Facebook Twitter Youtube X-twitter Linkedin Pinterest Reddit Tiktok

Note: Translation may have errors.

DONATE NOW

Privacy Policy

Privacy Policy for Oselo Help Corp

Effective Date: March 5, 2025

Oselo Help Corp (“Oselo Help,” “we,” “us,” or “our”) is a registered 501(c) nonprofit organization (EIN 99-4983104) based in Upper Marlboro, Maryland, USA. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our website (oselohelp.com) and services. It also describes your rights and choices regarding your data in compliance with applicable laws, including the California Consumer Privacy Act (CCPA) and the EU/UK General Data Protection Regulation (GDPR).

By using our site or services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of our site. For any questions or concerns about this policy or your personal data, you can contact us at [email protected] or +1 (443) 951-3335.

1. Information We Collect

We collect personal information that you provide to us directly, information collected automatically about your use of our site, and information from third-party services that we use. The types of information we collect include:

• Information You Provide: When you interact with our site (for example, by making a purchase or donation, creating an account, filling out a contact form, or signing up for our newsletter), you may provide personal details. This can include your name, email address, phone number, postal address, payment information (processed via secure third-party providers), and any other information you choose to give us (such as messages in a contact form).

• Transaction Data: If you make a purchase or donation, we collect information related to the transaction. This includes the items or donation amounts, billing and shipping address, and payment confirmation details. Payment card information is collected securely by our payment processor (Stripe) and is not stored on our servers . We maintain records of your purchases and donations for accounting, tax, and donor recognition purposes.

• Account Information: If you create an account on our site (for example, a customer account through our WooCommerce store), we collect the username, password (stored in hashed/encrypted form), email, and any profile information or preferences you provide. This allows you to track orders, save preferences, and access certain features. You may also have the option to store shipping addresses or other details in your account for convenience.

• Communications: If you contact us directly (e.g., via contact form or email), we will receive the information you provide in your message. This typically includes your name, email address, and the contents of your communication. We will use this information to respond to your inquiry and keep a record of our correspondence.

• Newsletter Signup: If you subscribe to our newsletter or email updates, we collect your email address (and optionally your name) to send you our email communications. We will only send you newsletters or marketing emails if you have opted in. You can unsubscribe at any time (each newsletter will include an unsubscribe link, or you can contact us to be removed).

• Automatically Collected Data: When you visit our website, certain data is collected automatically by our web analytics and security tools:

• Usage and Device Information: We use analytics services like Microsoft Clarity and Google Analytics to gather information about how you use our site . This includes details such as your IP address, browser type, device type, operating system, date and time of visit, pages viewed, clicks, scrolls, mouse movements, and referring website. Google Analytics may use cookies and similar technologies to collect usage data and report website trends. Microsoft Clarity may record user sessions and interactions (e.g., which areas of a page you click or scroll) to help us improve site design and user experience. The data collected by these tools does not include directly identifiable personal information like your name or email; it is primarily usage statistics and technical information. We have configured these tools to respect privacy as much as possible (for example, Google Analytics IP anonymization is enabled by default in GA4, meaning IP addresses are not stored in analytics data ). You can learn more about how Google Analytics collects and processes data in Google’s Privacy Policy and about how Microsoft Clarity protects data on Microsoft’s Clarity Privacypage.

• Cookies and Similar Technologies: Our site uses cookies and similar tracking technologies to ensure functionality and collect analytics data. Cookies are small text files placed on your device. For example, our e-commerce system (WooCommerce) uses cookies to remember your cart contents, and our analytics tools use cookies to distinguish unique users and analyze site use. We also use essential cookies through Cloudflare, our content delivery network (CDN) and DNS proxy, which helps secure our site and improve load times. Cloudflare may place certain cookies (such as __cfduid or other Cloudflare security cookies) that are necessary for security and network management . These cookies do not track your browsing on other sites and are used to identify malicious visitors or minimize loading times. You can control or delete cookies through your browser settings. However, note that disabling certain cookies (especially those needed for site functionality) may affect your experience (for example, the shopping cart may not work properly without cookies).

• Information from Third-Party Platforms: We integrate with third-party platforms to provide our services (detailed in the next section). When you interact through these platforms (e.g., donating via our donation platform or paying through our payment processor), those third parties may share certain information with us. For instance, after you complete a donation via Zeffy or a payment via Stripe, we receive information such as your name, contact information, and transaction details to record the donation/purchase.

We do not intentionally collect any sensitive personal information unless necessary. We do not ask for your Social Security Number, driver’s license, or similar identifiers on our site. Payment details like credit card numbers are handled exclusively by Stripe on our behalf (we never see your full card number). We also do not knowingly collect any information from children under the age of 13 (see Children’s Privacy below).

2. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Maintain Our Services: We use personal information to process transactions that you have requested (e.g., purchases or donations), to fulfill orders (e.g., shipping products you bought), and to provide confirmations and receipts. For donations, we may use your information to issue donation receipts and acknowledge your contribution.

• Account Management: For users who create accounts, we use your information to maintain your account, allow you to log in, and provide you with account-specific functionalities (like viewing past orders or saving preferences).

• Communication: We use your contact information to communicate with you. This includes sending service-related messages (e.g., order confirmations, shipment notifications, donation receipts, or important account or policy updates). If you contacted us with a question or support request, we will use your information to respond. We may also send newsletters or marketing communications if you subscribed to them (with your consent). You can opt out of marketing emails at any time.

• Improvement and Analytics: Usage data collected (via Google Analytics, Microsoft Clarity, and similar tools) helps us understand how our website is used . We analyze this data to improve our site’s content, layout, and functionality. For example, analytics can tell us which pages are most popular or if users encounter errors, and user interaction recordings (via Clarity) can show us if any part of our interface is confusing. This information guides us in enhancing user experience and fixing issues. We generally use aggregate or de-identified analytics data for these purposes, not data that personally identifies you.

• Security and Fraud Prevention: We use data (especially technical information like IP addresses and logs) to protect our website, organization, and users. This includes detecting and preventing fraudulent transactions, spam messages, security incidents, and other malicious activities. Our security providers like Cloudflare help screen out malicious traffic and keep the site safe. We may also use your information to verify your identity when you make requests regarding your data (for example, if you request to access or delete your information, we will take steps to confirm you are the rightful requester).

• Compliance with Legal Obligations: We may process and retain personal information to comply with laws and regulations. For example, as a nonprofit and e-commerce provider, we may need to keep transaction records for tax reporting, accounting, and audit purposes. If we are required by law to disclose data (such as responding to a lawful subpoena or government request) or to fulfill our legal obligations (like maintaining donation records for IRS requirements), we will use the necessary information for those purposes.

• Other Operational Purposes: We might use data for internal purposes such as troubleshooting, data analysis, testing, research, and statistical purposes, to ensure our services are reliable and to develop new features. Any such use is conducted in line with this Privacy Policy and, where possible, using non-personally identifiable data.

We will only use your personal information for the purposes outlined above. If we need to use your data for a substantially different purpose, we will update this Privacy Policy or request your consent as required by law.

3. Third-Party Services and Processors

To operate our website and provide our services, we rely on several third-party service providers. These companies help with various functions like website analytics, payment processing, donation management, e-commerce, and infrastructure. We only share your data with these providers to the extent necessary for them to perform their services on our behalf, and each of them has privacy and security policies to protect your information. We do not sell your personal information to anyone, and we do not share it with third parties for their own marketing or purposes outside the scope of our services.

The third-party services we use (and the data they handle) include:

• Microsoft Clarity (Analytics and User Experience Tracking): We use Microsoft Clarity to understand user behavior on our site (through heatmaps and session recordings). Clarity may collect information such as your IP address, device and browser info, and interactions on our site (mouse movements, clicks, scrolls) . This data helps us improve website usability. Clarity does not collect sensitive personal data like form field contents (passwords, etc.)and Microsoft states that it does not sell this data or share it with third parties . The information is stored on Microsoft’s servers (Azure cloud) and protected by encryption. Please note that Clarity may automatically record your sessions unless you use certain opt-out mechanisms. (Currently, Clarity does not support “Do Not Track” signals for opting out .) If you wish to disable Clarity tracking, you can use browser-level tools like ad/tracker blockers. Using our site indicates your consent to this analysis in jurisdictions where consent is required.

• Google Analytics (Website Analytics): We use Google Analytics (a web analytics service provided by Google) to collect information about website usage. Google Analytics uses cookies and similar technologies to collect data about website visitors, such as pages visited, time spent on pages, browser type, and demographic information (if available). Google may collect your IP address, though for users in the EU, Google Analytics 4 is designed not to store IP addresses . We use the information from Google Analytics to observe overall site performance and visitor trends. This helps us understand which content is most useful to our visitors and how people find our website. Google acts as a service provider for us, and we do not allow Google to use our analytics data for their own purposes beyond providing us these insights. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on, or by adjusting your browser’s cookie settings to block analytics cookies. For more details, see Google’s Privacy Policy and Google Analytics data practices.

