Galaxy Digital Privacy Policy

At Galaxy Digital, we are strongly committed to respecting and protecting your privacy. We know that you care how your personal information is shared and used. We appreciate your trust that we handle your personal information sensibly and responsibly. This privacy policy (“Policy”) is designed to help you understand how we collect, use, and share personal information we collect through the Galaxy Digital websites and other services we operate. This policy applies to individuals who browse and use our website (www.galaxydigital.com) and affiliate websites or applications (including client websites, mobile apps) hosted by Galaxy Digital (all such Internet locations collectively referred to as the “Site”), and those individuals whose personal information is collected and provided to us, either from us directly or from Galaxy Digital clients or third party service providers (“Partners”) for the purposes described in this policy.  Any visitor or individual who provides personally identifiable information (“Personal Information”) or any other information to Galaxy Digital or to any Partners consents to the collection, use and disclosure of such Personal Information under the terms of this Policy. Because we're an internet company, providing Software as a Service (SaaS) to a variety of clients including non-profit organizations, colleges and universities, corporations, and hospitals for the purpose of recruiting, scheduling and managing volunteers, some of the concepts below are a little technical and can be confusing, but we've tried our best to explain things simply and transparently. If you have any questions about our privacy policy, please let us know. 

At Galaxy Digital, each client is provisioned a unique website/domain for their organization through which users voluntarily provide Personal Information for volunteerism. This Policy only applies to Personal Information collected via Galaxy Digital’s client websites and stored on Galaxy Digital’s servers. Galaxy Digital Partner websites may contain links to other third-party websites that are not affiliated with Galaxy Digital. These websites that you may link to from our Site, including our clients’ websites, have their own privacy policies. Galaxy Digital is not responsible for the privacy practices of other websites or Partners. Galaxy Digital encourages users to review the privacy policies of Partner websites before providing them with any Personal Information.

Topics

• What information do we collect?
• How we collect your information
• Do Not Track Policy
• How we use your information
• How do we store your information?
• How we share your information
• How long do we keep your information?
• Your choices and rights
• Children’s Privacy
• Changes to our Privacy Policy
• Cookies
• Contact Us
• Last Updated

What information do we collect?

To register as a potential volunteer for any Galaxy Digital client, users voluntarily provide Personal Information that may be collected by or on behalf of Galaxy Digital or our Partners, including but not limited to:

• Contact details. First and Last Name, address, email address, phone number
• Demographic data. Birth date, age, country.
• Data on how you use our website. This may include your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.

How we collect your information

We may collect and receive information from you when you:

• use or access our Site, such as registering on a client website hosted by Galaxy Digital and/or
• use any of our services, including when you interact with us.

When you create an account, you will be asked to create a username and password, which you will need to access your account information. You are responsible for maintaining the confidentiality of your password.

We may also collect information automatically when you access our website.

Like many websites, we automatically collect information from your browser or mobile device when you use or interact with our Site. We collect this information to improve our Site, better understand you and to communicate with you. This information may include:

• how you interact with our Site, such as the pages you view or how long you stay on our Site;
• computer and connection information such as browser type, version, and time-zone setting;
• your browser plug-in type and versions;
• geolocation data;
• Standard server log data, such as your application version number, computer type (Windows or Macintosh), screen resolution, operating system, browser type and version, and the date and time of your visit; and 
• Identifiers, such as your Internet Protocol (IP) address, device identifiers (including the manufacturer and model), and Media Access Control (MAC) address.

During some visits we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. 

Cookies

We also use session cookies to collect information only while you are visiting our Site. 

We, along with our Partners, use various technologies to collect and store information when you visit our Site to use our services, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our Partners, such as advertising services. These technologies allow us to serve you better. They allow us to understand website and Internet usage and to improve or customize the content, offerings, or advertisements on our Site. 

The technologies we use for this automatic data collection may include:

• Cookies. A cookie is a small file placed on the hard drive of your computer. We use cookies to store information, such as your login credentials and website preferences, so that we can remember certain choices you have made Cookies can also be used to recognize your device so that you do not have to provide the same information more than once. 
• Web beacons. Pages of our Site or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
• Mobile device identifiers and SDKs. A mobile SDK is the mobile app version of a web beacon. The SDK is a bit of computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services or analytics to be performed.
• Other technologies. There are other local storage and Internet technologies, such as local shared objects (also referred to as “Flash cookies”) and HTML5 local storage, which operate similarly to the technologies discussed above.

You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable local shared objects and similar technologies. For example, local shared objects can be controlled through the instructions on Adobe’s Setting Managerpage. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you, and any differences in service are related to the data. Deleting cookies may, in some cases, cancel the opt-out selection in your browser.

