Effective January 2017
As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.
- In the course of using the Services (including a Hosted Application), we may ask you to provide us with certain personally identifiable information (“PII”) that can be used to contact or identify you and administer your account. Personal Information includes, but is not limited to, your name, phone number, credit card or other billing information, email address and home and business postal addresses. We transmit credit card information directly to our processing partners through a secure (as they exist at the time this policy is implemented) API integrated within the Site over a reasonably secure connection. We do not store any credit card details (credit card number, expiration date, Card Verification Value). We do store the user’s contact information (more details provided below).
- We use your Personal Information (in some cases, in conjunction with your Non-Identifying Information) to provide the Services, complete your transactions, administer your inquiries, and as further explained below.
- Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your Personal Information with Non-Identifying Information and aggregate these two sets of information with information collected from other YourCause digital properties to provide you with a better experience, to improve the quality and value of the Services and to analyze and understand how our Site and Services are used. We may also use the combined information to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.
- YourCause will store all collected PII until account deletion is requested by the entity contracting with YourCause to provide such services. At that point, the requested PII will be scheduled for deletion. Some data may not be erasable, such as activity listings in public activity feeds, which are made of first name and last name initial.
- We do not share your credit card information with any entity other than the payment card processor. We do not retain your credit card information.
- Personal information may be disclosed to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders.
YourCause processes donations through our partner APIs. Visit the websites for Ammado, CanadaHelps, GlobalGiving, Heartland Payment Systems, Network For Good, and United Way Worldwide for additional information related to tax deductions, tax receipt, processing fees and the privacy policies for those websites.
- Security – We use authentication cookies to ensure you only access data intended for your view and prevent unauthorized access of your credentials and information.
- Operational – URL redirection is a process by which our Site commands your browser to redirect you to a page based on the value stored in the redirection cookie we configured.
- Analytical – To better understand how our users interact with our Site and aggregate information on users’ engagement with our Services, we use an analytics tool that may store cookies on your device on our behalf
If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. The Help feature on most web browsers will tell you how to prevent your browser from accepting new cookies, how to receive notice when a new cookie is set, and how to disable cookies altogether. However, if you choose to block or delete cookies, certain features of our websites may not operate correctly and the following may occur:
- If you change the settings on your web browser, you will be presented with the consent option again the next time you visit our website.
For further information about deleting or blocking cookies, please visit: http://www.allaboutcookies.org/manage-cookies/.
All registered users may review, update, correct or delete the Personal Information in their registration profile by contacting YourCause and/or the appropriate individuals at their employer. If a user’s profile information is deleted, then the user’s account will become deactivated. If you would like us to delete your record in our system, please contact us with a request that we delete your Personally Identifiable Information from our database. We will use commercially reasonable efforts to honor your request and will work with the employer contracting with YourCause to ensure your data is properly removed within a reasonable time (though some information may not be erasable, as described above). We may retain an archived copy of your records as required by law.
At YourCause, we are very concerned with safeguarding all information, as the protection of the data you share with us is very important. All sensitive data you transmit to us via our Site is encrypted using industry standards as they exist at the time this policy is implemented both in transit over HTTPS using the Transport Layer Security protocol (“TLS”) and at rest using Transparent Data Encryption and other encryption standards of data at rest.
All sensitive data we collect from you (such as credit card information for the purpose of making a donation) is encrypted and transmitted to our processing partner when applicable, in a reasonably secure manner (where the data is encrypted over TLS using the Advanced Encryption Standard with a key length of 256 bits). You can verify the connection security by looking for a lock icon on your browser address bar.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your electronically stored PII in accordance with appropriate legal or regulatory requirements, taking into account the need to accommodate (i) legitimate requests by law enforcement and (ii) any measures reasonably necessary to investigate the scope of the breach and restore the reasonable integrity of the data system.
YourCause recognizes that the EU has established certain protections regarding the handling of EU Personal Data, including requirements to provide adequate protection for EU Personal Data transferred outside of the EU. To provide adequate protection for certain EU Personal Data about corporate customers, clients, suppliers, and business partners received in the US, YourCause has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (“Privacy Shield”).