• WooCommerce (E-Commerce Platform): Our online store is powered by WooCommerce, which is a plugin for WordPress. WooCommerce facilitates our product sales, shopping cart, and order management. When you make a purchase on our site, WooCommerce collects the personal information and order details you provide at checkout (such as name, email, billing/shipping address, and order items). This information is stored in our website’s database to allow us to fulfill orders and provide customer service. If you create a customer account, WooCommerce also stores your account information (e.g., username, email, encrypted password) so you can log in and access your order history. WooCommerce itself does not use your data for any purpose other than running our store. We have control over the data in our WooCommerce system, and it is protected behind our website’s security measures. We also utilize built-in WooCommerce settings to comply with privacy requirements (for example, we honor requests to delete account data or anonymize order records when applicable). Please note that when you enter payment information at checkout, that information is passed to our payment processor (Stripe) and not stored directly by WooCommerce (except perhaps a transaction ID or status).

• Zeffy (Donation Platform): We partner with Zeffy to process online donations. Zeffy is a third-party platform designed for nonprofits, which allows donors to contribute funds to us. When you donate through our Zeffy donation form, you will provide information such as your name, email, and payment details. That information is collected on Zeffy’s system and shared with us via Zeffy’s dashboard. We receive donor details (name, contact, donation amount, and any message or designation you provided) so that we can acknowledge your donation and maintain our fundraising records. Payment processing through Zeffy is handled by Stripe as well, meaning your credit card information is processed securely by Stripe and not stored by Zeffy or by us . Zeffy’s role is primarily to facilitate the transaction and record the donor info for our use. Zeffy has its own privacy and security measures: for instance, they use encryption and secure servers (hosted with reputable providers) to protect data . They also state they do not sell or misuse donor data. We use the information from Zeffy only for nonprofit-related purposes (issuing you a receipt, adding you to our donor list, etc.). If you prefer, donations can also be made through alternative methods (contact us for offline donation options) if you do not want to use the online platform.

• Stripe (Payment Processing): Stripe is a secure payment processor that we use to handle credit card and other electronic payments for both purchases (WooCommerce) and donations (via Zeffy). When you enter payment details (like a credit card number) on our site or the donation form, that information is transmitted directly to Stripe over an encrypted connectionWe do not see or store your full credit card information on our servers . Stripe will process the transaction and may store your payment details for things like fraud prevention and billing (e.g., to handle refunds or recurring donations if applicable). Stripe may also collect some identifying information about you at checkout (such as name and billing address, which we provide, and IP address/device information for fraud detection). Stripe is PCI-DSS compliant (the industry standard for card security) and is certified at the highest level of security for payment processors . We rely on Stripe to keep your payment information secure. Stripe only uses your data for processing the payment and related compliance (they may have legal obligations to screen transactions for fraud or sanctions). For more details, you can review Stripe’s Privacy Policy. Transaction details that we see from Stripe include an identifier for the payment, the amount, and the status—this allows us to confirm your payment was successful. In some cases, if you choose to save your payment details (for example, for future donations or if our store offers a “save card” feature), that is also facilitated by Stripe using tokens (we still do not see the full card data, just a reference token).

• Cloudflare (DNS and CDN services): We use Cloudflare to enhance the security and performance of our website. Cloudflare acts as a content delivery network (CDN) and a DNS proxy, which means when you access our site, your requests are routed through Cloudflare’s servers. In doing so, Cloudflare may collect certain technical data from visitors, such as IP addresses, system configuration information, and other information about traffic to our site. This data collection is primarily for security (to protect against malicious attacks like DDoS) and for performance optimization (caching content to load pages faster). Cloudflare’s cookies (if any are used in your case) are considered necessary for network and security purposes . For example, Cloudflare may use a cookie to identify trusted users and avoid presenting security CAPTCHAs, or to manage load balancing across its servers. Cloudflare does not use this data to track you across sites or sell your information; they are a service provider processing data on our behalf to keep our site running smoothly. Cloudflare’s privacy policy provides more detail on how they handle data as a processor on behalf of websites (see Cloudflare Privacy Policy for more). In summary, any data Cloudflare processes about you is used strictly to provide the Oselo Help website functionality (faster load times, protection from threats).

• Email and Newsletter Services: (If applicable) We may use a third-party email service (such as Mailchimp, SendGrid, Constant Contact, or similar) to manage our newsletter and mass email communications. If you subscribe to our newsletter, your email address (and name, if provided) might be stored on that third-party email platform so we can create mailing lists and send messages. These email service providers operate under strict confidentiality and only use your email to send our communications as instructed by us. They may collect data on email open rates or link clicks to help us understand engagement, but this information is typically provided to us in aggregate form. We will ensure any email marketing service we use is reputable and compliant with privacy laws (for example, they would also offer an unsubscribe mechanism in every email and properly secure the mailing list data). We do not share our email lists with any outside parties for their own marketing.

