Menu

Privacy Policy

Last Updated: April 15, 2026


1. Introduction

Cristosal (“we,” “us,” or “our”) operates the website cristosal.org (the “Site”). We are a nonprofit human rights organization committed to transparency and to protecting the privacy of everyone who visits our Site or engages with our work. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the rights you have regarding your data.

By using the Site, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Site.

 

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information you voluntarily provide when you:

  • Complete our newsletter signup form (name and email address).
  • Submit a contact form inquiry (name, email address, and message content).
2.2 Information Collected Automatically

When you visit the Site, we automatically collect certain technical and usage data, including:

  • IP address and approximate geographic location (country, region, or city).
  • Browser type, operating system, and device information.
  • Pages visited, time spent on pages, and referring URLs.
  • Cookies and similar tracking technologies (see Section 5).
2.3 Sensitive Data

We do not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or financial account numbers. Our work involves human rights issues in Central America; if you voluntarily share sensitive information in a contact form message, we will handle it with the utmost care and confidentiality.

 

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To send you our newsletter and updates about Cristosal’s work (with your consent).
  • To respond to contact form inquiries and correspondence.
  • To analyze Site traffic and improve our content and user experience (via Google Analytics).
  • To understand how visitors discover and engage with our Site (via Facebook/Meta Pixel).
  • To manage our supporter relationships and communications through Bloomerang, our constituent relationship management (CRM) platform.
  • To comply with legal obligations and protect our legal rights.

 

We will not use your personal information for purposes incompatible with those listed above without first obtaining your consent.

 

4. Legal Basis for Processing (GDPR)

If you are located in the European Union or European Economic Area, our legal bases for processing your personal data under the General Data Protection Regulation (GDPR) are:

  • Consent: For newsletter subscriptions and the use of non-essential cookies (e.g., analytics and marketing trackers). You may withdraw consent at any time.
  • Legitimate Interests: For analyzing Site usage and preventing fraud, where these interests are not overridden by your rights.
  • Legal Obligation: Where processing is required to comply with applicable law.

 

5. Cookies and Tracking Technologies

5.1 What We Use

Our Site uses the following cookies and tracking tools:

  • Google Analytics: Collects anonymized data about Site traffic and user behavior to help us understand how visitors use cristosal.org. Google may use this data in accordance with its own privacy policy (policies.google.com/privacy).
  • Facebook/Meta Pixel: Tracks visitor actions on our Site to help us measure the effectiveness of our content on social media platforms. Meta may use this data in accordance with its own privacy policy (facebook.com/privacy/policy).
  • Essential cookies: Technically necessary for the Site to function properly.
5.2 Your Cookie Choices

You can control or disable cookies through your browser settings. You may also opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on (tools.google.com/dlpage/gaoptout). To opt out of Meta’s data collection, visit facebook.com/settings/?tab=ads.

 

Please note that disabling certain cookies may affect the functionality of the Site.

 

6. Third-Party Service Providers

We share your personal information with the following trusted service providers who assist us in operating the Site and fulfilling our mission:

  • Google LLC (Google Analytics) — analytics and site performance measurement.
  • Meta Platforms, Inc. (Facebook Pixel) — social media analytics and reach measurement.
  • Bloomerang — nonprofit constituent relationship management, newsletter delivery, and supporter communications.

 

These providers act as data processors on our behalf and are contractually required to protect your data and use it only for the services they provide to us. We do not sell your personal information to any third party.

 

7. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Policy, or as required by law:

  • Newsletter subscribers: Retained until you unsubscribe.
  • Contact form submissions: Retained for up to three (3) years for correspondence and legal purposes.
  • Analytics data: Retained per Google Analytics default settings (26 months for user-level data).
  • Bloomerang CRM records: Retained in accordance with applicable nonprofit recordkeeping requirements.

 

8. Your Privacy Rights

8.1 All Users

Regardless of your location, you have the right to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate data.
  • Unsubscribe from our newsletter at any time via the unsubscribe link in any email.
  • Contact us with any privacy-related questions or concerns.
8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to correct inaccurate information, and the right to opt out of the sale or sharing of your personal information. We do not sell personal information. To exercise your California rights, contact us at info@cristosal.org.

8.3 EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, the right to data portability, and the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact us at info@cristosal.org.

8.4 Honduras

Honduras recognizes the right to privacy under Article 76 of the Constitution and the Ley de Transparencia y Acceso a la Información Pública (LTAIP). Individuals in Honduras may request access to and correction of their personal data by contacting us at info@cristosal.org.

8.5 El Salvador

El Salvador’s Ley de Acceso a la Información Pública (LAIP) and constitutional privacy protections (Article 2) protect individuals’ personal data. Individuals in El Salvador may request access, correction, or deletion of their personal data by contacting us at info@cristosal.org.

8.6 Guatemala

Guatemala recognizes the right to privacy under its Constitution (Article 24) and the Ley de Acceso a la Información Pública (Decreto 57-2008). Individuals in Guatemala may request access to or correction of their personal data held by Cristosal by contacting us at info@cristosal.org.

 

9. International Data Transfers

Cristosal is based in the United States. If you access the Site from outside the United States, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Site, you consent to this transfer. Where required by applicable law (such as the GDPR), we implement appropriate safeguards for cross-border data transfers.

 

10. Children’s Privacy

The Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at info@cristosal.org so we can delete it.

 

11. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no data transmission over the internet can be guaranteed to be 100% secure. We encourage you to use caution when sharing personal information online.

 

12. Links to Third-Party Sites

The Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

 

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this Policy periodically. Your continued use of the Site after changes are posted constitutes your acceptance of the revised Policy.

 

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

 

Cristosal

Email: info@cristosal.org

Website: cristosal.org

Facebook-f Instagram X-twitter

Welcome! Select your language:

English
Español