You may direct any complaints pertaining to our collection and/or use of your information to us at: firstname.lastname@example.org or by mail at YourCause Security Office 6111 West Park Blvd. Suite 1000 Plano Texas, 75093. In compliance with the EU-U.S. Privacy Shield Principles, YourCause commits to resolve complaints about your privacy and our collection or use of your personal information within 45 days. If you are unsatisfied with the resolution of your complaint, please contact the independent recourse mechanism listed below:
- HR Data Recourse Mechanism
If a complaint involving HR data remains unresolved, individuals should contact the state or national data protection or labor authority in the jurisdiction where the individual works for resolution. YourCause commits to cooperate with the competent European Union Data Protection Authorities (DPAs) and comply with the advice given by such authorities with regard to data transferred from the EU including human resources data transferred from the EU in the context of the Services offered by YourCause. In the event that YourCause or the DPAs determine that YourCause did not comply with this Policy or Privacy Shield principles, YourCause will take appropriate steps to address any adverse effects and to promote future compliance, comply with any directive given by the DPAs where the DPAs have determined that YourCause should take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Privacy Shield principles. A listing of all EU Data Protection Authorities (“DPAs”) is located at:
- Non-HR Data Recourse Mechanism
YourCause has committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to PrivacyTrust, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit PrivacyTrust’s dispute resolution portal at https://www.privacytrust.com/drs/applicable for more information or to file a complaint. The services of the PrivacyTrust are provided at no cost to you.
Finally, as a last resort and in limited situations, a binding arbitration option will also be made available to EU individuals to address residual complaints not resolved by any other means.
The EU-U.S. Privacy Shied Framework applies to all personal information received by YourCause and emanating from the EEA (collectively “EU Personal Data”), in any format, including electronic, paper or verbal. This policy is applicable to all YourCause entities in the United States.
The privacy principles in this Policy have been developed based on the EU-U.S. Privacy Shield Framework.
YourCause is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
YourCause may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Where YourCause collects personal information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses personal information about them, the types of non–agent third parties to which YourCause discloses that information, the choices and means, if any, YourCause offers individuals for limiting the use and disclosure of personal information about them, and how to contact YourCause. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to YourCause, or as soon as practicable thereafter, and in any event before YourCause uses or discloses the information for a purpose other than that for which it was originally collected.
Where YourCause receives personal information from its subsidiaries, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
YourCause may offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, YourCause will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
YourCause will provide individuals with reasonable mechanisms to exercise their choices.
YourCause will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. YourCause will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
In cases YourCause leverages the use of onward transfer to third parties of Personal EU Data, YourCause is potentially liable and will obtain assurances from its agents that they will safeguard EU Personal Data consistently with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Privacy Principles, certification by an agent, or being subject to another European Commission. Where YourCause has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, YourCause will take reasonable steps to prevent or stop the use or disclosure.
Upon request, YourCause will grant qualified and approved individuals reasonable access to EU Personal Data that it holds about them. In addition, YourCause will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
YourCause will exercise generally acceptable industry standards coupled with commercially reasonable precautions to protect EU Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
YourCause will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that YourCause determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
EU Personal Data will not be processed in a way that is incompatible with or materially different from the purposes for which it has been collected or subsequently authorized by the individual. Reasonable steps will be taken to ensure that EU Personal Data is reliable for its intended use, accurate, complete and current. Further, all EU Personal Data will be retained only for as long as it serves the purposes for which it was collected or subsequently authorized by the individual.
Adherence by YourCause to all the aforementioned Policies and Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Our Services, from time to time, may contain links to other websites. If you choose to click on another third-party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise complete control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
The Site and Services are not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.
In connection with a business transaction where an entity acquires all or substantially all of the business or assets of YourCause, whether by merger, acquisition, or reorganization or in the event of bankruptcy, YourCause may transfer to or otherwise share with such acquiring entity, all data associated with the product and services provided by YourCause, subject to any agreements between the Company and YourCause.
Questions or comments regarding this Policy should be submitted to the YourCause Security Office by mail to:
YourCause Security Office
6111 W. Plano Parkway – Suite 1000YC
Plano, Texas 75093