Each of these service providers is given only the information necessary for them to perform their function. We have agreements or terms in place with them to ensure your data is protected (for instance, many of them are considered “data processors” under GDPR and “service providers” under CCPA, meaning they contractually agree not to use personal data for any purpose other than providing services to us). We do not allow these third parties to sell or use your information for unrelated purposes.

4. Data Sharing and Disclosure

We treat your personal information with care and confidentiality. We do not sell your personal information to third parties, and we do not share your data with any third parties beyond the services listed above, except in the limited circumstances described here:

• Service Providers: As detailed in the previous section, we share information with certain trusted third-party service providers who assist us in operating our website and providing our services (analytics, payment processing, donations, etc.). These providers are bound by privacy obligations and only use your data for the purposes of delivering their services to us. They do not have independent rights to use your information for their own marketing or other purposes.

• Within Oselo Help Corp: Within our organization, your information is accessible only to authorized personnel who need it to perform their duties (for example, staff or volunteers handling customer service, fulfilling orders, managing donations, or technical personnel maintaining the website). We ensure that internal access to personal data is limited and based on the “need-to-know” principle.

• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a subpoena, court order, or government demand) . We will only disclose what is necessary to comply with such requirements. Additionally, if we need to use or disclose your information to protect our rights, address fraud or security issues, or to prevent harm, we may do so when it is lawful and appropriate. For example, if someone attempts to defraud our organization or attacks our systems, we might share data with law enforcement agencies investigating the matter.

• Business Transfers: In the unlikely event that Oselo Help Corp undergoes a major business transaction, such as a merger, acquisition, reorganization, or transfer of all or substantially all of our assets, your personal information may be part of the transferred assets. This could occur, for instance, if our nonprofit merges with another nonprofit or is legally restructured. If such a transfer happens, we will ensure the recipient of your data is bound by the same privacy commitments and will notify you (for example, via a notice on our website or email) of any change in data ownership or use, as required by law.

• With Your Consent: In situations where you have explicitly given us consent to share your information with a third party, we will do so according to the terms of that consent. For instance, if we ever participate in a joint event or initiative and you instruct us to share your contact info with another organization, we would only do so with your clear permission. (This is not something we do under normal operations, so any such sharing would be clearly explained to you at the time of consent.)

Outside of the scenarios above, we will not share, rent, sell, or disclose your personal information to other companies or individuals. This includes that we do not share your data with advertisers or social media companies for advertising purposes.

We also want to clarify that the data we collect via analytics (Google Analytics, Microsoft Clarity) is primarily used internally. Google and Microsoft, in providing those services, may process data, but they do not get to use it beyond the scope of providing us aggregated analytics results. We have not enabled data sharing features in Google Analytics that would allow Google to use data for advertising. And as noted, Microsoft Clarity does not sell any data .

If you have any specific questions about third parties with whom your data might be shared, you can always contact us for more information. We strive to be transparent in all data sharing.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which we collected it, as outlined in this policy, and to comply with applicable laws. How long we keep data depends on the type of information and the purpose of processing:

• Account Information: If you have an account with us, we retain your account data while your account is active. You can delete your account or ask us to delete it – if you do so, we will remove or anonymize the personal information associated with your account (except for information we are required to retain for legal or operational reasons). Some basic account metadata (like an internal record that an account existed) may remain in our logs or backups, but we will not use that to identify you going forward.

• Purchase and Donation Records: We retain records of transactions (purchases, donations) for a period necessary to process the transaction, handle any follow-up (such as refunds, chargebacks, or providing donation receipts), and for legal/accounting purposes. For example, tax laws may require us to keep donation records for a certain number of years. Typically, nonprofit organizations keep donation and contribution records for at least 7 years for IRS compliance. Even if you request deletion of your data, we may be unable to delete transaction records immediately if they are required for legal obligations – in such cases, we will retain the minimum necessary information (and restrict access to it) to satisfy those requirements .

• Contact Form Communications: If you contact us, we may keep the correspondence (including your email or message) for a certain period to ensure we have a history of communications in case of follow-up. Typically, we might retain these communications for a few years, unless you request us to delete them sooner. If there’s no ongoing need, we will delete or anonymize old communications periodically.

• Analytics Data: Data collected via Google Analytics and Microsoft Clarity is often stored in those systems in an aggregated form. Google Analytics retains user-level data (like cookies and advertising IDs) for a set period (which we may configure, often 14 months by default for GA). We do not personally identify users in our analytics data, and we primarily look at trends over time. Session recordings in Microsoft Clarity may be kept for a certain time (Clarity typically retains data for up to 13 months by default). We do not keep independent copies of raw analytics logs containing personal identifiers; any such data is managed by Google or Microsoft under their retention policies. We might export aggregated reports which have no personal identifiers for long-term analysis.

