This Privacy Policy meticulously outlines the manner in which Two Hearts Wildlife Rehab Rescue and Sanctuary, henceforth referred to as “Two Hearts,” “we,” “us,” or “the Sanctuary,” collects, uses, maintains, and discloses information gathered from users, supporters, volunteers, and rescue reporters (each, a “User”) of the thwrrs.site website and related services, including all forms, donation portals, electronic communications, and telephone triage reports. Two Hearts is fundamentally committed to the ethical stewardship of not only the native wildlife under our care but also the personal information entrusted to us by our community. We recognize that the data you share is a cornerstone of our ability to operate effectively, to fund our life-saving rescues, and to maintain compliance with the numerous state and federal permits governing wildlife rehabilitation and non-profit operations. This document serves as our comprehensive pledge to safeguard your privacy and explains our data processing activities in exceptional detail, ensuring transparency regarding every step we take to manage and secure your personal data. This policy applies uniformly across all platforms and communication channels where your data is collected in conjunction with our services and mission, and we encourage you to read this detailed statement in its entirety to fully understand your rights and our responsibilities concerning your personal information in this unique context of wildlife conservation.

Data Collection: Categories and Sources of Information

To fulfill our complex mission, Two Hearts collects personal data across several distinct categories, the necessity and extent of which are determined by your specific interaction with the Sanctuary. We collect data directly from you, automatically through your use of our digital platforms, and occasionally from trusted third-party partners involved in processing donations or fulfilling legal obligations.

Category 1: Contact and Identifying Information (Direct Collection) This includes, but is not limited to, names, postal addresses, email addresses, telephone numbers, and professional affiliation. We collect this data when you sign up for our newsletter, register for an educational event, fill out a general inquiry form, or specifically request a direct communication regarding our work or a rescue situation. This core identifying information is vital for maintaining donor records, acknowledging support, and ensuring that our communications are accurately directed to you.

Category 2: Financial and Transactional Information (Direct Collection) When you make a donation or purchase merchandise, we collect data necessary to process the transaction. This includes credit card details (processed securely by third-party PCI-compliant services, we do not store full card numbers), billing addresses, transaction history, and donation amounts. This information is used exclusively for financial accountability, tax documentation, and confirming the status of your support.

Category 3: Wildlife Report and Triage Data (Sensitive and Specific Collection) This is unique to our mission and includes highly contextual data collected during a wildlife emergency report. This information is critical and may include the full name and contact details of the reporter, the precise location (street address or GPS coordinates) where the animal was found, detailed descriptions of the animal’s condition, the perceived cause of injury, and any subsequent logs regarding transport or interaction. This data is considered sensitive due to its direct link to a potentially life-or-death situation for the wildlife patient and its necessity for legal reporting to state wildlife agencies.

Category 4: Volunteer and Career Applicant Data (Direct Collection) For those seeking to dedicate their time or professional expertise, we collect résumés, application forms, professional background details, emergency contact information, certifications, licensing information (crucial for licensed wildlife rehabilitators), and availability schedules. This detailed information is necessary for screening, training, safety protocols, and matching skills to the demanding requirements of patient care and facility management.

Category 5: Technical, Usage, and Analytical Data (Automatic Collection) As you navigate our website, we automatically collect information about your device and activity, including your Internet Protocol (IP) address, browser type, operating system, pages visited, the time and date of access, and referral URLs. We also utilize cookies and similar tracking technologies to monitor site performance, understand user behavior, and optimize the accessibility of our content, ensuring our digital resources are effectively serving our mission. This aggregated data assists us in improving website security and functionality.

