FAQ

Find a Local Chapter

Request A Toy
Donate
Home

Privacy Policy

Marine Toys for Tots Foundation

Effective Date: January 1, 2026

The Marine Toys for Tots Foundation (“Toys for Tots,” “we,” “us,” or “our”) is committed to safeguarding the privacy of our donors, supporters, volunteers, and website visitors. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information obtained through www.toysfortots.org and related services (collectively, the “Services”).

By using our Services, you agree to the terms of this Privacy Policy.

1. Scope and Accountability

This Privacy Policy applies to individuals who interact with Toys for Tots, including:

  • Donors
  • Website visitors
  • Volunteers and supporters

Toys for Tots acts as the data controller for personal information collected directly. We may also use third-party service providers (e.g., donation processors, CRM platforms) that process personal data on our behalf, consistent with contractual safeguards.

2. Information We Collect

We collect personal information in the following categories:

A. Information You Provide

  • Name, address, email address, telephone number
  • Payment information (processed via secure third-party vendors)
  • Donation history and giving preferences
  • Employer information (for matching gifts)
  • Communications with us (e.g., inquiries, surveys)

B. Information Collected Automatically

  • IP address and device identifiers
  • Browser type, operating system
  • Website usage data (pages viewed, time spent, referring URLs)

C. Information from Third Parties

  • Payment processors
  • Fundraising platforms
  • Direct Mail
  • Corporate or workplace giving partners

3. How We Use Personal Information

We use personal information for the following purposes:

  • Processing donations and issuing receipts
  • Providing donor services and responding to inquiries
  • Communicating about programs, campaigns, and fundraising efforts
  • Maintaining donor records and relationship management
  • Improving our Services, website functionality, and outreach efforts
  • Complying with legal obligations

We may also use aggregated or anonymized data for reporting and analysis.

4. How We Share Personal Information

The Marine Toys for Tots Foundation does not sell, rent, or trade donor personal information, consistent with donor expectations.

We may share information only as follows:

  • Service Providers: With vendors who assist in operations (e.g., payment processing, IT systems, mailing services) and are required to maintain data confidentiality
  • Legal Compliance: When required by law, regulation, subpoena, or legal process
  • Protection of Rights: To protect the rights, safety, or property of Toys for Tots or others

5. Donor Privacy Rights and Choices

Toys for Tots provides donors with clear and meaningful control over their personal information.

A. Opt-Out of Information Sharing

Donors may request that their personal information not be shared beyond what is necessary for operational purposes.

B. Opt-Out of Communications

Donors may choose to stop receiving:

  • Email communications
  • Direct mail
  • Telephone outreach

C. Access, Review, and Update Information

Individuals may:

  • Review their personal information
  • Correct inaccuracies
  • Update contact details

D. Request Deletion (Where Applicable)

Donors may request deletion of their information, subject to legal, tax, and recordkeeping requirements.

To exercise any of these rights, contact:

Marine Toys for Tots Foundation
18251 Quantico Gateway Drive
Triangle, VA 22172
Email: foundation@toysfortots.org
Phone: 703-640-9433

We will respond within a reasonable timeframe.

6. Data Retention

We retain personal information only as long as necessary to:

  • Fulfill the purposes outlined in this policy
  • Comply with legal, accounting, and reporting requirements

7. Data Security

The Marine Toys for Tots Foundation implements reasonable and appropriate administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.

Because our fundraising and donor management activities utilize industry-leading third-party platforms (including Bonterra’s Network for Good and related tools), our data security practices are aligned with modern cloud-based SaaS infrastructure and nonprofit payment processing standards.

A. Encryption and Secure Transmission

  • Data in Transit: Personal and financial information transmitted through our website and online donation systems is protected using Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption protocols
  • Data at Rest: Sensitive data stored within our systems and those of our service providers is encrypted using industry-standard encryption practices
  • Data is stored in secure, U.S.-based data centers with redundancy, backup systems, and controlled access

B. Payment Security and PCI Compliance

  • Online donations are processed through PCI-compliant payment processors, meaning:
    • Toys for Tots does not store full credit card information on its own systems
    • Payment data is handled within secure, audited environments designed to protect cardholder data
  • PCI DSS standards exist specifically to protect donor payment information and reduce fraud risk.

C. Access Controls and Authentication

  • Access to personal information is limited to authorized personnel and trusted service providers with a legitimate business need
  • Systems enforce:
    • Role-based access controls
    • Unique user credentials and authentication protections

D. Application and Network Security

  • Systems are designed using secure development practices to mitigate risks such as:
    • Cross-site scripting (XSS)
    • SQL injection
    • Cross-site request forgery (CSRF)
  • Protections include:
    • Firewalls and network isolation
    • Intrusion detection and prevention systems
    • Regular vulnerability scanning and patching

E. Independent Audits and Compliance Standards

  • Toys for Tots environments supporting fundraising platforms maintain security certifications and undergo independent audits, including:
    • SOC 2 Type II (SSAE 18)
    • PCI DSS compliance
    • Alignment with additional regulatory frameworks where applicable
  • These certifications validate controls across administrative, technical, and physical security domains

F. Monitoring, Training, and Risk Management

  • Systems are continuously monitored for potential vulnerabilities and threats
  • External security testing (including vulnerability scans) is conducted regularly
  • Personnel are trained on data security and privacy practices and required to follow formal security policies

G. Important Security Notice

While Toys for Tots and its service providers implement strong safeguards consistent with industry standards, no method of transmission over the Internet or electronic storage system can be guaranteed to be completely secure

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Improve website performance
  • Analyze usage trends
  • Enhance user experience

Users may control cookies through browser settings.

9. Children’s Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children without appropriate consent.

10. Third-Party Links

Our website may contain links to third-party websites. Toys for Tots is not responsible for the privacy practices of those external sites.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in practices, technology, or legal requirements. Updates will be posted with a revised effective date.

12. Contact Information

If you have questions regarding this Privacy Policy or our data practices, contact:

Marine Toys for Tots Foundation
18251 Quantico Gateway Drive
Triangle, VA 22172
Email: foundation@toysfortots.org
Phone: 703-640-9433
Website: www.toysfortots.org

13. Public Accountability and Donor Trust

The Marine Toys for Tots Foundation is committed to transparency and accountability in all operations, including the responsible handling of donor information.

Consistent industry standards, we:

  • Clearly disclose our data collection and use practices
  • Provide donors with control over their personal information
  • Maintain safeguards to protect donor data
  • Operate in a manner designed to build public trust
en_USEnglish
es_MXEspañol de México en_USEnglish