• Newsletter Lists: If you sign up for our newsletter, we will keep your email on our mailing list until you unsubscribe or ask us to remove it. If you unsubscribe, we may keep your email on a suppression list (to ensure we respect your opt-out) but will not send you further emails. We may also periodically clean our email list and remove addresses that appear inactive or bounce.

• Webserver Logs and Security Logs: Our web host and security services (like Cloudflare) may keep logs of IP addresses and visits for a short period for troubleshooting and security. These logs are typically rotated and deleted after a few weeks or months unless required to investigate a specific incident. Any such logs are used only for network management and security purposes.

When we no longer need personal information, we will either delete it or anonymize it (so it can no longer be associated with you). If deletion is not immediately possible (for example, because the data is stored in backups), we will securely store the data and isolate it from further use until deletion is possible.

6. Data Security

We take reasonable measures to protect the security of your personal information. We implement a combination of technical, administrative, and physical safeguards to ensure data is kept safe from unauthorized access, alteration, disclosure, or destruction . Some of the security practices we employ include:

• Encryption: Our website is secured with SSL/TLS encryption. This means that any data transmitted between your browser and our site (such as personal details entered on forms or payment information) is encrypted in transit and cannot be easily intercepted. You can verify this by the presence of “https://” and a lock icon in your browser’s address bar when interacting with our site . Additionally, our third-party providers (like Stripe and Zeffy) also use strong encryption for data in transit and at rest. For example, Stripe is PCI-DSS Level 1 certified, which entails strict encryption and security protocols for handling payment data .

• Access Controls: Internally, access to personal data is restricted to authorized individuals who have a legitimate need to access it. Our staff and volunteers who handle personal information are briefed on privacy and security practices. Administrative access to our website backend, databases, and third-party dashboards (e.g., Stripe, Zeffy) is protected with strong passwords and, where supported, two-factor authentication.

• Secure Hosting: We host our website and data with reputable providers that maintain strong security standards. For example, as noted, Zeffy uses Amazon Web Services (AWS) and other secure infrastructure to host data . Cloudflare protects our site from many common web threats (like DDoS attacks or malicious bots) which adds an extra layer of security for user data. We keep our website software (including WordPress and WooCommerce) updated to patch security vulnerabilities and use security plugins or firewalls to prevent unauthorized access.

• Payment Security: By outsourcing payment processing to Stripe, we ensure that the most sensitive financial information (credit card numbers, etc.) never touches our servers. Stripe’s systems are highly secure and regularly audited. We also do not handle cash transactions through the website; everything is done via secure electronic methods with proper logging.

• Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. If necessary, we employ techniques like regular backups, malware scanning, and penetration testing to identify and address potential weaknesses. In the event of any security incident, we have procedures to investigate and mitigate harm. If a data breach were to occur that affects your personal information, we would notify you and relevant authorities as required by law (for example, GDPR requires breach notification within 72 hours in certain cases ).

While we strive to protect your information, it’s important to note that no method of transmission over the internet or method of electronic storage is 100% secure . Therefore, we cannot guarantee absolute security. You can also play a part in protecting your data by maintaining good password hygiene (if you have an account with us, choose a strong, unique password and keep it confidential) and by logging out of your account and closing the browser when finished if using a shared device.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel your account has been compromised), please contact us immediately so we can assist.

7. Your Rights and Choices

You have certain rights and choices regarding your personal information. We are committed to honoring your rights under applicable privacy laws, such as the GDPR for individuals in the European Economic Area (EEA) or United Kingdom, and the CCPA for California residents. This section describes those rights and how you can exercise them.

7.1 General Rights for All Users

Regardless of where you live, we provide all our users with the following choices concerning their data:

• Access and Update: You may request details about the personal information we hold about you and ask us to provide you with a copy of that data. You can also request corrections or updates to your personal information if it is inaccurate or incomplete. For example, if you have an account, you can log in and update your profile information at any time. Otherwise, just contact us and we will be happy to correct any inaccuracies.

• Deletion (Right to Erasure): You may request that we delete personal information we have collected from you. This is sometimes known as the “right to be forgotten.” We will honor such requests to the extent possible . However, please note that we may need to retain certain information for specific reasons (as outlined in the Data Retention section above). For instance, if you made a donation or purchase, we might need to keep a record for tax or legal purposes. If that’s the case, we will let you know what we must retain and why. We will delete all other personal data that is not legally or operationally required. Once your deletion request is processed, your data will be removed from active use and our systems will be updated accordingly.

• Objection to Processing: If we are processing your information based on our legitimate interests (or those of a third party) and you have a particular situation which makes you want to object to that processing, you can do so. For example, you can object to any direct marketing uses of your data (though we currently only send marketing emails if you’ve subscribed). If you object, we will consider your request and stop or adjust processing unless we have compelling legitimate grounds to continue or a legal requirement to do so.