Purpose of Data Processing and Use of Information

The data collected by Two Hearts serves multiple, well-defined operational and legal purposes, each linked directly to the integrity and effectiveness of our mission:

Primary Mission Fulfillment and Patient Care: Data collected under Category 3 (Wildlife Report Data) is utilized immediately to initiate our emergency response chain. The location and condition information are paramount for dispatching rescue staff or guiding the reporter on safe interim care. This data forms a permanent part of the patient’s case file, documenting the legal chain of custody and treatment, which is mandated for reporting to state and federal permitting authorities, proving the legality and ethical standards of our rehabilitation and eventual release or permanent sanctuary designation. Without this specific data, we cannot legally or responsibly intervene in a wildlife emergency, and the retention of this historical data informs future treatment protocols.

Financial Accountability and Support Acknowledgment: Category 2 (Financial and Transactional Information) is processed for the sole purpose of completing your requested donation or transaction. We use your contact details to generate and send official tax receipts, acknowledge your generosity, and provide necessary statements for financial compliance and audit purposes. We also analyze aggregated, anonymized transactional data to understand fundraising trends, allowing us to effectively plan for the sanctuary’s seasonal needs, such as peak orphan season or major infrastructure projects.

Operational Management and Security: Categories 1 and 4 (Contact, Volunteer Data) are essential for the efficient daily functioning of the Sanctuary. Contact information is used for direct, timely communication with volunteers regarding scheduling, training updates, and critical operational changes. Applicant data is used for background checks, verifying professional licensing, and ensuring compliance with our strict safety protocols, which protect both our staff and our sensitive patient populations. Technical data (Category 5) is utilized to monitor for and mitigate cybersecurity threats, ensuring the stable and secure operation of our donation and informational portals, thereby protecting your data from unauthorized access.

Marketing, Communications, and Outreach: With your express consent (where required), we use Category 1 data to send periodic communications, including newsletters, updates on successful releases, educational articles on coexistence, and appeals for funding or material supplies. This outreach is fundamental to our non-profit sustainability and educational mandate, keeping our community engaged with the tangible impact of their support and fostering a broader culture of conservation stewardship. You maintain the right to opt-out of these non-essential communications at any time via the unsubscribe links provided in every email or by contacting us directly.

Legal and Regulatory Compliance: All categories of collected data are maintained, where necessary, to comply with applicable laws, government regulations, and the specific terms of our wildlife rehabilitation permits issued by state and federal authorities. This includes maintaining auditable records of financial transactions, proving legal authority to handle protected species, and cooperating with law enforcement agencies or regulatory bodies when mandated by law or court order.

Legal Basis for Processing Your Personal Data

Our processing of your personal data is grounded in specific legal bases as required by global privacy frameworks, including the European Union’s General Data Protection Regulation (GDPR) and similar comprehensive laws:

Consent: We rely on your explicit, affirmative consent for processing your data for specific purposes, most notably for sending marketing communications (newsletters, general appeals) and for voluntarily submitting non-emergency photos or content related to your involvement with the Sanctuary for promotional use. You have the right to withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legitimate Interests: We process certain data based on our legitimate interests as a non-profit organization focused on conservation. This includes using website analytics to improve the user experience, processing your donations, and communicating with you about your prior support. Our legitimate interests are balanced carefully against your fundamental rights and freedoms, ensuring that the processing is proportionate and necessary to operate and fund our mission without unduly infringing on your privacy. The protection of wildlife under our care constitutes a particularly high-priority legitimate interest.

Contractual Necessity: When you become a formal volunteer, apply for a job, or make a merchandise purchase, the processing of your personal data is necessary for entering into or fulfilling the terms of that specific contract or agreement, such as scheduling shifts, ensuring proper training, or shipping a purchased item.

Legal Obligation: We process and retain certain records to comply with mandatory legal obligations. This is particularly relevant for financial records (tax and audit compliance) and detailed wildlife case logs (permit compliance with state and federal agencies).

Data Sharing, Disclosure, and Third-Party Processors

Two Hearts does not sell, trade, or rent your personal identification information to others. However, we do share or disclose data with specific, trusted third-party partners and in legally mandated circumstances to ensure the effective and secure operation of the Sanctuary:

Service Providers: We engage reputable third-party companies and individuals to facilitate our operations (“Service Providers”) who perform critical functions such as website hosting, maintenance, data analysis, customer communication (email delivery services), and volunteer management software. These providers are given access only to the personal information required to perform their specific tasks and are contractually bound to confidentiality, data security, and compliance with all applicable data protection laws.

