise of all personnel interacting with our community members, particularly minors.

2.2. Non-Personal Identifiable Information (Non-PII) Collected

This category includes aggregated or de-identified information that does not directly identify any single individual. This data is collected automatically when Users interact with our website and digital resources, and it is primarily used for analytical purposes to improve the quality and accessibility of our online Services. This may include:

• Technical Data: Information about the device you use to access our Services, including the Internet Protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, and the operating system or platform.
• Usage Data: Details about how you interact with our website, including the full Uniform Resource Locators (URL) clickstream to, through, and from our site (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to navigate away from the page.
• Aggregated Demographic Data: Information derived from PII, such as the total number of participants in a certain age group or the total donations received from a specific geographical region, provided that the data is statistically or numerically aggregated in a manner that prevents the identification of any particular person.

3. Methods and Sources of Information Collection

We employ several methods to collect data from and about you, depending on the nature of your engagement with the FREE HEARTS mission. Transparency about these methods is fundamental to our commitment to ethical data practices.

3.1. Direct Interactions

The vast majority of PII and sensitive data is collected directly from you when you actively choose to provide it to us. This occurs through activities such as:

• Filling out registration forms for the Early Hearts, Teen Empowerment, or Adult Wellness programs, either physically at our center or digitally on our platform.
• Corresponding with us via phone, email (e.g., info@frhearts.site), or postal mail concerning our programs, mission, or events.
• Submitting application materials to volunteer or seek employment opportunities within the organization.
• Making a donation directly through our website’s fundraising portal or in person at a community engagement event.
• Participating in surveys, feedback sessions, or evaluations related to our service quality and impact measurement.

3.2. Automated Technologies and Tracking (Cookies)

As detailed further in Section 9, we utilize automated data collection technologies, such as browser cookies and web beacons, to collect Non-PII and Usage Data when you navigate our website. These technologies allow us to monitor site activity, enhance user experience, and analyze trends, such as identifying the most popular resources or the average time spent engaging with our content. This automated data collection includes your IP address, which may be linked to your general geographic location but is not used to identify you personally unless required for security or legal compliance.

3.3. Third Parties or Publicly Available Sources

In limited circumstances, we may receive information about you from third parties, including:

• Payment Processors: Confirmation data from our PCI-compliant payment partners (e.g., confirmation of successful payment, transaction ID, billing address match) related to your donations or program fees, but explicitly excluding full payment card details.
• Partner Organizations: Information from collaborative partners (e.g., local schools, community centers) with whom you have explicitly consented to share data for the purpose of jointly administering a FREE HEARTS program or event.
• Referral Sources: Information from authorized referrals who provide your contact details for the purpose of initiating a consultation, under the assumption that they have informed you of this sharing.

4. Comprehensive Purposes and Legal Basis for Using Your Data

FREE HEARTS uses the collected data for numerous essential purposes, all of which are directly aligned with our mission of promoting emotional well-being and maintaining the operational efficiency and integrity of a professional non-profit organization. We ensure that every instance of data processing is justified by a valid legal basis, such as fulfilling a contract, pursuing a legitimate organizational interest, or relying on your informed consent.

4.1. Mission Delivery and Program Administration

The core purpose of processing your data is to facilitate and deliver the supportive programs for which you or your family member has registered. This includes:

• Registration and Placement: Using Identity and Program Data to successfully enroll participants, place them in the appropriate age and skill-level groups, and ensure proper staffing ratios are maintained for safety and effectiveness.
• Customizing Support: Utilizing Sensitive Information (with consent) to tailor program delivery, materials, and facilitator approaches to meet the unique emotional or learning needs of a participant, thereby maximizing the impact of our interventions and ensuring a truly client-centered experience.
• Internal Communication: Sending essential, non-marketing communications directly related to program participation, such as schedule changes, class cancellations, important updates regarding your child’s progress, and necessary forms or waivers that require attention.

4.2. Communication and Engagement Management

We use your contact details to foster a robust and engaged community around the FREE HEARTS mission, including:

• Responsive Inquiry Handling: Responding effectively and efficiently to your questions, comments, and consultation requests submitted via email (info@frhearts.site), phone, or website forms.
• Marketing and Awareness: Sending periodic emails, newsletters, and promotional materials (only with your explicit opt-in consent) about new program launches, upcoming special events (like the Family Mindfulness Retreats or Community Day), and critical organizational announcements. All such communications include a clear, accessible mechanism to opt-out or unsubscribe.
• Feedback and Evaluation: Soliciting testimonials, conducting post-program surveys, and collecting feedback to rigorously measure the effectiveness and social impact of our programs, using this data to continuously refine our curriculum and methodologies.

