DonorIQ Consulting (DonorIQ) abides by the code of ethics established by the Association of Professional Researchers for Advancement.  Our firm is committed to protecting the data entrusted to us, and to using the information we process for the benefit of our clients.  DonorIQ uses only publicly-available resources to obtain, process, and evaluate data for the purpose of helping nonprofit organizations to improve their philanthropic performance.  DonorIQ does not share the information provided by its clients with any parties other than the respective clients, DonorIQ employees and independent contractors, and databases utilized to fulfill our obligations.  DonorIQ clients retain proprietary ownership of all constituent data that they share with DonorIQ, and possess the right to request the deletion and destruction of DonorIQ copies of their proprietary data at any time. 
 
DonorIQ complies with all applicable privacy regulations set forth in relevant legislation, including the Family Educational Rights and Privacy Act (“FERPA”), the General Data Protection Regulation (“GDPR”), the Health Insurance Portability and Accountability Act (“HIPAA”), and Chapter 93H of the Massachusetts General Laws.  DonorIQ does not obtain, record, or archive bank account numbers, social security numbers, or other unique identifiers that are not available to the public.  Information obtained by DonorIQ for legitimate use typically includes individual names, addresses, business information, philanthropic information, professional affiliations, family information, educational information, and private foundation data, when applicable.
 
DonorIQ adheres to information security protocols that are periodically reviewed to ensure that reasonable measures are undertaken to protect constituent data and privacy. 

DonorIQ is a data processor for the purpose of defining its rights and obligations as specified by the GDPR.  European Union (“EU”) residents are entitled to access their personal information, if any, that is recorded, archived, or otherwise possessed by DonorIQ.  In the event of a security breach, EU residents affected by the breach will be notified of the occurrence, and will receive details regarding the amount of personal information subject to the breach.  Furthermore, EU residents may request corrections, amendments, and limitations to the use of information DonorIQ collects on them, and may request the outright removal of their personal data from electronic devices or hardcopy documents used by DonorIQ.  EU residents may submit requests and inquiries regarding data held by DonorIQ via the contact information provided at the end of this privacy statement; a representative for DonorIQ will respond to such inquiries within sixty (60) days of each request.

DonorIQ may be required to disclose personal information to public officials for purposes concerning law enforcement or national security.  If such an event occurs, DonorIQ will notify the corresponding client(s) of such a disclosure at the discretion of said public officials.