501CTHREE Data Protection and Privacy Policy

501CTHREE and its affiliates (collectively, “we,” “us,” or “501CTHREE”) are committed to protecting and respecting the privacy of the individuals. We take your privacy very seriously. Please read this Data Protection and Privacy Policy (this “Policy”) carefully as it contains important information on who we are, and how and why we collect, store, protect, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use, and are responsible for certain personal information about you. When we do so, we are subject to various laws in the United States and the General Data Protection Regulation (“GDPR”), which applies across the European Union and the United Kingdom, and we are responsible as “controller” of that personal information for the purposes of those laws. 

Each of 501CTHREE’s affiliates may be data controllers of your personal information and this information may be shared internally between these affiliates to achieve the purposes set out below.

Personal Information

The personal information we may collect includes name, email address, employer, job title, business address, telephone number, location, or any additional information you elect to provide directly to us: 

  • When filling in forms on our Website (www.501cthree.org), including when you sign up for more information or for our newsletters, for events, to interact with various tools, or to be part of specific communities; and request material, further information, or services;
  • When you report a problem with our Website or contact us for any other purpose;
  • When you respond to surveys that we might ask you to complete for research purposes through our Website;
  • When you input queries using the “search” function on the Website; and
  • When you provide information to be published or displayed on public areas of the Website or transmitted to other users of the Website or third parties.

GDPR, where it applies to our activities, requires us to rely on one or more lawful basis to process your personal information. Each of the following instances constitutes such a basis:

  • Where you give consent (for example, to receive our newsletter and updates).
  • Where we have entered into a contractual arrangement or taken steps at your request prior to entering into one (with you).
  • Where necessary to comply with a legal obligation to which we are subject.
  • Where there is a legitimate interest in us doing so, provided our use is fair, balanced, and does not unduly impact your rights and freedoms; in general, 501CTHREE’s legitimate interests are aimed at furthering our charitable mission (for example, connecting you to volunteering opportunities).

Disclosure of Your Personal Information

We may disclose personal information that we collect or that you provide as described in this Policy:

  • To our affiliates to provide you with requested services;
  • To partners, contractors, service providers, and other third parties we use or work with to support our operations and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
  • To a successor in the event of a merger, divestiture, restructuring, reorganization, or dissolution;
  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of 501CTHREE’s staff and volunteers; and
  • To law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.


501CTHREE is committed to keeping your personal information safe and secure. We take appropriate and proportionate measures to ensure that your personal information is kept secure and to prevent its loss, destruction, and misuse. We use strict procedures and security features, such as encryption, permission controls, and audit logging, to ensure your data is handled securely. You should be aware, however, that the transfer of information over the Internet is not entirely secure and although we will do our best to protect your personal data, we cannot guarantee the security or integrity of any personal information that is transferred online from or to you.

Cookies Statement

Our Website uses cookies to distinguish you from other users of our Website, which helps us to provide you with a better experience when you browse our Website and also allows us to improve our site. Cookies are text files created from the moment you download the webpage and is stored on your computer by a webpage server. They are uniquely assigned to you and can exclusively be read by the webserver in the same domain that issued the cookie. They cannot be used to run programs or viruses.

You have the ability to accept or decline cookies. If you choose to decline cookies, you may not be able to fully experience the interactive features provided by our Website. 

Data Retention

We will only retain your personal information for as long as reasonably necessary to fulfill the purposes for which we use it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of your personal information; the purposes for which we process your personal information and whether we can achieve those purposes through other means; and the applicable legal, regulatory, tax, accounting, or other requirements.

Data Transfer of Personal Information out of European Economic Area

To deliver requested services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (“EEA”). For example, we may share your personal information:

• With our offices or affiliates outside the EEA; or

• With your and our service providers located outside the EEA.

These transfers are subject to special rules under European and United Kingdom data protection laws. These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with applicable data protection laws and all personal information will be kept secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission within any agreements governing such transfers. To obtain a copy of those clauses, please email [email address].

Changes to this Policy

This Policy was published and updated on [Date], 2020. Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, e-mailed to you. Please check back frequently to see any updates or changes to this Policy.

Contact Us

Any questions about this Policy or the ways in which your information is being used should be addressed to info@501cthree.org.

This Data Protection and Privacy Policy was adopted by the Board on December 15, 2020

Sign up for news, critical updates and information around ways you can help