4.3. Financial Management and Resource Mobilization

For the sustainability of FREE HEARTS, we process financial data for purposes that include:

• Transaction Processing: Completing and verifying all financial transactions, including processing donations, issuing tax receipts (as required by law for charitable contributions), and accurately collecting program fees in a secure and compliant manner.
• Donor Relations: Maintaining meticulous records of donor history, contribution amounts, and preferences for acknowledging philanthropic support, which is critical for compliance, budgetary forecasting, and maintaining healthy relationships with our valued benefactors.
• Fundraising Analytics: Analyzing anonymous and aggregated data related to campaign performance, donor demographics, and fundraising trends to strategically allocate resources, improve the efficiency of future campaigns, and ensure the long-term solvency required to serve the Hermosa Beach community.

4.4. Organizational Operations and Compliance

Finally, data is utilized to fulfill our legal obligations and maintain the highest standards of organizational excellence:

• Internal Security and Auditing: Monitoring website usage, conducting system audits, and verifying the identity of personnel (including volunteers) to prevent fraud, protect against cyber threats, ensure data integrity, and comply with non-profit governance standards.
• Legal and Regulatory Compliance: Retaining necessary records (e.g., financial transactions, consent forms, personnel records) for the legally mandated period to comply with federal, state, and local laws, including tax regulations and child safety protocols, ensuring FREE HEARTS operates with absolute ethical and legal integrity.
• Personnel Management: Using Volunteer and Professional Data to vet, train, schedule, and compensate all staff and volunteers, guaranteeing that the individuals delivering our mission are qualified, safe, and fully supported in their roles.

5. Data Sharing and Disclosure Practices

FREE HEARTS does not engage in the business of selling, trading, or renting your Personal Identifiable Information to any third parties for commercial gain, including marketing or advertising purposes. We only share or disclose PII when strictly necessary, under explicit consent, or when legally compelled, and we enforce rigorous data protection requirements on all external parties with whom we share data.

5.1. Sharing with Trusted Third-Party Service Providers

We utilize external service providers to perform functions on our behalf, and we share only the minimum amount of data necessary for them to execute their specific contractually defined tasks. These providers include:

• Payment Gateways: Secure, PCI-compliant vendors who handle the processing of credit card transactions for donations and fees.
• Email Communication Platforms: Providers that manage our secure email distribution lists for newsletters, programmatic updates, and general communications (info@frhearts.site traffic may be processed by these services).
• IT Infrastructure Providers: Hosting, database management, and cloud storage providers who are contractually bound to maintain strict confidentiality and utilize robust security measures (e.g., encryption, access controls) to protect all stored FREE HEARTS data.
• Background Check Agencies: Vetted professional agencies used solely to process background checks for all staff and volunteers working with vulnerable populations.

5.2. Disclosure to Program Partners and Collaborators

In specific instances, and always with your explicit, informed consent obtained through a specific waiver or consent form, we may share limited PII with co-sponsoring partner organizations, such as local school districts or community centers, but only when such sharing is essential for the joint administration of a specific program in which you or your child is actively enrolled, ensuring coordination and continuity of care.

5.3. Disclosure for Legal Compliance and Protection

We reserve the right to disclose your PII if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such action is necessary to:

• Comply with Legal Process: Respond to valid legal requests, subpoenas, or warrants.
• Protect Rights and Safety: Protect the property, rights, or safety of FREE HEARTS, our participants, our staff, or the public, including investigating potential violations of our policies or illegal activities, particularly those related to child protection and mandatory reporting obligations.
• Facilitate Corporate Changes: In the event of a merger, acquisition, restructuring, or transfer of all or a portion of our assets, provided the acquiring entity agrees to adhere to the protection standards set forth in this Policy.

5.4. Aggregated and De-identified Data Sharing

We may share aggregated or completely de-identified information (Non-PII) with partners, donors, and the public for various purposes, such as reporting on our impact, securing new funding, or providing research insights on emotional wellness trends. This data is rigorously stripped of all identifying characteristics and cannot be reasonably linked back to any individual User or participant.

6. Data Security and Safeguarding Measures

FREE HEARTS is dedicated to implementing and maintaining a multi-faceted approach to security that integrates robust technical, organizational, and physical safeguards designed to protect the integrity, confidentiality, and accessibility of the Personal Identifiable Information entrusted to us. We operate in full recognition that no data transmission or storage system can be guaranteed to be 100% secure, but we commit to using industry-standard, best-practice security controls to mitigate risks.