• Opt-Out of Communications: If you receive our newsletter or promotional emails, you can opt out at any time by clicking the “unsubscribe” link in those emails or by contacting us. Note that even if you opt out of marketing messages, we may still send you transactional or service-related communications (such as donation receipts, order confirmations, or important policy updates).

• Cookie Preferences: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse certain cookies or to alert you when cookies are being sent. You can also use browser extensions to block analytics if you prefer. Please remember that some parts of our site may not function properly if you disable cookies entirely (for example, the shopping cart or donation forms might not remember your information). We currently do not respond to “Do Not Track” signals from web browsers because there is no consensus on how to interpret them, especially given that we do not track users in a way that those signals intend to prevent. However, as stated, you can opt out of analytics and we do not engage in cross-site tracking aside from necessary service providers.

• Authorized Agent (for applicable laws): If you wish to have an authorized agent make a request on your behalf (for instance, a legal representative or someone you’ve designated), please have them contact us with proof of authorization. For example, California residents can designate an authorized agent to exercise their CCPA rights on their behalf, but we will need to verify that the agent has permission to act for you.

To exercise any of these general rights, please contact us at [email protected] or +1 (443) 951-3335. We may need to verify your identity before fulfilling your request (to ensure that we don’t give your data to the wrong person or delete the wrong person’s data). Verification might involve confirming information we already have on file or asking you to provide identification. We will respond to your request within a reasonable timeframe. For example, under CCPA we aim to respond within 45 days (with an extension of an additional 45 days if necessary), and under GDPR we aim for within one month (with a possible extension of two further months if needed, depending on complexity).

7.2 Rights of California Residents (CCPA/CPRA)

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights, as summarized by the California Attorney General’s office , include:

• Right to Know: You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal information, the categories of sources from which the information was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share personal information . You also have the right to request the specific pieces of personal information we have collected about you. Essentially, you can ask us for a report of the data we have about you and how we use and share it.

• Right to Delete: You have the right to request that we delete any personal information about you that we have collected from you and retained, subject to certain exceptions . As mentioned above, if an exception applies (for example, if the information is needed to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, or other exemptions under CCPA), we will let you know and will only retain what is necessary. Otherwise, we will delete your personal information from our records and direct our service providers to do the same.

• Right to Correct: Under the CPRA (effective January 2023), California residents have the right to request that we correct inaccurate personal information we hold about you . If you believe any of your information is incorrect, please let us know and we will rectify it (taking into account the nature of the information and the purposes of processing).

• Right to Opt-Out of Sale or Sharing: The CCPA gives you the right to opt out of the sale of your personal information . However, we do not sell personal information, and we also do not share your personal information for cross-context behavioral advertising (the CPRA’s expanded definition of “sharing”). Since we don’t sell or share your data in that way, we do not provide a “Do Not Sell or Share My Personal Information” link on our site. If this ever changes, we will update our practices and provide a clear method for you to opt out. Even though we don’t sell data, you still have the right under law to direct us not to sell or share your info, and we affirm that we abide by this by simply not engaging in those activities. We also honor any Global Privacy Control (GPC) signals that indicate a user’s preference to opt-out of sale/sharing, to the extent applicable (again, since we don’t sell/share data, the signal would be met with no action needed beyond continuing to not sell/share).

• Right to Limit Use of Sensitive Personal Information: The CPRA allows California consumers to limit how a business uses “sensitive personal information” about them. Sensitive personal info includes things like precise geolocation, social security number, driver’s license, financial account information, biometric data, etc. We generally do not collect sensitive personal information as defined by the law, except possibly some financial information as needed for processing donations or purchases (which is handled by Stripe and not stored by us). We do not use sensitive information for any purpose other than the purpose for which it was provided (e.g., processing a donation). If we ever did collect additional sensitive info, you would have the right to direct us to use it only for necessary purposes. As of now, since our use of any sensitive data is strictly for its intended purpose, we believe we are already compliant with this requirement.

• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights . This means we won’t deny you our services, charge you a different price, or provide a different level of service just because you exercised your privacy rights. The CCPA does allow businesses to offer certain financial incentives for personal data (like discounts for data), but we do not offer such programs at this time. If that ever changes, we will provide a notice and obtain opt-in consent as required.

To exercise any of your California rights, you can contact us via the methods provided in this policy (email or phone). For verification, if you have an account, we may verify through the account login or via information we have on file. If you do not have an account, we may ask for two or more pieces of information to verify your identity. For requests to know specific pieces of info or for deletion of sensitive info, we might require a higher level of verification (for example, a signed declaration under penalty of perjury that you are the consumer whose data is being requested). We will respond to CCPA requests within 45 days as required (or notify you if we need an extension).

