The Multidisciplinary Association for Psychedelic Studies (“MAPS” “we,” “us,” or “ours”) is an IRS-approved 501(c)(3) non-profit educational organization, and with more than 65,000 visitors a month to maps.org, there is safety in numbers. Our visitors span the spectrum from psychedelic and medical marijuana users to scientists, law enforcement, educators, researchers, doctors, therapists, patients, and students.
We are committed to safeguarding your information and respecting your preferences.
Updated: September 2021
This privacy notice (this “Privacy Notice”) describes how we collect, use, and share information that can reasonably be used to identify a natural person directly or indirectly (“Personal Information.”) It applies to Personal Information collected by us or provided to us through any means except for the following information:
- Information about our employees, contractors, agents, and job applicants.
- Information collected by our subsidiary MAPS Public Benefit Corporation (MAPS PBC). You can read MAPS PBC privacy notice here.
- Information collected from individuals who volunteer for MAPS-sponsored clinical research projects. You can read our MDMA/PTSD policy here.
We encourage you to read this Privacy Notice in its entirety before using our Websites or submitting Personal Information to us. If you choose to provide us with your Personal Information, you are telling us you understand and accept the practices detailed in this Privacy Notice.
We update this Privacy Notice from time-to-time. Our notices are effective when posted. As required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Privacy Notice under which it was collected.
If you have any questions, please contact us using the details below.
When Do We Collect Information?
We collect information when you provide it to us, when you interact with us (including interacting through social media), when you use our Websites, and in some instances through third parties that act as our service providers.
Please note that our Websites may link to a limited number of other websites or applications. MAPS is not responsible for the practices of these third-party websites and applications.
Use of our Websites
We automatically obtain certain information when you use our websites. However, MAPS endeavors to not track the activity of our supporters in any personally identifiable way. For example:
- MAPS uses Matomo, an open-source alternative to Google Analytics (GA). This is to reduce the amount of information that is being collected and stored about our supporters, while still empowering us to gain insights into how our website is being used. However, some of our third-party providers use GA, and they are therefore collecting information about your activity, including your IP address. IP anonymization is a requirement of GDPR – with which all our providers have pledged compliance – but we encourage all of our supporters to learn more about Google Analytics. Google has also provided a tool for opting out of Google Analytics that can be installed on all major browsers.
- We do not use the Facebook Pixel, but some externally hosted or embedded services do engage in tracking for their own analytics purposes, as explained above. If you want to block tracking beacons and gain greater control over targeted ads, consider installing a tool like Ghostery or Privacy Badger, the latter of which is maintained by the Electronic Frontier Foundation (EFF) – the leading nonprofit defending digital privacy, free speech, and innovation.
Information you provide to us
You may give us Personal Information when:
- you use our web or interact with us or our representatives
- you donate to us
- you sign up for or participate in one of our resources or events
- we communicate with each other
- you sign up for email newsletters
- you sign up for our mailing list or newsletters
- you order products from us and/or have them shipped to you or others
- you leave a comment on one of our social media feeds.
We may obtain Personal Information about you from your social media accounts or services when you choose to interact with us (for example, when you log in to leave a comment on a social media platform such as Facebook, Instagram, YouTube, LinkedIn, Reddit, Twitch, TikTok, and Twitter.)
In some cases, we hold publicly available information from social media platforms (such as social media handles or number of followers) on our systems. Should we want to reach out to a particular social media handle, we would do so using the contact information provided publicly.
Please check your settings and the privacy policies of the social media you use for more information. Please check your settings and the privacy policies of the social media platforms you use for more information.
Information Obtained from Third Parties
We may obtain your Personal Information via third parties. For example:
- When you donate to us via an online tool and you have given your consent to process the donation, the fundraising platform that processes your donation provides us with information about you and about how the donation was made. Please check their privacy policies when you give them your information.
- The email platform we use to communicate with you collects information on (i) who opened the email and (ii) what content was clicked. This allows us to determine which stories are popular and to better tailor our communications in the future. The data is aggregated and not used for personal identification.
Information We Collect When you Volunteer with us
If you volunteer with us or sign-up for our events, we will usually collect your:
- Full name
- Email address
- Telephone number
- Financial information
- Mailing information
- City, state/province, country
Information We Collect When you Purchase a Product from us
If you purchase a product from us, we will usually collect:
- Full name
- Contact information (e.g. email address, telephone number)
- Financial information
- Shipping address
- Payment information
Information We Collect When you Use our Websites
When you use our websites, we automatically collect usage information which may include:
- your IP address and other unique identifiers
- information about your browser and operating system
- referring and exit web pages and URLs
- time and day you visit our websites
- pages of our websites that you visit
- your device characteristics
Information We Collect When you Contact us
If you contact us through our website contact form or directly email us, we usually collect your:
- contact information (e.g. email address, telephone number)
- content of communications (e.g. the content of an email or any information you provide to us in your comments or voluntary feedback forms.)