6.1. Technical Security Controls

Our technical infrastructure is secured using comprehensive technological measures, including:

• Data Encryption: All sensitive PII, especially any health-related or financial transaction data, is transmitted using Secure Socket Layer (SSL) technology and is stored with industry-standard encryption protocols when at rest, ensuring that unauthorized parties cannot decipher the data even if they gain access to the files.
• Access Control: Access to PII within our digital systems is strictly controlled and limited to only those FREE HEARTS staff members and authorized administrators who require the information to perform their specific duties (e.g., a Program Facilitator needs access to their participants’ names and allergy data, but not donor financial history). Access is managed via unique user IDs, strong passwords, and multi-factor authentication where possible.
• Network Protection: We employ advanced network firewalls, intrusion detection systems, and regular vulnerability scanning to monitor for and defend against external threats, malware, and unauthorized network penetration attempts, ensuring the continuous security of our primary database systems.

6.2. Organizational and Physical Safeguards

Beyond technical measures, our policy includes mandatory organizational and physical protocols:

• Personnel Training: All FREE HEARTS employees, consultants, and regular volunteers are required to undergo mandatory, recurring training sessions focused specifically on privacy best practices, data handling protocols, confidentiality agreements, and immediate reporting procedures for any suspected data breach or security incident.
• Data Minimization: We operate on a principle of data minimization, meaning we only collect and retain the PII that is absolutely necessary for the effective execution of our mission and services, thus reducing the overall risk profile of our data holdings.
• Physical Security: Hard copy files containing PII, such as signed consent forms or staff background check documents, are securely stored in locked cabinets or facilities at our Hermosa Beach center (2452 WRTLE AVE) with restricted access and monitored by authorized personnel only, ensuring that physical access controls complement our digital defenses.

7. Data Retention Policy

FREE HEARTS retains Personal Identifiable Information only for as long as is strictly necessary to fulfill the purposes for which it was collected, including the satisfaction of any legal, accounting, or reporting requirements that govern non-profit organizations and child-serving entities.

• Programmatic Data: PII related to a participant’s enrollment and progress is retained for a period of seven (7) years following the participant’s last date of service, which allows us to address any potential legal claims, inquiries about service history, or compliance audits, after which it is securely purged or anonymized.
• Donor/Financial Data: Transactional records required for tax and financial auditing purposes are retained for a minimum of seven (7) years as mandated by relevant tax laws. Donor contact and giving history that is not required for tax purposes may be retained indefinitely to support ongoing fundraising and relationship management, unless the donor explicitly requests deletion or removal.
• Consent and Legal Records: Records of explicit consent for data processing (e.g., participation waivers, media consent) are retained for the duration of the program plus the statutory limitation period relevant to the nature of the activity.

8. Your Rights Regarding Your Personal Information

Under various data protection frameworks, including the general principles applied to the State of California, you possess several fundamental rights concerning the processing of your Personal Identifiable Information by FREE HEARTS. To exercise any of these rights, please submit a formal written request to the designated Privacy Contact Person listed in Section 14. We are committed to responding to all legitimate requests without undue delay and within any applicable statutory timeframe.

8.1. The Right to Access and Information

You have the right to request confirmation as to whether FREE HEARTS is processing your PII and, where that is the case, to request access to the specific PII we hold about you, along with detailed information regarding the purposes of the processing, the categories of personal data concerned, the recipients to whom the data has been or will be disclosed, and the estimated retention period for that data.

8.2. The Right to Correction (Rectification)

You have the right to request the prompt rectification of any inaccurate or incomplete Personal Identifiable Information we hold about you. Should you identify an error in your contact information (e.g., your mailing address at 2452 WRTLE AVE or your phone number) or the demographic details recorded for your child, we will update these records immediately upon verification of the correct details.

8.3. The Right to Erasure (Deletion)

You have the right to request the deletion or erasure of your PII from our records when the data is no longer necessary for the purposes for which it was collected, when you withdraw your consent (and no other legal basis for processing exists), or when you object to the processing and we have no overriding legitimate grounds to continue the retention. Please note that this right is not absolute and may be subject to overriding legal obligations that require us to retain records (e.g., financial history for tax compliance, or safety records related to a minor participant).

8.4. The Right to Restriction of Processing

You have the right to request that we temporarily restrict the processing of your PII under certain circumstances, such as if you contest the accuracy of the data and require us to pause processing while the accuracy is verified, or if the processing is unlawful but you oppose erasure and prefer restriction instead.

8.5. The Right to Data Portability

You have the right to receive the PII you have provided to FREE HEARTS in a structured, commonly used, and machine-readable format and have the right to transmit that data to another organization without hindrance from us, provided that the processing is based on consent or contract and is carried out by automated means.

9. Cookies and Tracking Technologies Policy

FREE HEARTS utilizes cookies and similar tracking technologies on its website to enhance user experience, analyze site usage patterns, and manage communication preferences, all of which fall under the category of Non-PII collection.