If you would like an authorized agent to make a request on your behalf, we will require proof that you gave the agent written permission to do so. We may also need you to verify your identity directly with us or confirm with us that you provided the agent permission. This is to prevent fraud.

7.3 Rights of EU/EEA and UK Residents (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have certain rights under the GDPR (and UK GDPR) with respect to your personal data. These include:

• Right to Be Informed: You have the right to be informed about the collection and use of your personal data . This Privacy Policy is intended to provide that information, including who we are, what data we collect, how we use it, and your rights. If you have any questions about our data practices beyond what is described here, you can contact us for more information.

• Right of Access: You have the right to request a copy of the personal data we hold about you, and to obtain supplementary information about how it is processed . This is similar to the “right to know” under CCPA. We will provide you with a copy of your data in a commonly used format (unless doing so adversely affects the rights and freedoms of others, for example, revealing someone else’s personal data).

• Right to Rectification: You have the right to ask us to correct or complete any inaccurate or incomplete personal data that we hold about you . We encourage you to keep your information up-to-date and will make corrections promptly when requested and validated.

• Right to Erasure: You have the right to request that we erase your personal data in certain circumstances . This applies, for example, if the data is no longer necessary for the purpose it was collected, or if you withdraw consent and no other legal basis for processing exists, or if you object to processing and we have no overriding legitimate grounds to continue, or if we unlawfully processed your data, etc. Note that this right is not absolute – there are exceptions such as when processing is necessary for exercising freedom of expression, compliance with a legal obligation, or establishment of legal claims, among others. We will evaluate each request and inform you if any exception applies.

• Right to Restrict Processing: You have the right to request the restriction of processing of your personal data in certain situations . For example, if you contest the accuracy of your data, you can request we limit processing while we verify accuracy; or if you object to our processing based on legitimate interests, you can request restriction while we consider whether our interests override yours. When processing is restricted, we can still store your data but not use it further (unless for legal claims, or with your consent, etc.). If a restriction is lifted, we will inform you.

• Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible . This right applies when the processing is based on your consent or on a contract with you, and is carried out by automated means. For example, if you provided us with certain information and want to reuse it elsewhere, you can ask for a copy in a format like CSV or JSON. We will assist with such requests as reasonable.

• Right to Object: You have the right to object to our processing of your personal data where that processing is based on legitimate interests or for direct marketing . You also have the right to object to processing for research or statistical purposes in certain cases. If you raise an objection, we will cease processing your data for that purpose unless we have compelling legitimate grounds or a legal reason to continue. As noted, you can always object to direct marketing, and we will comply by stopping such use (and it’s easy to opt out of emails, as mentioned above).

• Rights Related to Automated Decision Making: You have rights regarding automated decision making and profiling . However, Oselo Help Corp does not engage in any automated decision-making or profiling that produces legal or similarly significant effects on individuals. We do not use algorithms to, for instance, approve/deny services or analyze personal aspects without human intervention. If this ever changes, we will inform you and ensure compliance with GDPR’s provisions (such as the right to have human intervention, express your point of view, and contest decisions).

• Right to Withdraw Consent: In cases where we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive our newsletter, you can unsubscribe. Withdrawing consent will not affect the lawfulness of processing before the withdrawal. If you withdraw consent for something like analytics cookies, and we have a mechanism to honor that (such as a cookie banner), we will stop the processing of your data for that purpose going forward.

• Right to Lodge a Complaint: If you believe our handling of your personal data infringes GDPR or applicable law, you have the right to lodge a complaint with a supervisory data protection authority. If you are in the EU/EEA, this would be the authority in your country of residence or work, or where the alleged infringement occurred. For example, if you are in France, you can complain to the CNIL; in Germany, to the appropriate state DPA; in the UK, to the Information Commissioner’s Office (ICO). We would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any complaint and we will do our best to resolve it, but this does not affect your right to contact the regulators.

To exercise any of your GDPR rights, please contact us at [email protected]. We may ask for proof of identity (as mentioned earlier) to ensure we respect privacy and only disclose data to the correct person. We will respond to your request as soon as possible, and within the one-month timeframe required by GDPR (unless an extension is needed, in which case we will inform you of the delay and the reason).

Additionally, if GDPR applies to your data, Oselo Help Corp acts as the “data controller” for the personal information collected through our site and services. That means we determine the purposes and means of processing your personal data. Our contact details are provided above. Since we are based in the USA, if required, we will ensure that any transfer of personal data from the EU/EEA to us in the U.S. is done under appropriate safeguards (see the International Data Transfers section below).

