The Bob Hall Legacy Fund

Privacy Policy

Effective Date: January 1, 2026

The Bob Hall Legacy Fund (“we,” “our,” or “us”) respects your privacy and is committed to protecting personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website or make a donation in support of our mission.

1. Scope of This Policy

This Privacy Policy applies to information collected through the Bob Hall Legacy Fund website and related donation services. It does not apply to third-party websites or services that are linked from our site.

2. Information We Collect

2.1 Information You Provide Voluntarily

We may collect personal information when you:

  • Make a one-time or recurring donation
  • Set up, modify, or cancel a recurring contribution
  • Contact us directly by email or other means

This information may include:

  • Name
  • Email address
  • Billing address
  • Donation amount and frequency

We do not collect or store full credit card numbers or bank account details.

2.2 Information Collected Automatically

When you visit our website, certain information may be collected automatically, including:

  • IP address
  • Browser and device information
  • Pages viewed and interactions
  • Date and time of access

This information is used for security, operational analytics, and website improvement and is generally aggregated. We use privacy-configured analytics tools that do not rely on tracking cookies or collect personally identifiable information.

3. How We Use Personal Information

We use personal information for the following purposes:

  • Processing and acknowledging donations
  • Administering recurring contributions
  • Responding to inquiries and requests
  • Maintaining accurate financial and tax records
  • Improving website performance and user experience
  • Preventing fraud and ensuring security
  • Complying with legal and regulatory obligations

We do not sell, rent, license, or otherwise commercialize personal information, and we do not share personal information for advertising or marketing purposes.

4. Third-Party Service Providers

We use trusted third-party service providers to support our operations, including website hosting, analytics, and payment processing. These providers are authorized to process personal information only as necessary to perform their services and are required to maintain appropriate confidentiality and security safeguards.

Data Controller and Processors

The Bob Hall Legacy Fund acts as the data controller for personal information collected through this website. Third-party service providers, including Stripe and Matomo, act as data processors or independent controllers as applicable, processing personal information only for the purposes described in this policy and in accordance with their own privacy obligations.

Stripe Payment Processing

We use Stripe, Inc. as our third-party payment processor to securely handle donations and recurring contributions through Stripe Payment Links.

When you make a donation or set up a recurring contribution, you are redirected to a secure, Stripe-hosted payment page. Payment information, including credit or debit card details, billing information, and transaction metadata, is collected and processed directly by Stripe. We do not receive or store your full payment card numbers or banking details.

Stripe may process personal information in order to:

  • Complete and manage donation transactions
  • Administer recurring billing
  • Detect and prevent fraud or unauthorized activity
  • Comply with legal, tax, and regulatory obligations

Stripe may act as an independent data controller for certain processing activities related to payment compliance, fraud prevention, and regulatory obligations. Its handling of personal information is governed by Stripe’s own privacy and security policies.

Recurring Donations and Cancellations

If you choose to make a recurring donation:

  • Charges are billed automatically at the frequency you select
  • Stripe securely stores the necessary payment information to process future donations
  • Recurring donations may be modified or canceled at any time through the Stripe-managed payment interface or by contacting us for assistance
  • Recurring donations remain active until canceled by the donor

We do not control Stripe’s internal data retention practices related to payment information.

Website Analytics (Matomo)

We use Matomo, a privacy-focused web analytics platform, to understand how visitors use our website and to improve its performance and usability.

Matomo is configured in a privacy-respecting manner:

  • IP addresses are anonymized
  • Tracking cookies are disabled
  • No user profiles or cross-site tracking are created
  • No personally identifiable information is collected

Analytics data is used only in aggregated form to evaluate website usage. This information is not shared with third parties and is not used for advertising, profiling, or marketing purposes.

Where required by applicable law, we provide visitors with appropriate notice and choices regarding analytics and data collection through a consent banner or browser-based controls. Our website also respects browser “Do Not Track” (DNT) signals where supported and does not engage in behavioral tracking or profiling.

5. Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, personal data is processed based on one or more of the following lawful bases:

  • Consent
  • Performance of a contract or donation request
  • Compliance with legal obligations
  • Legitimate nonprofit operational interests, provided those interests are not overridden by individual rights

6. Data Retention

Personal information is retained only for as long as necessary to:

  • Fulfill the purposes described in this policy
  • Maintain donation, accounting, and tax records
  • Comply with applicable laws and regulations

Donation and financial records may be retained for legally required retention periods, including those related to accounting, tax, and nonprofit compliance obligations.

7. Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, or destruction.

While we take reasonable steps to protect personal information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Privacy Rights (GDPR)

If you are located in the EEA, the UK, or Switzerland, you may have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure of personal data, where legally permissible
  • Restrict or object to certain processing
  • Request data portability
  • Withdraw consent at any time, where processing is based on consent

To exercise your privacy rights, please contact us by email using the address listed in the Contact Information section. We may request information necessary to verify your identity before processing a request.

You also have the right to lodge a complaint with your local data protection authority.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act.

Categories of Personal Information Collected

Within the past 12 months, we may have collected:

  • Identifiers (such as name and email address)
  • Financial information necessary to process donations (processed by Stripe)
  • Internet or network activity information (such as IP address and site usage data)

Your California Rights

California residents have the right to:

  • Request disclosure of personal information collected, used, or disclosed
  • Request deletion of personal information, subject to legal exceptions
  • Request correction of inaccurate personal information
  • Limit the use of sensitive personal information, where applicable
  • Not be discriminated against for exercising privacy rights

We do not sell or share personal information for cross-context behavioral advertising.

Requests may be submitted using the contact information listed below.

10. Massachusetts Privacy and Data Security

The Bob Hall Legacy Fund operates in Massachusetts and complies with applicable Massachusetts data protection laws, including 201 CMR 17.00.

We maintain safeguards designed to protect personal information of Massachusetts residents and require third-party service providers to implement comparable security measures. In the event of a data breach involving personal information of Massachusetts residents, we will provide required notices as soon as practicable and without unreasonable delay, in accordance with applicable Massachusetts law, including notification to affected individuals and relevant state authorities where required.

11. Children’s Privacy

This website is not intended for children under the age of 13. We do not knowingly collect personal information from children. If we become aware that such information has been collected, we will take appropriate steps to delete it.

12. International Data Transfers

Our website is operated in the United States. If you access the site from outside the United States, you understand that your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date. Continued use of the website constitutes acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:

Bob Hall Legacy Fund
c/o REquipment, Inc.
PO Box 2068
Woburn, MA 01888, USA
Email: info@bobhalllegacyfund.org

Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Massachusetts, without regard to conflict-of-law principles.

The Bob Hall Legacy FundDonate