Information We Collect When you Donate
When you donate to us you may be asked to provide:
- Your name, address, and financial information (which are handled by payment processors used by our digital donor platform).
- the address associated with the donation
Please note that some surveys do not require a sign-up process and, where appropriate, we collect information through surveys in an anonymous way.
How Do We Use Personal Information?
In general, we use Personal Information to:
- process and acknowledge your donations to MAPS activities (through our digital donor platform)
- send you personalized updates and other communications, including marketing and advocacy communications
- answer your inquiries
- keep a record of your engagement with us
- improve our services, provide technical support, address problems with our Websites, and protect their security and integrity
- comply with legal requirements that apply to us
Depending on the reasons for which you are providing the data to us, additional uses as listed below may apply:
Information Provided through Online Forms, Feedback Forms, and Surveys
We may use your Personal Information to respond to your questions or requests. We use surveys to understand how our websites are used, who uses our services, and who visits our websites. This helps us create a better platform and make our Website easier to use.
Information Related to Donations
We use service providers and third-party platforms to process your donations. These service providers and party platforms store your financial information to process and keep a record of your donation.
Marketing and Outreach
We use Personal Information to update you about MAPS and to let you know how your support makes a difference. We will always respect your preferences and endeavor to send you information that you might find interesting, in the format you prefer.
The types of communications that you may expect to receive from us include:
- Updates on MAPS activities and initiatives, such as events
- Surveys to assess if we are meeting your needs
- Fundraising appeals
- Career opportunities
- Program updates
- Research updates
- Policy updates
- Annual reports
- Volunteer opportunities
- Study recruitment updates
- Training updates
- Zendo Project updates
For email marketing communication, you can update your preferences anytime or opt out of marketing communications by using the link in the footer of each email. You may also e-mail us at communications@MAPS.org to inform us about your preferences at any time.
We may repost or share your posts on social media if the content relates to MAPS and our work. We may also respond to questions, queries, or comments left on our social media channels. To do this, we may use information found on your public profile. Please check your social media account preferences if you want to change the information you make public.
Our websites use “sharing buttons” which share our web pages to social media platforms. Please be aware that when you use these buttons, social media platforms may track these shares through your accounts.
Who Has Access To Your Personal Information?
Our trained staff, MAPS-controlled affiliates and subsidiaries and organizations that partner with us have access to your Personal Information as required to conduct our operations. We also share data with vendors and, in limited circumstances, with third parties.
The information we hold about you is accessible by trained staff, volunteers, and contractors. We regularly review who has access to the information and do comprehensive checks on any contractors before we work with them.
We share Personal Information with our fully-owned subsidiaries as reasonably necessary to pursue our mission in a manner that is consistent with your expectations. For example, we share the Personal Information of individuals who volunteer to participate in MAPS-sponsored clinical research projects with MAPS Public Benefit Corporation (MAPS PBC).
We may share your information with other like-minded organizations that partner with us and support our fundraising efforts. For example, when you donate money for a program sponsored by partner organization, we may share information about your donation with that organization. However, we will not sell or exchange under any circumstances your payment information with any organization other than the service providers that help us process your donations or payments.
We endeavor to carefully choose our partners, and expect them to respect your preferences just like we do.
We use other companies to help us manage and store Personal Information, and to carry out certain activities on our behalf. These may include service providers that (a) conduct research and analytics; (b) create content; (c) host our websites; (d) handle donations; (e) maintain our databases, or (f) otherwise provide support to us.
We do comprehensive checks on any vendors that may have access to your Personal Information before we work with them. We always put a contract in place that sets out how they manage the Personal Information they collect or have access to.
Our main vendors are listed below, but we may enlist the services of others from time to time. Prior to engaging with a vendor, we review and verify their security and privacy policies to ensure your data will not be shared indirectly with a third-party.
- Stripe and PayPal: Payment processing services for donations and product sales.
- WooCommerce: E-commerce sales for our products and events.
- Mailchimp: Email communications.
- JotForm: Forms to collect information and event registrations.
- Airtable: Manage user databases for our programs and events.
