Security

YourCause takes all necessary actions to protect the information and data shared through the products and services provided to clients and users alike, including CSRconnect and YourCause.com. Coupled with additional policies, which are also published to the public, the following policy covers the privacy policies.

These terms govern your use and access of the YourCause platform. If you use and access our platform, you are agreeing to these terms. Coupled with additional policies, which are also published to the public, the following policy covers the terms of use.

To minimize any risk of our customers’ data, we conduct all vulnerability testing on a quarterly basis by using independent security researchers. Keeping our customers’ data secure is our number-one priority and any possibility of potential violations are reported to us.

To protect our network, data and system’s integrity, YourCause uses Alert Logic Threat Manager to assess any possible vulnerabilities and/or threats of intrusion. In this age, you cannot always protect data from outside intruders with just a password and firewall, so we amp our security measurements by using an Intrusion Detection System to locate and terminate any malicious activity.

Our security policy protects people and information by setting the rules for expected behavior from our users, system administrators, management and security personnel. That being said, each employee of YourCause has signed and agreed to the following policy to help minimize risk and track compliance with regulations and legislation.

The Information Sensitivity Policy helps YourCause employees determine what information is allowed to be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclosed outside of YourCause without proper authorization.

The YourCause Ethics Policy reflects the high standard of business conduct that represents the hallmark of our organization. Our Ethics Policy affirms our commitment to not merely obeying the law, but also to conduct our business with integrity and without deception.

What is GDPR? The General Data Protection Regulation (GDPR) is the replacement for the Data Protection Directive 95/46/EC which was originally enacted in 1995. The GDPR gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, what data is being collected, access to that data, and to purge it on request. The GDPR is a data privacy regulation that modernizes and normalizes data privacy laws across Europe and applies to any organization collecting data on EU citizens.

 

YourCause and GDPR – YourCause ensures that it will comply with all Data Processor requirements under the GDPR by May 25, 2018 by implementing appropriate security measures to protect the sensitivity of each person’s data, providing a system to seek the consent of data subjects, creating procedures to notify our clients of any security breaches, updating our contracts and policies, and appointing a Data Protection Officer (DPO).

YourCause will ensure that it allows the erasure or deletion of specific personal data and puts in place measures to fully implement any erasure or deletion request within the timeframe required by the Data Controller and applicable law. Upon termination for any reason of the provision of services, YourCause will immediately cease processing the personal data. At the Data Controller’s request, YourCause will either return or delete the personal data from our system.

In the event of a data breach, YourCause will notify the relevant Data Controller of any breach without undue delay once we learn of any breach.

As a Data Processor, YourCause uses a standard GDPR Agreement. You can download this agreement here. This agreement is posted as of May 18, 2018, and last updated on May 18, 2018.