9.1. Definition and Types of Cookies

A cookie is a small text file placed on your computer or device by a web server when you access a website. We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the operation of our website (e.g., maintaining your login session, remembering your donation basket items). These cannot be turned off.
• Performance Cookies: Collect information about how you use our website (e.g., which pages you visit most often, if you encounter error messages). This data is aggregated and anonymous and is solely used to help us improve the site’s function and user experience.
• Functionality Cookies: Used to remember choices you make (such as language preference or region) and provide enhanced, more personal features, making your subsequent visits more tailored and efficient.
• Targeting/Advertising Cookies: Used to deliver relevant advertisements to you based on your presumed interests, often placed by third-party advertising networks. FREE HEARTS generally minimizes the use of these, but they may be present via embedded third-party content (e.g., social media feeds).

9.2. User Control and Management

You have complete control over the acceptance or rejection of most cookies. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you disable or refuse cookies, please note that some parts of the FREE HEARTS website, particularly the functionality that remembers your preferences or maintains login state, may become inaccessible or not function properly, potentially hindering your ability to register for programs or make donations smoothly.

10. Children’s Privacy (COPPA Compliance)

FREE HEARTS is dedicated to providing programs for children (Early Hearts and Compassionate Kids), and we place the highest priority on protecting the privacy of minors. Our practices comply with, or exceed, the standards set forth by the Children’s Online Privacy Protection Act (COPPA) and other relevant regulations.

• No Direct PII Collection from Children: We do not knowingly collect Personal Identifiable Information directly from any child under the age of 13 through our website or online channels without verifiable parental or guardian consent. All registration, demographic, and contact information for minors is required to be submitted by the parent or legal guardian.
• Parental Rights: Parents and guardians have the right to review, request deletion of, or refuse to permit the further collection or use of their child’s PII at any time by submitting a request to our Privacy Contact Person (see Section 14).
• Limited Data Use: Any PII or sensitive data regarding a minor, collected from the parent or guardian, is used exclusively for the purpose of administering the therapeutic, educational, or safety-related aspects of the specific program in which the child is enrolled and is not used for marketing or non-programmatic purposes.

11. International Data Transfers

The primary operational center for FREE HEARTS is located in Hermosa Beach, California, United States (2452 WRTLE AVE). However, data processing activities, including website hosting and cloud storage services utilized by our organization, may result in your data being transferred to, stored in, and processed in jurisdictions outside of your state, province, or country of residence, including potentially outside of the United States. We are fully committed to ensuring that if your data is transferred internationally, it remains protected by implementing adequate safeguards, such as entering into standard contractual clauses with our data processors, to ensure a comparable level of protection to that afforded by your local jurisdiction. By submitting your personal data, you acknowledge and consent to this necessary transfer, storage, and processing.

12. Links to Third-Party Websites

Our Services and website may contain links to external third-party websites or resources that are not operated by FREE HEARTS. These links, often to relevant educational articles, community partners, or supplementary resources, are provided for your convenience and informational enrichment. We explicitly emphasize that FREE HEARTS has no control over and assumes no responsibility for the content, privacy policies, or data practices of any third-party sites or services. We strongly encourage you to review the privacy policy of every external site you visit before providing any personal information, as their data handling practices will differ entirely from those outlined in this comprehensive Policy.

13. Changes and Updates to this Policy

FREE HEARTS reserves the right, in its sole and absolute discretion, to update, amend, or modify this Privacy Policy at any time to reflect changes in our data processing practices, organizational mission, legal requirements, or technological advancements. When we make material changes to this Policy—particularly those that affect how we collect or use your Personal Identifiable Information—we will revise the “Effective Date” at the top of this document. For significant amendments, we will endeavor to provide you with more prominent notice, such as posting a visible alert on the homepage of our website or sending a direct communication to the primary email address we have on file for you (info@frhearts.site), prior to the change becoming effective. We recommend that Users frequently check this page for any changes to stay informed about how we are continually helping to protect the personal information we collect and process in the service of our mission. Your continued use of the Services following the posting of an updated Policy will constitute your full acceptance of the revised terms.

14. Contact Information and Privacy Requests

Should you have any questions, concerns, comments, or requests pertaining to this Privacy Policy, the data practices of FREE HEARTS, or wish to exercise any of your rights outlined in Section 8 (e.g., access, correction, deletion), we ask that you direct your formal correspondence to our designated Data Protection and Privacy Contact Person.

Data Protection and Privacy Contact Person: Executive Director, FREE HEARTS Email for Privacy Matters: privacy@frhearts.site (Please use this dedicated email for all formal privacy submissions, not info@frhearts.site) Mailing Address: FREE HEARTS – Privacy Office 2452 WRTLE AVE HERMOSA BEACH, CA 90254 United States

Please ensure that all requests are submitted in writing (via email or postal mail) and include sufficient detail to allow us to verify your identity and understand the nature of your request to expedite our response. We are committed to working with you to obtain a fair resolution of any complaint or concern regarding your privacy.