The Military Religious Freedom Foundation (hereinafter MRFF) is a recognized 501(c)3 private civil rights foundation since December 15, 2005 (EIN: 20-3967302). MRFF is dedicated to ensuring that all members of the United States Armed Forces fully receive the Constitutional guarantee of religious freedom to which they and all Americans are entitled by virtue of the U.S. Constitutional Establishment Clause of the First Amendment and the No Religious Test Clause of Article VI, Clause 3. A large and growing number of active duty, veteran, and civilian personnel of the United States Armed Forces, including individuals involved in High School JROTC around the nation, have come to our foundation for redress and assistance in resolving or alerting the public to their civil rights grievances, with hundreds more contacting MRFF each day.
We do not knowingly attempt to solicit or receive information from children.
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes the MRFF’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
Data Protection Officer
The MRFF is headquartered in New Mexico, in the United States. The MRFF has appointed an internal data protection officer for you to contact if you have any questions or concerns about the MRFF’s personal data policies or practices. The MRFF’s data protection officer’s name and contact information are as follows:
Andy Kasehagen, Grants & Database Administrator
(Contact: MRFF Digital Privacy Officer)
How the MRFF collects and uses (process) your personal information
The MRFF collects personal information about its individual contacts (donors, clients, email subscribers, and ‘course of business contacts’) made via normal and customary civil rights works on behalf of MRFF’s clients. With a few exceptions, this information is limited to the kinds of information that can be found on a business card: first name, last name, job title, employer name, work address, work email, and work phone number. We use this information to provide client services. MRFF does not sell personal information to anyone and only share it with third parties who are facilitating the delivery of MRFF client services.
Personal information you give to us:
(Donors, Clients, Email Subscribers, and ‘Course of Business Contacts’)
When you interact with the MRFF as an Individual Contact, we collect information about you including but not limited to your name, your employer’s name, your work address (including your country location), and your email address. The MRFF may also collect your personal email address, a personal mailing address, and a mobile phone number. The MRFF may request Individual Contacts to voluntarily provide additional information critical to our client services.
When people sign up for a MRFF event, we ask for information to help program our events to match audience interests. You may be asked to update any existing MRFF Individual Contact information when you sign up for an event; this is optional, but we find the information provided at event registration is often more accurate and up-to-date than information provided at membership registration. Individual Contacts may edit their profile at any time to change, add, or remove personal information (including removal of all Individual Contact information).
The MRFF processes personal information of Individual Contacts for the following purposes:
- Individual Contact indexing, cataloging along with database retrieval and administration,
- to deliver client services,
- financial and tax reporting per Internal Revenue Service and auditing requirements for revenues/expenditures of tax-exempt organizations.
- to inform Individual Contacts of MRFF related content, events and other benefits associated with MRFF’s client services and advocacy.
- to help MRFF understand the needs of our clients and to improve communications with our Individual Contacts.
The MRFF relies on ‘Vital Interests of the Data Subject’ and ‘Overriding Legitimate Interest’ as the lawful basis under GDPR Article 6 for processing Individual Contacts personal information.
The MRFF may host live (in-person and online) events throughout the year. If you register for one of our events and you are an Individual Contact, we may access the information in your Individual Contact record to provide you with information and services associated with the event. You may be asked to provide more information when signing up for an event than is found in your Individual Contact record. If you are not an existing Individual Contact and you sign up for one of our events, we will collect the following information: name, email, company, title, industry, address, phone number, whether it’s your first MRFF event, meal preferences, and the like.
MRFF uses the information provided by event attendees to provide them with event services and tailoring events to meet the audience profile and related purposes connected with the event. After the event, MRFF uses Individual Contact information collected to review outcomes of past events and plan for future events.
If you are a presenter at one of our events, we will collect information about you including your name, employer and contact information, and photograph, and we may also collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances. The MRFF relies on a legitimate interest basis for collecting, storing and processing this information.
MRFF keeps a record of your participation in MRFF events as an attendee or presenter. This information may be used to tell you about other events and publications. It may also be used to help the MRFF understand our Individual Contacts needs, concerns, and interests to better protect our clients civil rights and interests.
If you do not wish to have your information included in an attendee list or to receive information from MRFF or presenters, you can express your preferences when you register for events or you may contact the MRFF directly at [email protected]. We do give attendees a choice not to receive donation solicitation messages from the MRFF or any presenter.
The MRFF may offer several web conferences throughout the year. MRFF may also offer web conferences with presenters. This means that when you register for a web conference, you will be providing your registration information to both the MRFF and any event presenters. All MRFF web conference presenters must agree to follow applicable privacy and data protection laws.
The MRFF offers a great deal of digital content available to Individual Contacts via direct electronic digital communications as well as publicly via its website (www.militaryreligiousfreedom.org). In addition to producing original content, the MRFF occasionally links our content with news feeds, blogs, websites and other digital media produced by others. This means you may find yourself on the MRFF website, reading an email or other digital communication from MRFF that offers a link to another organization’s digital interface (i.e. website, social media platform, email list service, etc.) where you will find content MRFF finds relevant to our client services and useful our Individual Contacts and public-at-large. Should you chose to follow the link to another organization’s digital interface, you will be interacting with an organization or individual outside of MRFF’s control. The MRFF is not responsible or liable for content provided by these third-party websites/etc. or personal information they may happen to gather from you. The MRFF will never share any personal information gathered from an Individual Contact with any third-party without prior consent by the Individual Contact.
