Ian T. Wells & Associates (“ITW”) abides by the code of ethics established by the Association of Professional Researchers for Advancement. Our firm is committed to protecting the data entrusted to us, and to using the information we process for the benefit of our clients. ITW uses only publicly-available resources to obtain, process, and evaluate data for the purpose of helping nonprofit organizations to improve their philanthropic performance. ITW does not share the information provided by its clients with any parties other than the respective clients, ITW employees and independent contractors, and databases utilized to fulfill our obligations. ITW clients retain proprietary ownership of all constituent data that they share with ITW, and possess the right to request the deletion and destruction of ITW’s copies of their proprietary data at any time.
ITW complies with all applicable privacy regulations set forth in relevant legislation, including the California Consumer Privacy Act ("CCPA"), the Family Educational Rights and Privacy Act (“FERPA”), the General Data Protection Regulation (“GDPR”), the Health Insurance Portability and Accountability Act (“HIPAA”), and Chapter 93H of the Massachusetts General Laws. ITW does not obtain, record, or archive bank account numbers, social security numbers, or other unique identifiers that are not available to the public. Information obtained by ITW for legitimate use typically includes individual names, addresses, business information, philanthropic information, professional affiliations, family information, educational information, and private foundation data, when applicable.
ITW adheres to information security protocols that are periodically reviewed to ensure that reasonable measures are undertaken to protect constituent data and privacy. Key components of those protocols include the following measures:
Copies of proprietary information held by ITW for the benefit of a client will be automatically deleted or destroyed by ITW within sixty (60) days of completion of the corresponding service agreement, or within thirty (30) days of notification of the pending deletion, unless the client specifically requests ITW to archive that data for future use.
ITW staff will not transport hardcopies of confidential information outside of their respective offices, with the exception of doing so for a meeting with an ITW client or other ITW staff. ITW staff will take every reasonable precaution to ensure that such documents are securely protected until authorized to destroy them.
All electronic devices – including computers, tablets, and smart phones – used by ITW for research purposes will require user authentication protocols to access the files and programs therein.
All electronic devices – including computers, tablets, and smart phones – used by ITW for research purposes will maintain an active antivirus software program from a credible publisher.
If a security breach has been found, ITW will notify affected clients and the appropriate authorities at the earliest possible time following the breach. If such a scenario occurs, it will mandate a post-incident review of events and actions taken, which will be used to improve standard operating procedures as they pertain to the protection of personal information.
In the event of the resignation or termination of a member of ITW staff, any common ITW passwords that the individual had access to shall be changed, as will any unique passwords that were assigned to that individual.
Failure by ITW staff to abide by the protocols set in this document will merit disciplinary action including, but not limited to, the possibility of termination.
ITW is a data processor for the purpose of defining its rights and obligations as specified by the GDPR. European Union (“EU”) residents are entitled to access their personal information, if any, that is recorded, archived, or otherwise possessed by ITW. In the event of a security breach, EU residents affected by the breach will be notified of the occurrence, and will receive details regarding the amount of personal information subject to the breach. Furthermore, EU residents may request corrections, amendments, and limitations to the use of information ITW collects on them, and may request the outright removal of their personal data from electronic devices or hardcopy documents used by ITW. EU residents may submit requests and inquiries regarding data held by ITW via the contact information provided at the end of this privacy statement; a representative for ITW will respond to such inquiries within sixty (60) days of each request.
ITW may be required to disclose personal information to public officials for purposes concerning law enforcement or national security. If such an event occurs, ITW will notify the corresponding client(s) of such a disclosure at the discretion of said public officials.
Requests for information or action regarding this privacy statement may be sent to Ian T. Wells at email@example.com. Requests sent via traditional mail should be addressed to:
Ian T. Wells President Ian T. Wells & Associates 2 Galloupe Avenue Beverly, MA 01915