Some of our third-party partners are members of the Network Advertising Initiative, which offers a single location to opt out of ad targeting from member companies. To learn more, please click here or here. For additional information on how Google processes your information and what choices you may have, visit their site here. Due to differences between websites and mobile apps, you may need to take additional steps to opt-out of interest-based advertising for mobile applications. Please check your device settings and mobile app permissions for additional information on how to opt-out. You also may stop further data collection from a mobile application by removing it from your mobile device. 

If you are interested in learning more about cookies, click here. You can update your cookie preferences for our website any time by clicking here.

We may collect information from other sources.

We may collect and receive information about you from other sources, such as:

• Galaxy Digital’s clients, which may include your employer or school in connection with your application to volunteer; 
• publicly available sources; and/or
• marketing service providers.

This Policy applies once personal information has been imported to the Site.

Do Not Track Policy

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track your online activities over time and across different websites. Our website is not configured to read or respond to "do not track" settings or signals in your browser headings.

How we use your information

We collect and use your information so that we can operate effectively, provide services to our clients, and provide you with the best experience when you interact with us. Providing this information to us ensures that you are receiving the necessary services, consistent with your rights and interests under applicable laws. Information used that might be deemed sensitive is strictly for the provision of our services to you. We also use the information we collect for the following purposes:

• Understanding volunteer demographics to best fulfill volunteer opportunities within their community.
• Anonymously track number of volunteers and volunteer hours completed for purposes of obtaining grants or other funding.
• Communicate directly with their volunteers via email to provide announcements, distribute newsletters, etc. (Note: Users can elect to opt-out of email communications)
• Automated notifications from the Galaxy Digital system including reminders of upcoming volunteer shifts the user has signed-up for, birthday greetings, notification of potential volunteer opportunities the user may be interested in based on their self-selected interests and skills.
• User support. Notifying you of any changes to our services; responding to your inquiries; investigate and address concerns raised by you; and monitor and improve our customer support and user support responses.
• Improving our services. Conducting data analysis and audits; developing new products and services; enhancing our website; improving our services; identifying usage trends and visiting patterns; conducting customer satisfaction, market research, and quality assurance surveys; determining the effectiveness of our promotions; and meeting contractual obligations. 
• Marketing. To communicate news about our services and other information we think may be of interest to you. 
• Safety and security. Using closed circuit television systems, electronic key cards, and other security systems to maintain the safety and security of you, your data, and our guests, visitors, and employees at our offices. 
• Legal proceedings and requirements. Investigating or addressing claims or disputes relating to your use of our services; or as otherwise allowed by applicable law; or as requested by regulators, government entities, and official inquiries. 

For any reporting purposes, i.e., number of volunteers across all client sites, the information is anonymized before reporting.

How we store your information

All Personal Information is stored on Galaxy Digital servers. Galaxy Digital is hosted with one of the largest data center providers, Amazon Web Services (AWS). Access to these data centers is strictly controlled and monitored by 24/7, on-site security staff, biometric scanning, and video surveillance. AWS maintains multiple certifications for its data centers, including ISO 27001, PCI DSS, Cloud Security Alliance Controls, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website. Galaxy Digital runs in a VPC protected environment which has a logically separated database and dedicated file storage for each individual enterprise client. All services that make up the Galaxy Digital system are available. We use a combination of clustering, load-balancing, and replication to ensure that there are no single points of failure in the system. Each of our regions makes use of two or more availability zones, with redundancy across them. Galaxy Digital uses a WAF, Firewall, and Malware protected environment which meets the highest security standards.

Galaxy Digital enterprise customers have the option of having the information hosted in one of the following regions: North Virginia (US), or Canada (CA).

Security

• Encryption In Transit

Galaxy Digital leverages Transport Layer Security (TLS) 1.2 (or better) for Personal Information in-transit over untrusted networks. Galaxy Digital supports full encryption in transit. No non-encrypted Personal Information leaves our datacenter. All our monitoring and backend systems either send local traffic over the VPC, or they use transport-level encryption when communicating with the rest of the internet.

• Encryption At Rest

Galaxy Digital encrypts Personal Information at-rest using AES 256-bit (or better) encryption. 

User Access

For access purposes, we use dedicated roles and access for database administrators, general administrators, and support staff. In addition, we follow the principle of least privilege. All our employees are technically forced to use 2-factor-authentication whenever possible as well as our password policy for all internal and external tools.

Your Choices and Rights

You have options to stop receiving communications from Galaxy Digital if requested. You may also change and modify Personal Information previously provided. To remove or change Personal Information in our database, or to not receive future communications from Galaxy Digital, you can exercise these options, by contacting us or by navigating to your profile > edit profile to review, confirm, correct, export, or deactivate with an option to delete.

• Promotional emails and other marketing material. You can unsubscribe from receiving marketing material from us at any time by clicking the unsubscribe link found at the bottom of our emails which directs you to manage your preferences or by emailing us at support@galaxydigital.com. Unsubscribing from promotional material will not prevent you from receiving transactional, relationship, or non-commercial content from us.

