top of page

USTMAAA Foundation

USTMAAA Foundation logo seal
  • Facebook USTMAAA
  • YouTube USTMAAA

USTMAAA site

Privacy Policy

Effective Date: December 6, 2025

 

The University of Santo Tomas Medical Alumni Association in America Foundation ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://www.ustmaaafoundation.org)  or interact with our services, including making donations.

​​

Please read this policy carefully. By accessing or using our site, you agree to the terms of this Privacy Policy.

​

We reserve the right to modify this Privacy Policy at any time. We will alert you to any changes by updating the "Effective Date" at the top of this Policy.

 

We encourage you to review this Policy periodically. Your continued use of the site after the posting of a revised Privacy Policy signifies your acceptance of the changes.

 

1. Information We Collect and Its Purpose

 

We collect different types of information to provide our services, manage donations, and communicate effectively with our community. The primary categories of information we collect are:​

​

A. Personal Data

​

  • Examples of Data Collected: Name, postal address, email address, phone number, login credentials, and demographic data (age, gender, interests) you provide voluntarily.

​

  • Primary Purpose for Collection: To create and manage your account, process donations/orders, provide customer support, and send relevant communications (e.g., newsletters).

​

B. Financial Data

​

  • Examples of Data Collected: Payment card details (e.g., card brand, last four digits, expiration date).

 

  • Primary Purpose for Collection: To process and manage donations, orders, and payments. Note: We do not store full payment card numbers; this data is securely handled by our third-party payment processors (e.g., [Stripe or PayPal]).

​

C. Sensitive Personal Data

​

  • Examples of Data Collected: Data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, or precise geolocation data, if voluntarily provided or collected via technology.

​​

  • Primary Purpose for Collection: Only collected when explicitly required for a program you choose to participate in (e.g., an event requiring dietary needs) or to manage and fulfill specific services. You have the right to limit the use of this data.

​

D. Derivative & Usage Data

​

  • Examples of Data Collected: IP address, browser type, operating system, access times, pages viewed, and referring website addresses.

 

  • Primary Purpose for Collection: To monitor and analyze site usage and trends, improve the site's efficiency and operation, and prevent fraudulent activity.

​

E. Mobile Device Data

​

  • Examples of Data Collected: Mobile device ID, model, manufacturer, and, with your explicit permission, your device's location.

 

  • Primary Purpose for Collection: To provide location-specific services and optimize the site for your mobile device.

​

F. Third-Party Data

​

  • Examples of Data Collected: Information from social networks (e.g., profile picture, username, public contacts) if you link your account. Information from third-party service providers (e.g., fundraising platforms).

 

  • Primary Purpose for Collection: To integrate services, facilitate user-to-user communication, and enhance your user profile.

 

Best Practice Note on Sensitive Data: In compliance with new state privacy laws (including OR, TX, NJ, etc.), we provide you with the right to limit the use and disclosure of any Sensitive Personal Data we collect. Please refer to Section 8.

​

2. Use of Your Information

​

We use the information collected about you for the following business and operational purposes:

​

  • Service Delivery: Fulfilling and managing donations, orders, payments, and other transactions; creating and managing your account.

 

  • Communication: Emailing you regarding your donation or inquiry; sending newsletters; providing updates and offers; requesting feedback.

 

  • Safety & Compliance: Preventing fraudulent transactions, monitoring against theft, protecting against criminal activity, and assisting law enforcement/responding to subpoenas.

 

  • Marketing & Analytics: Compiling anonymous statistical data and analysis; generating a personalized profile to improve future visits; monitoring and analyzing usage trends.

 

  • User Interaction: Enabling user-to-user communications; administering contests and promotions.

 

3. Disclosure and Sharing of Your Information

 

We may share your information in the following situations, always with a focus on responsible data stewardship:

​

  • Third-Party Service Providers: We share necessary information with trusted third parties who perform services for us (e.g., payment processing, email delivery, data hosting, marketing assistance). These providers are contractually obligated to protect your data.

 

  • By Law or to Protect Rights: We may disclose your information if legally required (e.g., subpoena, court order) or if we believe it is necessary to protect the rights, property, and safety of others (including fraud protection).

 

  • Marketing Communications (Opt-In/Opt-Out): We DO NOT sell or rent your Personal Data. With your specific consent (opt-in) or providing an opportunity for you to opt-out, we may share information with select business partners or affiliates for promotional purposes.

 

  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

 

  • Public Postings: Any comments, contributions, or content you post publicly on the site (e.g., message boards) may be viewed by all users and may be distributed outside the site.

 

Crucial Disclaimer: We are not responsible for the privacy practices of third parties with whom you choose to share your data directly (e.g., linking your account to a social network).