Payment Processors: All financial transactions and donations are handled directly by PCI DSS compliant third-party payment processors (e.g., platforms like Stripe or PayPal). We do not store or process your full credit card details. The processors only provide us with transaction verification and billing information necessary for accounting and tax purposes.

Regulatory and Governmental Agencies: As a licensed wildlife rehabilitation facility, we are legally required to share detailed patient reports, including rescue location and intake data (Category 3), with state (e.g., South Carolina Department of Natural Resources) and federal (e.g., U.S. Fish and Wildlife Service) regulatory bodies as a mandatory condition of our permits. This disclosure is solely for compliance and oversight purposes.

Law Enforcement and Legal Compliance: We will disclose personal information when required to do so by law or subpoena or if we believe that such action is necessary to comply with the law, respond to a court order, or protect the rights, property, or safety of Two Hearts, our employees, our volunteers, or the public.

Corporate Transitions: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as a part of the assets, provided the receiving entity agrees to uphold the principles and protections outlined in this Privacy Policy.

Data Retention and Storage

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements, and to defend legal claims.

Rescue and Patient Data (Category 3): Due to the mandatory regulatory nature of wildlife rehabilitation, case files containing personal identifying information (reporter contact, location) are often maintained for five to ten years or indefinitely, depending on the specific state and federal permit requirements related to species tracking, medical outcomes, and historical data analysis. This extended retention is a legal necessity and directly contributes to long-term conservation research.

Donor and Financial Data (Category 2): Financial records are retained for a minimum of seven years to comply with tax and audit laws, even if your active support relationship with the Sanctuary has concluded.

Volunteer/Applicant Data (Category 4): Active volunteer records are retained for the duration of the volunteer relationship plus a reasonable period for administrative purposes. Data from unsuccessful or former applicants is typically retained for one to two years to comply with employment laws and internal review processes, after which it is securely purged or anonymized.

Marketing/Contact Data (Category 1): We retain this data until you exercise your right to opt-out or unsubscribe. Once unsubscribed, we may retain a minimal suppression record to ensure we honor your request not to be contacted in the future.

Data Security and Protection Measures

Two Hearts is dedicated to protecting your data and has implemented appropriate technical and organizational measures designed to secure your personal information against accidental loss, unauthorized access, use, alteration, and disclosure. Our security measures are proportionate to the risk associated with the personal data we process, particularly sensitive wildlife report data.

Technical Controls: We employ industry-standard security practices, including the use of Secure Sockets Layer (SSL) encryption for data transmitted through our website, multi-factor authentication for internal systems accessing sensitive data, and firewalls to prevent unauthorized external access. Our digital infrastructure undergoes regular vulnerability scanning and patching to maintain a secure environment.

Organizational Controls: Access to personal data is strictly limited to employees, volunteers, and service providers who have a legitimate business need to know that information for mission-related tasks. This access is controlled via unique credentials and is governed by strict confidentiality agreements and training on privacy protocols. Data pertaining to the location and specific condition of animals is handled with exceptional care and kept out of public view to protect the patients’ recovery trajectory.

Third-Party Security: We vet our third-party processors (especially payment providers) to ensure they comply with high security standards, such as PCI DSS compliance for payment processing, to secure your financial information which is handled directly by them. Despite these efforts, no transmission of data over the Internet can be guaranteed to be 100% secure, and while we strive to protect your personal data, we cannot guarantee its absolute security.

User Rights, Choices, and Transparency

Depending on your jurisdiction, you possess specific rights regarding the personal data we hold about you. Two Hearts is committed to facilitating the exercise of these rights transparently and efficiently:

Right of Access (Right to Know): You have the right to request confirmation of whether we are processing your personal data and, if so, to access a copy of the data we hold about you, along with detailed information on the purposes, categories, and recipients of that data.