7.4 Additional Notes on Exercising Rights

• We will not charge you for making a request to access your data or exercise your rights, in most cases. However, if a request is manifestly unfounded or excessive (for instance, repetitive requests), we may either charge a reasonable fee or refuse to act on the request as allowed by law. We will always explain our reasoning if we ever were to refuse a request.

• If we have to decline a request due to a legal exception (e.g., we cannot delete data we must keep for legal reasons), we will provide you with an explanation, unless we are legally prevented from doing so.

• If personal information is processed by us on behalf of a third-party (which generally isn’t the case here, since we collect directly), we might direct you to that third-party. For example, if you interacted with us through a third-party platform and that platform is the primary data controller, we’ll let you know.

We are dedicated to respecting your rights and will do our best to facilitate any inquiries or requests regarding your personal information.

8. International Data Transfers

Our organization is based in the United States, and the majority of our service providers (Microsoft, Google, Stripe, Cloudflare, etc.) are also based in or operate in the United States (or other countries). If you are accessing our site from outside the United States, please be aware that your information will likely be transferred to, stored, and processed in the United States.

For individuals in the European Union or other regions with data protection laws, this means your personal information may be transferred to a jurisdiction that may not provide the same level of protection for personal data as your home country. We take steps to ensure that appropriate safeguards are in place to protect your data during such transfers, in compliance with GDPR and other regulations.

These safeguards may include:

• Standard Contractual Clauses: We rely on standard data protection clauses (standard contractual clauses) approved by the EU Commission for any transfers of EU personal data to the U.S. and other countries. Our agreements with key service providers (like Stripe, Google, etc.) often incorporate these clauses, which contractually require protection of EU personal data to GDPR standards.

• Privacy Shield (Historical): Some of our partners previously relied on the EU-U.S. Privacy Shield framework. While the Privacy Shield has been invalidated by the EU Court of Justice (in the Schrems II decision), companies like Google and Microsoft have committed to still adhere to its principles. We expect a new transatlantic data transfer framework may be established in the future, and we will comply with whichever mechanisms are deemed valid for lawful transfer.

• Your Consent: In certain cases, we may rely on your explicit consent to transfer your data. By using our site and providing information, you are consenting to the transfer of your personal information to the U.S. and other jurisdictions as necessary for the services you have requested. We will always handle that information in accordance with this privacy policy.

If you have concerns about international data transfers or require more information about our data transfer safeguards, please contact us. We understand this can be an important issue and are happy to provide additional details as needed.

9. Children’s Privacy

Our website and services are not intended for children under the age of 13. We do not knowingly collect personal information from anyone under 13 years old. If you are under 13, please do not provide any personal information to us, use our contact forms, make purchases, or sign up for services on our site.

If we discover that we have unintentionally collected personal information from a child under 13, we will take immediate steps to delete such information from our records. Parents or guardians who believe that we might have information about their child can contact us at [email protected] and request that we remove it.

For minors between 13 and 18, we advise that they seek permission from a parent or guardian before providing any personal data to us, although our services are generally directed at adults (we do not offer products or services specifically to children).

California residents under 18 years old who have registered to use our site can request removal of content or information they have posted by contacting us. We will make sure such content is anonymized or removed, as required by California’s “Online Eraser” law, while also respecting that removal may not be comprehensive if the content was shared or posted by a third party.

10. External Links

Our website may contain links to external websites or services that are not operated by Oselo Help Corp. For example, we might link to our social media pages (Facebook, Twitter, etc.), partner organizations, or useful resources. This Privacy Policy applies only to our site (oselohelp.com) and the services we directly control. If you click on a third-party link, you will be directed to that third party’s site.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any external sites you visit. However, if you find any issue with a link on our site (such as it being broken or pointing to content that concerns you), please let us know.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy on this page and update the “Effective Date” at the top. If the changes are significant, we may provide a more prominent notice (such as a banner on our website or an email notification, if appropriate).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of our website or services after any changes to the Privacy Policy constitutes your acceptance of those changes.

If we were ever to use your personal information in a manner significantly different from what was stated at the time of collection, we would notify you and, if required by law, seek your consent before doing so.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:

• Email: [email protected]

• Phone: +1 (443) 951-3335

• Mail: Oselo Help Corp, Upper Marlboro, MD, USA (Attn: Privacy) (physical mailing address can be provided here if available)

We will address your inquiry as soon as possible and work with you to resolve any concerns. Your privacy is important to us, and we appreciate the opportunity to clarify our practices or assist you in exercising your rights.

Thank you for trusting Oselo Help Corp. We are dedicated to protecting your personal information and using it responsibly in line with our mission as a nonprofit organization.

2025 © Oselo Help || EIN: 99-4983104