Galaxy Digital Privacy Policy

Background

Galaxy Digital provides Software as a Service (SaaS) to a variety of clients including non-profit organizations, colleges and universities, corporations and hospitals for the purpose of recruiting, scheduling and managing volunteers. Each client is provisioned a unique website/domain for their organization through which users voluntarily provide personally identifiable information that is stored on centralized Galaxy Digital Amazon Web Services servers – this data does not reside on client servers, however, clients do have the ability to download any and all data collected via their Galaxy Digital provisioned website. Therefore, this Privacy Policy supersedes any client privacy policies and applies to all data collected via Galaxy Digital’s client websites and stored on Galaxy Digital’s servers.

Galaxy Digital uses reasonable commercial efforts to avoid disclosure of information which is confidential, privileged or non-public other than in accordance with this privacy policy. This Privacy Policy will explain how personal data collected is used by Galaxy Digital.

Topics

• What data do we collect?
• How do we collect your data?
• How will we use your data?
• How do we store your data?
• What are your data protection rights?
• What are cookies, how do we use them, types we use and how to manage your cookies?
• Privacy policies of other websites
• Changes to our Privacy Policy
• How to contact us
  
  

What data do we collect?

In order to register as a potential volunteer for any Galaxy Digital client, users voluntarily provide personally identifiable information including but not limited to:

• First and Last Name
• Address
• Email Address
• Phone Number
• Birth Date
• Education and certifications (varies by client and by type of volunteer role)

How do we collect your data?

The information above is collected voluntarily through clients’ Galaxy Digital website when a user:

• Registers on the client website.
• Use or view client websites via a user’s browser’s cookies.

Additionally, as part of onboarding a new Galaxy Digital client, the client may elect to import user data from the client’s prior volunteer management software solution. This Privacy Policy applies once the data has been imported to the client’s Galaxy Digital provisioned website.

How will we use your data?

Client Websites:

Galaxy Digital’s clients collect your data so they can effectively manage registered volunteers through:

• Understanding volunteer demographics to best fulfill volunteer opportunities within their community.
• Anonymously track number of volunteers and volunteer hours completed for purposes of obtaining grant or other funding.
• Communicate directly with their volunteers via email to provide announcements, distribute newsletters, etc. (Note: Users can elect to opt-out of email communications)
• Automated notifications from the Galaxy Digital system including reminders of upcoming volunteer shifts the user has signed-up for, birthday greetings, notification of potential volunteer opportunities the user may be interested in based on their self-selected interests and skills.

Galaxy Digital-Stored Data:

• Galaxy Digital does not use voluntarily collected personally identifiable information for marketing or direct communication purposes. For any reporting purposes, i.e. number of volunteers across all client sites, the data is anonymized before reporting.
• Galaxy Digital will not share your information with any third party outside of our organization aside from our clients where the information was initially provided voluntarily by the user. The only exception would be if information is requested by law enforcement or is determined to be pertinent to legal proceedings.
•  Galaxy Digital collects cookies (please see section below for more information)
• We may collect your IP (Internet Protocol) address to administer our web site. When a web browser or email application requests a web page or email from another computer on the Internet, it automatically gives that computer the address where it should send the information. This is called the computer's "IP address". All activity is logged and attributed to a specific user. Each of those log entries contains the IP address from which they came.

How do we store your data?

All data is stored on Galaxy Digital servers. Galaxy Digital is hosted with one of the largest data center providers, Amazon Web Services (AWS). Access to these data centers is strictly controlled and monitored by 24/7, on-site security staff, biometric scanning, and video surveillance. AWS maintains multiple certifications for its data centers, including ISO 27001, PCI DSS, Cloud Security Alliance Controls, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website. Galaxy Digital runs in a VPC protected environment which has a logically separated database and dedicated file storage for each individual enterprise client. All services that make up the Galaxy Digital system are highly available. We use a combination of clustering, load-balancing, and replication in order to ensure that there are no single points of failure in the system. Each of our regions makes use of two or more availability zones, with redundancy across them. Galaxy Digital uses a WAF, Firewall, and Malware protected environment which meets the highest security standards.

Galaxy Digital enterprise customers have the option of having the data hosted in one of the following regions: North Virginia (US), or Canada (CA).

Data Security

Encryption In Transit

Galaxy Digital leverages Transport Layer Security (TLS) 1.2 (or better) for Customer Data in-transit over untrusted networks. Galaxy Digital supports full encryption in transit. No non-encrypted data leaves our datacenter. All our monitoring and backend systems either send local traffic over the VPC, or they use transport-level encryption when communicating with the rest of the internet.

Encryption At Rest

Galaxy Digital encrypts Customer Data at-rest using AES 256-bit (or better) encryption.

User Access

For access purposes, we use dedicated roles and access for database administrators, general administrators, and support staff. In addition, we follow the principle of least privilege. All our employees are technically forced to use 2-factor-authentication whenever possible as well as our password policy for all internal and external tools.

What are your data protection rights?

Galaxy Digital would like to make sure users are fully aware of all of their data protection rights. Every user is entitled to the following:

The right to access – Users have the right to access all of the personally identifiable information collected by Galaxy Digital’s client sites. This can be done on the client site for which the user is registered by viewing their User Profile and/or can be exported/downloaded in a portable format by clicking “Export My Data”.

The right to rectification – Users have the right to correct any information they believe is inaccurate. This can be done on the client site for which the user is registered by viewing their User Profile and simply correcting the inaccurate information and then click “Update” to save the correct information.

The right to erasure – Users have the right to request to be forgotten. This can be done on the client site for which the user is registered by viewing their User Profile – Data and Communications and clicking “Forget Me”. This will disable the user’s account and anonymize any of their data.

If users or Clients have any questions about how to exercise these rights, please contact Galaxy Digital via email: support@galaxydigital.com.

Cookies – what are they, what types do we use and how to manage them

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org.

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses only functional cookies, we do not use them for advertising or marketing purposes:

• Functionality - Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

How do we use cookies?

Our Company uses cookies to improve your experience on our website, including:

• Keeping you signed in
• Understanding how you use our website.

How to manage your cookies

Cookies can be managed in one of two ways:

• When landing on the home page of a Galaxy Digital client site, users are presented with a dialog box to accept cookies. Users can agree to accept cookies or decline to accept. OR
• Users can set your browser not to accept cookies from any site (the above website tells you how to remove cookies from your browser).
• However, in some cases if a user has disabled cookies, some of Galaxy Digital’s client website features may not function as a result.

Privacy policy of client websites

Galaxy Digital’s Privacy Policy applies to data collected by client websites and stored on Galaxy Digital servers. Our Privacy Policy supersedes any and all Galaxy Digital client website policies. However, Galaxy Digital’s client websites contain links to other websites. These web sites that you may link to from our site, including our clients’ websites, have their own privacy policies. Galaxy Digital is not responsible for the privacy practices of other web sites or clients. Galaxy Digital encourages users to review the privacy policies of client websites before providing them with any personally identifiable data.

Changes to our privacy policy

Galaxy Digital keeps its Privacy Policy under regular review and places any updates on this webpage. This Privacy Policy was last updated as of April 1, 2022. Additionally, with recent trends across the globe toward stricter data privacy policies, Galaxy Digital makes every commercially reasonable effort to ensure our policies meet and/or exceed privacy policies that impact our clients.

How to contact us

If you have any questions about Galaxy Digital’s Privacy Policy or the data we hold on you please do not hesitate to contact us at support@galaxydigital.com.