Effective Date: January 1, 2024 Last Updated: January 1, 2026
BRIGHT Foundation, a 501(c)(3) Public Charity is the Data Controller responsible for your personal data. This policy explains how we process your information when you visit www.brightfoundation.org, www.cpcure.com, www.cpcare.org (the “Site”) in accordance with the GDPR and other applicable data protection laws.
1. Information We Collect and Lawful Basis
We only collect personal data when we have a valid legal reason to do so.
- Donation Information: Name, billing address, and payment details.
- Lawful Basis: Performance of a Contract (to process your donation) and Legal Obligation (for tax and financial reporting).
- Contact Information: Name and email address provided for newsletters or inquiries.
- Lawful Basis: Consent (for newsletters) or Legitimate Interest (to respond to your direct messages).
- Technical Data: IP address, browser type, and usage patterns collected via cookies.
- Lawful Basis: Consent (for non-essential cookies) or Legitimate Interest (for essential site security and functionality).
2. How We Protect and Store Your Data
We implement strict technical and organizational security measures, including encryption and secure servers.
- Data Retention: We only keep your data for as long as necessary to fulfill the purposes for which it was collected. For example, financial records are kept for [X] years to comply with tax laws, while newsletter data is kept until you withdraw consent.
3. Sharing and International Transfers
We do not sell your data. We only share it with trusted service providers (e.g., payment processors or email tools).
- International Transfers: If your data is transferred outside the European Economic Area (EEA), we ensure it is protected by Standard Contractual Clauses (SCCs) or other adequacy frameworks recognized by the EU.
4. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request the deletion of your data (“Right to be Forgotten”).
- Right to Restrict Processing: Request that we limit how we use your data.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.
5. Cookies
Our website uses a cookie banner to obtain your explicit consent before dropping any non-essential cookies. You can manage your preferences by emailing us.
6. Children’s Privacy
We do not knowingly collect data from individuals under the age of 16 without verifiable parental consent. If you believe we have inadvertently collected such data, please contact us immediately.
7. How to Complain
If you have concerns about our data practices, you have the right to lodge a complaint with a Supervisory Authority in your country of residence (e.g., the ICO in the UK or the Dutch DPA).
8. Contact Us
For any privacy-related requests or to exercise your rights, contact our Data Protection representative:
- Email: donations@brightfoundation.org
- Postal Address: Brookfield, Wisconsin 53045
- Data Protection Officer (DPO): “N/A”