Right to Rectification (Correction): You have the right to request that any incomplete or inaccurate personal data we hold about you be corrected or completed promptly. This is particularly important for ensuring we have accurate contact information during a wildlife emergency response.

Right to Erasure (Right to Be Forgotten): You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent and there is no overriding legitimate interest for continued processing. Please note that this right is not absolute and cannot be exercised where the retention of data is required for legal, regulatory compliance (especially for mandatory wildlife reporting data), or audit purposes.

Right to Object and Restrict Processing: You have the right to object to or request that we restrict the processing of your personal data under certain conditions, particularly if you are contesting the accuracy of the data or our reliance on legitimate interests for processing.

Right to Data Portability: Where technically feasible and based on consent or contractual necessity, you have the right to request that your personal data be transferred to you or another party in a structured, commonly used, and machine-readable format.

Opt-Out from Communications: You can easily exercise your right to withdraw consent from receiving marketing or general appeal emails by clicking the “unsubscribe” link located at the bottom of every such communication, or by contacting our Data Protection Officer directly.

To exercise any of these rights, please submit a detailed request in writing to the contact information provided at the end of this policy. We may need to verify your identity before processing your request to ensure the security of your data.

Cookies and Tracking Technologies

Our website utilizes cookies and similar tracking technologies to enhance your experience, measure website performance, and support our fundraising efforts. Cookies are small data files placed on your device that allow us to remember your preferences and activities:

Essential/Functional Cookies: These cookies are strictly necessary for the operation of the website, enabling core functionalities such as navigation, form submissions (like the rescue intake form), and securing donation transactions. The website cannot function correctly without these cookies.

Analytical/Performance Cookies: We use services like Google Analytics to understand how users interact with our website, monitoring traffic, identifying popular content, and observing user paths. This data helps us improve the structure, content, and accessibility of our online resources. This information is typically aggregated and anonymized.

Third-Party Cookies (Fundraising/Social Media): We may occasionally use tracking pixels or cookies provided by trusted third-party platforms (like Facebook or Google) to track the effectiveness of our fundraising campaigns and educational outreach efforts, ensuring that our limited resources are efficiently spent on reaching potential supporters who are most likely to engage with our mission. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.

Children’s Privacy (Compliance with COPPA)

Two Hearts Wildlife Rehab Rescue and Sanctuary does not knowingly collect or solicit personal information from anyone under the age of 13 without verifiable parental consent, consistent with the requirements of the Children’s Online Privacy Protection Act (COPPA). Our website and services are directed toward individuals who are 18 years of age or older and/or those acting in a professional or parental capacity. If you are a parent or guardian and become aware that your child has provided us with personal data without your consent, please contact us immediately. We will take swift steps to remove that information from our systems and terminate any associated account. While our educational materials are suitable for all ages, the direct participation in our programs, including volunteering, requires participants to meet minimum age and legal requirements due to the inherent demands and safety considerations of working with wild animals.

Changes to This Privacy Policy

Two Hearts reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, organizational structure, legal requirements, or technological advancements. When we do update the policy, we will revise the “Last Updated” date at the top of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications, and your continued use of our website and services following the posting of changes constitutes acceptance of those changes.

Contacting Us and Data Protection Officer

If you have any questions about this Privacy Policy, the practices of this site, your dealings with Two Hearts Wildlife Rehab Rescue and Sanctuary, or to exercise any of your data rights, please contact us at the following:

Data Protection Officer/Administrative Contact:

Two Hearts Wildlife Rehab Rescue and Sanctuary

Address: 149 WISHING WELL LN, SUNSET, SC 29685

Email: info@thwrrs.site

We are committed to resolving your privacy concerns ethically, professionally, and in full compliance with all applicable laws and regulations. We will respond to your formal inquiry in a timely and comprehensive manner, guided by our commitment to transparency and data stewardship.