- Salesforce: Manage user databases for our fundraising, programs, and events.
- Neon CRM: Manage user databases for our fundraising, programs, and events.
- Formsite: Forms to collect application information and event registrations.
- Quickbooks: Accounting software
- WordPress: content management system
- Jetpack: Website hosting service
- Pressable: Website hosting service
- Office 365: documents, spreadsheets, emails, forms
- Google: Surveys, document management.
- Zendesk: Customer service management
- Amazon Web Services (AWS) – cloud hosting for our websites and media
Other Third Parties
We may be required to disclose your Personal Information to the government or to third parties pursuant to mandatory court orders, subpoenas, and similar requests. We may also disclose your Personal Information when we otherwise believe in good faith that such disclosure is necessary or appropriate in connection with activities that violate the law or may expose us to liability.
We may transfer Personal Information in the event of a change of control. For example your Personal Information could be shared with third parties if we were to merge with a different organization or in connection with transfers made as part of insolvency or bankruptcy proceedings.
In any event, we will endeavor to ensure that any Personal Information transferred by us to third parties is processed in a manner consistent with this Privacy Notice.
How Do We Keep Your Information Safe?
We use appropriate technical and organizational measures and precautions in order to protect your information and to prevent the loss, misuse, or alteration of your Personal Information.
While we work to keep the information about you safe, we cannot guarantee its security.
How Long Do We Keep Personal Information?
We retain Personal Information only for as long as necessary for the purposes for which the data was collected, except where necessary to: meet our legal obligations; to establish, exercise, or defend potential legal claims; or to pursue other legitimate interests.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
How Can I Access, Change Or Erase Personal Information?
If you want to access, change, or erase your Personal Information, please email email@example.com.
Residents of The European Economic Area (EEA) and the UK
Under EU and UK data protection law, we are required to provide the additional disclosures in regards to the identity of the controller, the lawful basis for processing, and the rights of individuals under EU and UK data protection law.
Identity of the Controller
MAPS acts as the controller of your Personal Information under EU law and is responsible for its processing.
Under EU and UK law, organizations must have a “lawful basis” to collect, use, and share Personal Information. The law allows for six ways to process Personal Information (and additional requirements apply for special categories of Personal Information) and the following three ones are the most relevant to the types of processing that MAPS carries out:
Consent: The consent of the person to whom the Personal Information relates can serve as a basis for certain processing activities (e.g., to send you direct marketing by e-mail.) Where your consent is the basis for our processing of Personal Information, you may decline to give consent, or withdraw it at any time.
Legal obligation: We process under legal obligation where necessary in order to comply with a legal obligation imposed by EU or Member State law (e.g., to comply with our obligations as a not-for-profit to report fundraising.)
Legitimate interest: Under EU and UK law, Personal Information may be legally collected and used if necessary in order to advance our legitimate interest or the legitimate interest of a third party as long as the use is fair and any potential adverse impacts to the rights of the individual concerned are justified. Our legitimate interests include:
Charity Governance; including delivery of our charitable purposes, statutory and financial reporting, and other regulatory compliance purposes;
Administration and operational management; including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers, and employment and recruitment requirements.
Fundraising and Campaigning; including administering campaigns and donations, and sending marketing.
Cross-border transfers: We do transfer your Personal Information outside the European Economic Area (“EEA”) and the UK, including to the US. You may request a copy of the EU Standard Contractual Clauses or other relevant international transfer documentation by contacting us using the contact details below.
Rights of individuals: Under EU and UK data protection laws, data subjects have the following rights in relation to their Personal Information:
Right to request details: about the Personal Information that we process, and obtain a copy of the data that we hold about them
Correct or update their Personal Information subject to the above
Port Personal Information that the data subject has provided to us, in machine readable format, to another supplier
Erase the data that we hold about them in some cases
Restrict processing in some cases
Object to processing:
Based on grounds relating to the individual’s particular situation, where the processing is based on legitimate interest, and
Where Personal Information is being processed for direct marketing purposes
Data subjects also have the right to submit a complaint concerning our processing to the appropriate EU supervisory authority.
If you disagree with our use of your Personal Information on the basis of a legitimate interest, please get in touch with us using the details below.
How To Contact Us
This Privacy Notice was prepared to be as comprehensive as possible, but it does not include an exhaustive list of every aspect of our collection and use of Personal Information. However, we would be happy to provide any further information or explanation about our practices.
If you have any questions, comments, or suggestions, please let us know by contacting us at firstname.lastname@example.org.