 

4. Tracking Technologies and Your Consent

 

We use cookies, web beacons, and similar tracking technologies to help customize the site and improve your experience.

​

  • Types of Tracking:

 

  • Strictly Necessary Cookies: Essential for the site's basic operation (e.g., remembering your session). These do not require consent.

 

  • Non-Essential Cookies (Analytics, Marketing): Used for site analytics (e.g., Google Analytics) or targeted advertising. We require your explicit consent before these are placed on your device.

​​

  • Your Controls:

 

  • Browser Settings: Most browsers are set to accept cookies by default. You can remove or reject cookies through your browser settings, but be aware that this may affect the availability and functionality of the site.

 

  • Global Privacy Control (GPC): We honor the Global Privacy Control (GPC) signal as a valid request to opt-out of the sharing of your personal information (where applicable).

​​

  • Opt-Out Tools: You can opt-out of interest-based advertising by visiting the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.

 

5. Donor Privacy Policy

As a nonprofit organization, we are strongly committed to protecting the privacy of our donors. This section supplements the general Privacy Policy above.

​

  • Donor Information Collected: Name, address, email, phone, donation amount, payment method details (securely processed via third parties), and giving history.

 

  • Use of Donor Information: Solely used to process donations, issue receipts, acknowledge contributions, communicate about our programs/impact, and fulfill donor-requested services (e.g., newsletters).

 

  • Sharing Donor Information: We do not sell, rent, trade, or otherwise share donor lists or personal information with third parties for marketing purposes. Information is only shared with trusted service providers (payment processors, mailing services) bound by confidentiality.

 

  • Donor Anonymity and Opt-Out: You have the right to remain anonymous at any time. Please indicate this when donating or contact us to update your preferences. You may opt out of receiving future solicitations or communications promptly.

​

6. Your Privacy Rights and Choices

​

We respect your right to control your personal data. You may have the following rights depending on your location, including those afforded by the California Consumer Privacy Act (CCPA/CPRA), the "Shine The Light" law, and new 2025 state privacy laws (e.g., OR, TX, MT, NJ, TN, DE).

 

  • Right to Know/Access: The right to confirm whether we process your personal data and to request a copy of the specific data we have collected about you.

​

  • Right to Correction: The right to correct inaccurate personal data we hold about you.

​

  • Right to Deletion: The right to request the deletion of your personal data, subject to certain legal exceptions (e.g., completing a transaction, security, or legal compliance).

​

  • Right to Opt-Out of Sale/Sharing: The right to opt-out of the sale or sharing (including cross-contextual behavioral advertising) of your personal data. Note: We DO NOT sell your personal data.

​

  • Right to Limit Sensitive Data Use: The right to limit the use and disclosure of your Sensitive Personal Data to only what is necessary to perform the services you requested.

​

  • Right to Non-Discrimination: The right not to be discriminated against for exercising any of your privacy rights.

​

  • California "Shine The Light": The right, for California residents, to request information about the categories of personal data we disclosed to third parties for their direct marketing purposes in the preceding calendar year.

​

  • California Minors: The right, for California residents under 18 with a registered account, to request removal of publicly posted data.

​

  • Exercising Your Rights: To exercise any of these rights, please contact us at info@ustmaaafoundation.org. We may require verification of your identity before processing your request. We aim to respond to all valid requests within the timeframe required by law (typically 45 days).

​

You may also review or change your account information or terminate your account at any time by contacting us directly. To opt-out of email communications, use the "unsubscribe" link at the bottom of our emails.

 

7. Security, International Data, and Children

 

A. Security of Your Information

 

We use administrative, technical, and physical security measures (including encryption for financial transactions) to protect your personal information. However, no security system is completely impenetrable. We cannot guarantee absolute security of data transmission over the Internet.

 

B. International Data Transfers (GDPR/CPRA)

 

If you are located outside the United States, your information will be transferred to and processed in the United States. By using our site, you consent to this transfer.

​

  • For users in the EU/EEA: We comply with the General Data Protection Regulation (GDPR) and use approved mechanisms, such as Standard Contractual Clauses (SCCs), to ensure your data receives an adequate level of protection.

 

  • For users in California: We comply with the CCPA/CPRA requirements concerning cross-border data transfers and data rights.

 

C. Policy for Children

 

Our site is not directed at children under the age of 13. We do not knowingly solicit information from or market to children under 13. If we learn we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information immediately.

 

D. Do-Not-Track and EAA

​

  • DNT Signals: We currently do not respond to Do-Not-Track ("DNT") browser signals. However, as noted, we do recognize and respond to the Global Privacy Control (GPC) signal.

 

  • European Accessibility Act (EAA): We are committed to ensuring our digital services meet high accessibility standards to comply with relevant regulations, including the EAA (effective June 2025), which relates to the user.

bottom of page