Privacy Policy

1. Introduction and Scope

Global Digital Heritage is a non-profit organization incorporated in the United States, dedicated to documenting, monitoring, and preserving cultural and natural heritage through digital technologies. We respect your privacy and are committed to protecting the personal information you share with us when using our website (https://globaldigitalheritage.org/) or otherwise interacting with us. This Privacy Policy describes what information we collect, how we use and share it, your choices, and how we protect it. It applies to visitors from around the world, including U.S. residents, California residents, and individuals in the European Union or other jurisdictions.

2. Information We Collect

2.1. Information You Provide Directly

• Contact Information: When you sign up for newsletters, request information, propose projects, or contact us, we may collect your name, email address, postal address, phone number, organizational affiliation, and any other information you choose to provide.
• Donation or Membership Information: If you donate or become a member/supporter, we collect payment information (e.g., billing address, credit card or payment account details) via a secure payment processor, as well as donation history.
• Project Proposals and Collaboration Requests: Details you submit about potential projects or collaborations, which may include professional background, CV/resume, project descriptions, and supporting documents.
• Event Registrations and Surveys: Information you provide when registering for events, webinars, workshops, or when completing surveys or feedback forms.
• User-Generated Content: If you upload or contribute digital heritage materials, comments, or other content, we collect those submissions and any metadata you attach.
• Account Credentials: If we offer user accounts or portals, we may collect username, password (stored securely), and related profile details.

2.2. Information Collected Automatically

• Usage Data: When you visit our website or use our services, we automatically collect certain technical information, including IP address, browser type and version, device identifiers, operating system, pages visited, referring URLs, and timestamps. We may use cookies and similar technologies to collect this information.
• Analytics and Performance Data: We use third-party analytics services (e.g., Google Analytics or similar) to understand website traffic and usage patterns.

2.3. Information from Third Parties

• Social Media and Third-Party Integrations: If you interact with us via social media platforms or use social login features, we may receive information from those platforms (subject to your settings and their privacy policies).
• Service Providers: We may receive information from payment processors, email service providers, data hosting providers, and other vendors acting as processors on our behalf.

3. How We Use Your Information

• Provide and Improve Services: To operate, maintain, and enhance our website, digital platforms, research tools, and public resources.
• Communications: To respond to inquiries, send newsletters, project updates, event invitations, and other information you have requested. We will only send promotional or fundraising communications if you have consented or where permitted by applicable law.
• Donations and Transactions: To process donations, membership fees, issue receipts, and comply with financial and tax recordkeeping requirements.
• Project Management and Collaboration: To evaluate and manage project proposals, collaborations, and partnerships.
• Legal and Compliance Purposes: To comply with applicable laws, regulations, subpoenas, or legal processes, and to enforce our terms of use and policies.
• Security and Fraud Prevention: To detect and prevent fraud, unauthorized access, and other harmful activities, ensuring the security of our systems and user data.
• Analytics and Research: To analyze usage trends, improve our offerings, and conduct research; such analysis is generally performed in aggregate or anonymized form.
• Customization: To personalize your experience on our digital platforms, where applicable and with your consent as required.

4. Legal Bases for Processing (for EU/EEA Individuals)

If you are located in the European Economic Area (EEA) or the UK, we rely on the following legal bases under the EU General Data Protection Regulation (GDPR):

• Consent: Where you have given clear consent for us to process personal data for a specific purpose (e.g., subscribing to newsletters).
• Performance of a Contract: Where processing is necessary to fulfill our contractual obligations to you (e.g., processing donations or membership agreements).
• Legal Obligation: To comply with legal obligations (e.g., financial recordkeeping, responding to legal requests).
• Legitimate Interests: For activities such as improving our website and services, security measures, and fraud prevention, provided these interests are not overridden by your rights and interests.
• Vital Interests / Public Interest: Rarely applicable, but may apply if needed to protect life or for tasks carried out in the public interest (e.g., emergency communications in crisis situations).

5. Sharing and Disclosure of Information

• Service Providers and Processors: We share your personal data with trusted third-party service providers acting as processors, such as payment gateways, email marketing platforms, hosting providers, analytics services, and other vendors—only as necessary to perform services for us. These providers are bound by contractual obligations to keep your data confidential and secure.
• Affiliates and Partners: With organizations we collaborate with on projects, research initiatives, or events, but only where you have consented or where necessary to carry out the service you requested.
• Legal Requirements: We may disclose personal information if required to do so by law (e.g., in response to a subpoena, court order, or government request), or to protect our rights, property, or safety, or that of others.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the acquiring entity; users will be notified and, where required by law, given choices regarding their data.
• Aggregate or Anonymized Data: We may share aggregated or anonymized data that does not identify individuals with partners or the public for research, reporting, or promotional purposes.

6. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to enhance user experience, analyze usage, and manage preferences. You can control or disable cookies via your browser settings. For detailed information, please refer to our Cookie Policy which explains the types of cookies we use, purposes, and how to manage them.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., financial recordkeeping requirements). When data is no longer needed, we securely delete or anonymize it.

8. Security

We implement reasonable technical, administrative, and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures may include encryption, access controls, secure networks, regular security assessments, and staff training. However, no system is completely secure; we cannot guarantee absolute security but strive to maintain appropriate safeguards,

9. International Transfers

As a global organization, we may transfer personal information to countries outside your jurisdiction, including servers or service providers located in various regions. When transferring data, we use appropriate safeguards required by applicable law (e.g., standard contractual clauses, relying on adequacy decisions, or other mechanisms) to ensure adequate protection.

10. Your Rights and Choices

10.1. U.S. Residents

• California Residents: Although many privacy laws (e.g., CCPA) generally exempt nonprofits, we respect privacy rights and offer similar choices: you can request access, correction, or deletion of your personal data, and opt out of certain uses or disclosures. If you are a California resident and wish to exercise any rights, please contact us as described below.
• Other U.S. States: Depending on your state, you may have rights to access, correct, or delete your personal data. Even where not legally required, we strive to honor such requests.

10.2. EU/EEA and UK Residents

Under GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase data (“right to be forgotten”) under certain circumstances.
• Restrict or object to processing in specific situations.
• Data portability: receive your data in a structured, commonly used format.
• Withdraw consent at any time (without affecting processing prior to withdrawal).
• Lodge a complaint with a supervisory authority if you believe our processing violates GDPR.

10.3. How to Exercise Your Rights

To exercise any rights, contact us at gdh@globaldigitalheritage.org. We may require verification of identity. We will respond within the timeframe required by applicable law.

11. Third-Party Links and Embedded Content

Our website may contain links to third-party websites or embedded content (e.g., social media widgets). We do not control the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or technologies. We will post the updated Privacy Policy on our website with the “Effective Date” revised. If changes are material, we will provide prominent notice (e.g., email notification or banner) before they take effect.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

• Email: gdh@globaldigitalheritage.org
• Mailing Address:
  Global Digital Heritage
  New Port Richey, Florida
  United States
• Phone: +1 727-240-9917

For EU/EEA residents, you may also contact our Data Protection Officer (if appointed) or local representative:

• DPO/Representative Contact: [Name, Email, Address]

If you believe we have not addressed your concern satisfactorily, you may lodge a complaint with your local data protection authority.