• Cookies and third-party advertising. You can update your cookie preferences for our website any time. For instructions on how to adjust cookie settings and opt-out of third-party ad targeting in general, click here.

Depending on where you live, you may have additional rights to:

• Request access to your personal information; and

• Request deletion of your personal information

Your California Privacy Rights. If you are a California resident, you may request information on the disclosure of your Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to support@galaxydigital.com or write us at Galaxy Digital, Attn: Legal, 53 S French Broad Ave Asheville, NC 28801. 

California residents

If you are a California resident, we must tell you certain things about your Personal Information and your rights regarding your Personal Information that we have collected in the last twelve (12) months. First, let us tell you more about how your Personal Information is collected, used, and shared. Please keep in mind that not all categories or personal information will apply to all California residents:

Sensitive Information

Galaxy Digital does not use or disclose sensitive Personal Information except to perform the services for which the information is collected.

Third-Party Collection of Personal Information

We use third-party cookies to collect personal information about your interaction with our website. These third parties include:

• Google. For more information about Google Analytics and how it collects and processes data, please see “How Google Uses Data When You Use Our Partners’ Sites or Apps.”
• Microsoft. For more information about Microsoft cookies please see “Delete and manage cookies - Microsoft Support.”
• Adobe. For more information about Adobe cookies or to opt-out, please see “Adobe Privacy Center.”

Rights Regarding Your Personal Information (California, Colorado, Connecticut, Utah, and Virginia)

You have several rights regarding your personal information. We will explain those rights to you and how you may exercise them:

• Right to delete. You may submit a verifiable request to close your account, and we will delete personal information about you that we have collected. However, keep in mind that this right is subject to certain exceptions.
• Right to know and access. You may submit a verifiable request for information regarding: (1) categories of personal information we have collected; (2) categories of sources from which we collect personal information; (3) our business or commercial purpose for collecting personal information; (4) categories of third parties with whom we share personal information; and (5) specific pieces of personal information collected about you.
• Right to correct:  You can request that we correct inaccurate personal information we maintain about you.
• Right to confirm. You can request confirmation whether we are processing your Personal Information. 
• Right to opt out. You may submit a verifiable request that we not "sell" (as defined by CCPA) your personal information to third parties.
• Right to portability. You can request a portable copy of your Personal Information to the extent technically feasible and provided we will not be required to reveal any trade secrets.
• Right to equal service. We will not discriminate against you for exercising your privacy rights.

Just to clarify - we do not sell your personal information to any third party in exchange for monetary consideration. However, like most companies, we do share information that could be considered a "sale," as defined by the California Privacy Rights Act (CPRA). The CPRA defines “sharing” as renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration, such as advertising. This includes sharing identifiers, commercial information and internet or other electronic network activity with advertising networks and website analytics companies. If you choose to opt-out, personal information about your device and browser will no longer be accessed by third parties. You can always opt out of this practice by updating your cookie preferences.

If you would like to exercise your rights, please contact us via one of the following methods:

• Managing Preferences on your Galaxy Digital Profile
• Call us toll-free at (828) 575-5300
• Email us at support@galaxydigital.com
• Write to us at Galaxy Digital, Attn: Legal 53 S French Broad Ave Asheville, NC 28801

To complete your request, you may be asked to provide additional information to verify your identity. We will compare the information you provide to any information we may have in our possession to verify your request. The information you provide must match the information we have in our possession. This measure is in place to help ensure that your Personal Information is not disclosed to any person who does not have the right to receive it. The information collected through this process will be used for verification purposes only.

If you are a California or Virginia resident and would like to use an agent registered with the California Secretary of State to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.

Children's privacy

Children under thirteen are not allowed to use our services without parental consent. If we learn we have collected or received personal information from a child under thirteen without verification of parental consent, we will promptly send the parent a communication with a request to authorize use of our services. If we do not receive parental verification, we will delete the information OR the account is immediately deactivated and deleted. If you believe we might have any information from or about a child under 13, please contact us at support@galaxydigital.com<.

Changes to our Privacy Policy

Galaxy Digital keeps its Privacy Policy under regular review and places any updates on this webpage. With recent trends across the globe toward stricter data privacy policies, Galaxy Digital makes every commercially reasonable effort to ensure our policies meet and/or exceed privacy policies that impact our clients.

Contact us

If you have any questions about Galaxy Digital’s Privacy Policy or your Personal Information, please do not hesitate to contact us at support@galaxydigital.com or by writing us at Galaxy Digital, Attn: Legal 53 S French Broad Ave Asheville, NC 28801. You can also call us at (828) 575-5300.

Last Updated

Our privacy policy was last updated on July 31, 2023