You may wish to subscribe to the MRFF’s publications without becoming a donor or client of MRFF. For example, many people sign up to receive the MRFF’s emails even though they are not MRFF clients or donors. To receive MRFF emails, you will need to create a “profile” with us which involves providing the MRFF with at least your first name and last name, an email address, and the country in which you live. The MRFF does not share this information with any third party other than to store the information in our cloud-hosted databases (Donor Perfect Online) and email service (Constant Contact). We rely on a contract basis to process your personal information for purposes of fulfilling your request to receive our publications. You may at your own option choose to subscribe to MRFF emails and newsletters which may be considered direct marketing.
The MRFF uses a third-party email service provider (Constant Contact) to manage our email communications. How information is collected and used via your interactions with MRFF via Constant Contact is detailed in the ‘Constant Contact Privacy Notice’.
The MRFF uses information provided by Individual Contacts via these third party contractors to better understand what information is of interest to its Individual Contacts and in the interest of protecting our client’s civil rights. MRFF does not sell this information.
You may manage your MRFF email subscriptions by subscribing or unsubscribing at any time. If you have any difficulties managing your email or other communication preferences with the IAPP, please contact us at [email protected].
The MRFF uses Google Analytics to track how often people gain access to or read our content.
Your communication with the MRFF
If you communicate with MRFF by email, the postal service, social media platforms (Twitter/Facebook/YouTube), or other form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of MRFF events, publications, or other services; or to keep a record of your complaint, accommodation request, or similar concern. As always, if you wish to have the MRFF “erase” your personal information or otherwise refrain from communicating with you, please contact us at [email protected].
Note: if you ask the MRFF not to contact you by email at a specific email address, the MRFF will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request. The MRFF has a legitimate interest in maintaining personal information of those who communicate voluntarily with the MRFF.
Purposes for processing your data
As explained above, the MRFF uses information provided by Individual Contacts to better understand what information is of interest to its Individual Contacts and in the interest of protecting our clients’ civil rights. MRFF has a legitimate interest in processing data to better understand the needs, concerns, and interests of Individual Contacts and so the MRFF can operate optimally as a non-profit civil rights foundation. The MRFF relies upon your consent, in which case we will keep a record of it and honor your choices.
Payment card information
You may choose to make a tax-deductible donation to or purchase goods from the MRFF using a payment card. (MRFF never charges for services provided to clients.) Typically, payment card information is provided directly by Donors, via the MRFF website, into the PCI/DSS (Payment Card Industry Data Security Standard) -compliant payment processing service to which the MRFF subscribes, and the MRFF does not, itself, process or store the card information. Occasionally, Donors or ‘MRFF Store’ customers ask MRFF contract employees to, on their behalf, enter payment card information into the PCI/DSS-compliant payment processing service to which the MRFF subscribes. We strongly encourage you not to submit this information by email. When MRFF contract employees receive payment card information from Donors or ‘MRFF Store’ customers by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.
Personal information we get from third parties
From time to time, the MRFF receives unsolicited personal information about individuals from third parties. Any Individual Contact can update or request removal of their personal information with MRFF by contacting us at [email protected].
What happens if you don’t give us your data
You can enjoy many of the MRFF’s publications and information services without giving us your personal data because a great deal of information on our website is available even to those who are not MRFF Individual Contacts. You can also enjoy subscriptions to our email newsletters without becoming an MRFF Donor or Client, but you will need to create a profile with us which involves providing your name, email, country and postal code. Some personal information is necessary so that the MRFF can supply you with the information services you have requested, and to authenticate you so that we know it is you and not someone else. You may manage your MRFF subscriptions and you may opt-in or opt-out of receiving communication at any time.
As is true of most other websites, the MRFF’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of the MRFF’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
When and how we share information with others
Information about your MRFF donations, ‘MRFF Store’ purchases and communications are maintained in association with your Individual Contact record. The personal information the MRFF collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, the MRFF engages third parties to mail information to you.
Transferring personal data to the U.S.
The MRFF has its headquarters in the United States, State of New Mexico. Information we collect about you will be processed in the United States. By using the MRFF’s services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, the MRFF is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved.
Depending on the circumstance, the MRFF also collects and transfers to the U.S. personal data with consent; or to fulfill a compelling legitimate interest of the MRFF on behalf of its clients civil rights in a manner that does not outweigh your rights and freedoms. The MRFF endeavors to apply suitable safeguards (Best Management Practices) to protect the privacy and security of your personal data and to use it only consistent with your relationship with the MRFF and the practices described in this Privacy Statement. The MRFF also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. For more information or if you have any questions, please contact us at [email protected].
Data subject rights
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office.
Security of your information
To help protect the privacy of data and personally identifiable information you transmit through use of MRFF’s website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those contract employees who need to know that information to provide Donor and Client services. In addition, we require our contract employees to acknowledge the importance of confidentiality and maintaining the privacy and security of your information pursuant to ‘Best Practices’ recommended by organizations such as the IAPP- International Association of Privacy Professionals. MRFF is committed to taking appropriate disciplinary measures to enforce our contract employees’ privacy responsibilities.
Data storage and retention
Your personal data is stored by the MRFF on its servers, on the servers of contract employees, and the servers of the cloud-based database management services the MRFF engages, located in the United States. The MRFF retains data for the duration of the Individual Contact’s relationship with the MRFF and for a period of time thereafter to allow members to recover data records if they decide to re-engage, to analyze the data for MRFF’s own operations, and for historical and archiving purposes associated with MRFF’s history as a non-profit civil rights foundation. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact the MRFF’s data protection officer at [email protected].
Questions, concerns or complaints
Please contact the MRFF’s data protection officer: