Information We Collect
When you use the Sites, we collect and/or process the following types of data:
“Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. We collect Personal Data that you provide to us when you register for an Account (as defined below) on our Sites; submit a donation; make a purchase; subscribe to one of our newsletters; contact us via phone, email, postal mail, or other means; chat with us on our Sites; or respond to our communications to you (e.g., surveys, requests for feedback). This may include your first or last name, email address, social media usernames, telephone number, mailing address, billing address, payment information, organization name, geolocation information, or your IP address. We may also collect demographic information such as gender, nationality, ethnic origin, interests or preferences, business or company information, professional experience, educational background, professional or personal reference contact information, or social media URLs. Some information may be used in Account or password recovery processes. In the European Economic Area (“EEA”), Personal Data includes an identification number, location information, and/or an online identifier.
“Non-Personal Data” does not identify you, but provides insights regarding your use of the Sites. We collect Non-Personal Data that may include information about your use of the Sites, including but not limited to, Internet connection information, computer equipment information, web browser specifications, websites visited before accessing our Sites, websites visited after leaving our Sites, other similar information about traffic and usage as you navigate to, through, and away from our Sites, chat interactions on the Sites (including text exchanged during the interactions), donation amounts and frequencies, items purchased, purchase histories, information you post or otherwise submit to the Sites, or emails you send to us.
Non-Personal Data that we collect may also include “Log Data.” Log Data refers to certain information about how a User (including both Users with an Account and without an Account) uses our Sites. Log Data may include the pages or features of the Sites to which a User browsed and the time spent on those pages or features, the frequency with which the Sites are used by a User, search terms, the links on our Sites that a user clicked on or used, and related timestamps.
You may be given the option to receive push notifications while using our Sites. In order to serve push notifications, we may need to collect your IP address and a persistent identifier from your device. You can turn off push notifications in your device settings.
Personal Data and Non-Personal Data are collectively referenced as “Data.”
We may also determine location information about you based on information in your Internet connection data or provided by your ISP (e.g., your IP address).
Third-Party Social Networking Service(s)
If you choose to access, visit, and/or use any third-party social networking service(s) that may be integrated with our Sites, we may receive your Personal Data and other information about you and your computer, mobile, or other device that you have made available to those social networking services, including information about your contacts through those services. For example, some social networking services allow you to push content from our Sites to your contacts or to pull information about your contacts so you can connect with them on or through our Site. Some social networking services also will facilitate registration or enhance or personalize your experience on our Sites. This includes if you “follow,” “like,” or link your social networking account to our Sites. Your decision to use a social networking service in connection with our Sites is voluntary. However, you should make sure you are comfortable with the information your third-party social networking services may make available by reviewing privacy policies of those providers and/or modifying your privacy settings directly with those networking sites/services.
Use of Information
For Legitimate Interests. We use Non-Personal Data collected by clickstream information collection, web pixels, and cookies to store your preferences, improve website navigation, make personalized features and other services available to you, to generate statistical information, monitor and analyze user traffic and usage patterns, monitor and prevent fraud, investigate complaints and potential violations of our policies, to improve the our content and the products, services, materials, and other content that we describe or make available through the Sites, and otherwise help administer and improve the Sites.
We may identify you from your Personal Data, and we may merge or co-mingle Personal Data and Non-Personal Data. Except as otherwise stated, we may use information we collect from you for the legitimate business purpose of providing our services to you, including, but not limited to:
- operating, maintaining, and providing to you the features and functionality of our Sites;
- send you Sites-related notices, including notifications about our Sites or Organization, newsletters, changes to the Sites or Organization, or other information;
- establishing Accounts for Users to use the Sites;
- validate your username, e-mail, password, and/or other login credentials;
- customizing the Sites-related content to your preferences;
- responding to your requests and provide user support;
- processing your donations to us;
- providing you with merchandise or services you have requested or purchased from us;
- evaluating and improving the content of our Services;
- checking on your Account status and maintaining record of activities in connection with your use of the Sites;
- evaluating job candidates;
- processing your requests to get involved with the Organization, including signing up for volunteer opportunities;
- enforcing our agreements, terms, conditions, and policies;
- working with our service providers who perform certain business functions or services on our behalf and;
- preventing or investigating fraud (or for risk management purposes);
- complying with a legal obligations, court order, or in order to exercise our legal claims or to defend against legal claims;
- conducting aggregate or research analysis and developing business intelligence that helps us to enhance, operate, protect, make informed decisions and report on the performances of our Sites;
- notifying of contest or sweepstakes results;
- sending e-mail and postal mail supplying the most recent service information or sending you information about an order (e.g., order confirmations, shipment notifications, etc.); and
If you are a user accessing our Sites from within the EEA and we have collected your Personal Data (such user herein referred to as a “Data Subject”) and we have obtained your consent, we may also use your Data in the following ways; and, if you are a citizen of any other jurisdiction, you acknowledge that we may use your information in the following ways:
- to share your information with our corporate parents, subsidiaries, other affiliated entities, and associated entities;
- to send e-mail and postal mail to provide you with updates and news;
- to process any request you make; and
- to process the commercial transaction for which you provided Information.
Consent. In addition, we use third‐party e‐mail providers to deliver communications to you. This is an opt-in e-mail program. If you no longer want to receive these e-mail communications, you may opt-out of receiving e-mail communications through the “Update your preferences” link in our emails or by contacting us at email@example.com.
We may, from time to time, invite you to participate in online surveys. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, purchase history, and purchase intent regarding products, events, and the Sites. The information collected by these surveys is used to research market trends, company growth, community needs, etc. Your input will help us to improve customer experience and shape development of our products and Services.
How We Share Information
We share your Data in the following ways:
- We will not sell or rent your Personal Data to third-parties.
- We may store portions of your Data in locations outside of the direct control of the Organization (e.g., on servers or databases co-located with service providers).
- Any Data that you voluntarily disclose for posting to the Sites becomes available to the public. In some cases, this posted Data may be controlled by privacy or website customization settings. If you remove Data that you posted to the Sites, copies may remain viewable, for example, in cached or archived pages or if other Users have copied or saved that Data.
We may share your Data with the following parties:
- Service providers that help us administer and provide the Sites (for example, a web hosting company whose services we use to host our platform). These third-party services providers have access to your Personal Data only for the purpose of performing services on our behalf. We require that any third-party service providers limit their use of your Data solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Data and not make unauthorized use or disclosure of the Information. A list of service providers is provided in Section 4, below;
- Certain third parties that provide us with grants. In some cases, these third parties ask us to identify the top Users or organizations that donate to us. Whenever we share Data with these grant-providing third parties, we enter into agreements with these third parties that they keep the Data received from us confidential and that they use the Data only for the purpose of providing us with grants.
- As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g., name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence; and
- Pursuant to your express consent.
Donors. If you choose to make a donation, whether through features on the Sites or through other means made available by us, we will not share, sell, or rent your personal information to third parties except as necessary for purposes of processing the payment. We also will not use any information you provide to us to send you mailings on behalf of third parties.
Third-Party Service Providers
We use third-party service providers to help us operate our Sites, who may collect, store, and/or process the information detailed herein. We allow access to our Sites and databases by third parties that provide us with services, such as technical maintenance, market research, shopping functionality, and ads functionality, but only for the purpose of and to the extent necessary to provide those services.
If you choose to make a donation or purchase products and/or services on or through features on the Sites, we may forward your information to third parties for services such as credit card or other payment processing, order fulfillment, credit pre-authorization, and address verification. There are also times when you provide information about yourself to us in areas of the Sites that may be managed or participated in by third parties. In such cases, the information may be used by us and by such third party, each pursuant to its own policies.
We use the following third-party service providers:
Active Campaign. We use Active Campaign e-mail marketing services to send mass communication e-mails to Users. We track how Users open these e-mails and what links they click so that we can better serve customers with services and information that they find relevant. When you “subscribe” to one of our mailing lists, you agree to receive e-mails and other information from us. Upon receiving an e-mail from us, you may choose to opt-out of future e-mail messages, in accordance with the CAN-SPAM Act of 2003 by clicking the “Update your preferences” option at the bottom of our e-mails and following Active Campaign’s simple opt-out procedure. You can learn more about Active Campaign’s privacy policies at its website https://www.activecampaign.com/privacy-policy/.
Authorize.net. We sometimes utilize Authorize.net to process some payment transactions. Newer Users do not use the Authorize.net service. If you make a donation using Authorize.net, you provide Personal Data together with your payment information (including but not limited to, your credit card number). You can learn more about Authorize.net’s privacy policies at https://www.authorize.net/about-us/privacy/.
Drift. We use Drift on our Sites to provide Users a way to chat with us in real time. Drift uses artificial intelligence to automatically interact with Users and can switch the conversation to a real person if needed. When you use Drift to chat with us, you provide your name and email address, which we store. To learn more about Drift’s privacy policies, visit https://www.drift.com/privacy-policy/.
Drip. We use Drip e-mail marketing services to send mass communication e-mails to Users. We track how Users open these e-mails and what links they click so that we can better serve customers with services and information that they find relevant. When you “subscribe” to our mailing list, you agree to receive e-mail advertisements and other information from us. Upon receiving an e-mail from us, you may choose to opt-out of future e-mail messages, in accordance with the CAN-SPAM Act of 2003 by clicking the “Update your preferences” option at the bottom of our e-mails and following Drip’s simple opt-out procedure. You can learn more about Drip’s privacy policies at https://www.drip.com/privacy.
Foxycart. We sometimes use Foxycart to execute software in making purchases and processing payments. Newer Users do not use the Foxycart service. If you make a donation using Foxycart, you provide certain Personal Data so Foxycart can process your purchase. This may include your name, contact information, billing information, or payment information. You can learn more about Foxycart’s privacy policies at https://www.foxy.io/privacy-policy.
Google Analytics. We have enabled Google Analytics to collect data about our traffic through the use of Google Advertising cookies and other anonymous identifiers. We use Google Analytics cookies and other cookies to compile data to better understand Users and provide Users with a more tailored experience. You can opt out of Google Analytics by visiting Google’s Opt-Out Browser Add-on website https://tools.google.com/dlpage/gaoptout.
Google Tag Manager. We use Google Tag Manager to manage tags we place on our Sites for tracking and analytics purposes. These tags include Web Beacons and tracking pixels. To learn more about Google Tag Manager’s privacy policies, visit https://policies.google.com/privacy?hl=en.
Google Optimize. We use Google Optimize to perform A/B testing (presenting different versions of the same resource, such as a webpage, to see which version performs better). Google Optimize integrates with Google Analytics to present us with User Data regarding Users’ experience with the different versions of the resource. You can learn more about Google Optimize’s privacy policies at https://policies.google.com/privacy?hl=en.
Gravity Forms. We use Gravity Forms as a WordPress plugin to provide web forms we use on our Sites. When Users submit data using a web form, Gravity Forms may send a portion of that data to other third-party service providers integrated with the forms, such as our CRM or email marketing service(s). Gravity Forms may collect some data you submit via its forms. You can learn more about Gravity Form’s privacy policies at https://www.gravityforms.com/privacy/.
Heroku. Heroku is a Salesforce service that provides us a cloud platform where we run code that performs some of the functionality on our Sites. We also use Heroku to store some User Data in Heroku’s database. You can learn more about Heroku’s privacy policies at https://www.salesforce.com/company/privacy/.
HotJar. We use HotJar to collect information from your browser and computer device in order to capture and analyze User behavior on our Site. The software allows us to track and monitor such actions as clicks, taps, and scrolling behavior. The information obtained by HotJar is stored on HotJar servers. You can learn more about HotJar’s data collection practices at its website https://www.hotjar.com/privacy.
MailChimp. We use MailChimp e-mail marketing services to send mass communication e-mails to Users. We track how Users open these e-mails and what links they click so that we can better serve customers with services and information that they find relevant. When you “subscribe” to our mailing list, you agree to receive e-mails and other information from us. Upon receiving an e-mail from us, you may choose to opt-out of future e-mail messages, in accordance with the CAN-SPAM Act of 2003 by clicking the “Update your preferences” option at the bottom of our e-mails and following MailChimp’s simple opt-out procedure. You can learn more about MailChimp’s privacy policies at its website https://mailchimp.com/legal/privacy/.
NationBuilder. We use the NationBuilder platform to organize our Users, community members, supporters, and prospects. When you visit our Sites, NationBuilder may send you one or more cookies, which help you log in faster and enhance your navigation experience on the Sites. You can also read about how the NationBuilder service interacts with your information at www.nationbuilder.com/privacy or www.nationbuilder.com/confidentiality.
PayPal. We utilize PayPal to process payment transactions. When you make a purchase, by selecting PayPal, you might be required to provide Personal Data together with your payment information (including but not limited to, your credit card number), or you might choose to connect with your PayPal account. PayPal collects the information you enter and stores that information on its website. To learn more about PayPal’s policies, you can visit its website https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Profitwell. We use Profitwell to provide us with User metrics, facilitate donations, and communicate with donors. We also use Profitwell to send transactional emails, for example, when a user makes a purchase or a donation. You can learn more about Profitwell’s privacy policies at https://www.profitwell.com/privacy-policy.
Salesforce. We use Salesforce as our customer relationship management (CRM) software. We use Salesforce to store Data regarding a User’s donation or purchase such as name, contact information, and donation/purchase history. We also store customer support interaction in Salesforce. You can learn more about Salesforce’s privacy policies at https://www.salesforce.com/company/privacy/.
SendGrid. We use SendGrid’s e-mail services to send transaction e-mails to Users, for example, to notify a User that the credit card he or she uses for recurring donations is about to expire. We track how Users open these e-mails and what links they click so that we can better serve customers with services and information that they find relevant. You can learn more about SendGrid’s privacy policies at https://sendgrid.com/policies/privacy/.
Sentry.io. We use Sentry.io to notify us of bugs or errors in our Site’s code and code related to the functionality of our Sites. Sentry.io may collect some User Data in order to give us more information about the error and user encountered or triggered. Sentry.io may send us some Log Data associated with a user that triggered an error. For Sentry.io’s privacy policies, visit https://sentry.io/privacy/.
Shopify. We use Shopify to execute software used in making purchases and to store purchasing data. Our CRM may also pull data from Shopify to store in our CRM database. When you purchase a product or service from us, you provide certain Personal Data so Shopify can process your purchase. This may include your name, contact information, billing information, or payment information. To learn more about Shopify’s privacy policies, visit https://www.shopify.com/legal/privacy.
Stripe. We utilize Stripe to process payment transactions. When you make a purchase, by selecting Stripe, you will be required to provide Personal Data, together with your payment information (including but not limited to, your credit card number). Stripe collects the information you enter and stores that information on its servers. To learn more about Stripe’s policies, you can visit its website https://stripe.com/us/legal/.
We take reasonable steps online and offline to safeguard the Personal Data that you provide to us, including:
- hosting your Personal Data with enterprise-grade service providers that use Secure Sockets Layer (SSL) encrypted connections (HTTPS), secure multi-tiered firewalls, encryption, secure cloud-based environments, server authentication, and industry-standard firewalls;
- using password managing software to manage our passwords; and
- using two-factor authentication to access backend systems.
It is common knowledge that transmission of information via the Internet is not wholly secure, and we cannot guarantee the security of your Personal Data, or any other information, transmitted to or through any of our Sites. Any transmission of Personal Data, or other information, is at your own risk. By using our Sites, you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Sites. Any transmission of information is at your own risk.
If you have any questions about security on our Sites, or if you become aware of any unauthorized use of an Account, loss of your Account credentials, or suspect a security breach, notify us immediately via firstname.lastname@example.org. If our security system is breached, we will notify you of the breach to the extent required under applicable law.
Rights to Your Personal Data
You may change, edit, update, or delete the information that you provided when you set up your Account through our Sites through your Account settings. You may also request the deletion of this information by sending an e-mail to email@example.com. If you access our Sites from certain jurisdictions, such as the EEA, you may have additional rights and options with regard to accessing, reviewing, correcting, and updating your Personal Data, as well as how we use and disclose your Personal Data.
As a Data Subject, you have the right to request access to your Personal Data as it exists in our records by logging into the Account you have created for yourself on the Sites or e-mailing us firstname.lastname@example.org. You also have the right to rectification, correction, or amendment of your Personal Data if it is inaccurate or incomplete. You may also have the right to erasure of your Personal Data; however, this is not always possible due to legal requirements and exceptions may apply. Please note that if you request erasure of your Account, we, in complying with your request, may also delete any and all data that has been submitted to us through our Sites. It is your responsibility at all times to ensure that you are in compliance with all applicable rules, policies, and regulations at the institutional, administrative, and federal levels regarding retention of data.
A Data Subject may have the right to object to the processing of his or her Personal Data, for example, due to his or her particular situation, for direct marketing uses, or for scientific or historical research. In certain circumstances, Data Subjects may have the right to obtain a restriction on our processing of their Personal Data, in which case such Personal Data will, with the exception of storage, only be processed with the Data Subject’s consent or in circumstances such as our exercise or defense of legal claims or the protection of another person. Data Subjects may also have the right to request that we provide data portability for their Personal Data via a copy of the data in a commonly-used format and/or transfer their Personal Data directly to another data controller (where technically feasible). Exceptions to these rights may apply, for example, if the processing is necessary for a task carried out in the public interest. Finally, if a Data Subject has given his or her consent to our processing of his or her Personal Data for certain purposes, he or she has the right to withdraw consent to such use at any time by contacting us via the contact information below.
If you are not satisfied with how we manage your Personal Data, you have the right to make a complaint to a data protection regulator. A list of National Data Protection Authorities can be found here.
Following termination or deactivation of your Account, we may retain your Data for a reasonable amount of time for archival purposes. Furthermore, we may retain and continue to indefinitely use your Data contained in your communications to other Users or posted in public or semi-public areas of the Sites.
Geographic Data Transfers
In some instances we may need to transfer your Personal Data across borders. In all cases, we take steps to ensure that transfers of such Personal Data are performed in accordance with applicable law and carefully managed to protect your privacy rights and interests. Transfers are limited to countries that are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. Therefore, where we transfer your Personal Data outside our corporate affiliates or to third parties who help provide our products and services, we obtain contractual commitments to protect your Personal Data under Data Protection Agreements and pursuant to Standard Contractual Clauses. Some of these assurances are well recognized certification schemes or such as the EU – US Privacy Shield for the protection of Personal Data transferred from within the EU to the United States. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before disclosing any Personal Data.
Data Protection Officer
Our appointed Data Protection Officer is Shwan Noori. If you have an inquiry regarding your Personal Data, pursuant to the rights listed in the preceding section (above), please send your message to the following:
Links to Third Party Sites
We do not sell products or services to anyone under the age of thirteen (13). In accordance with the Children’s Online Privacy Protection Act (“COPPA”), we will never knowingly request or solicit Personal Data from anyone under the age of thirteen (13) without verifiable parental consent. In the event that we receive actual knowledge that we have collected such Personal Data without the requisite and verifiable parental consent, we will delete that information from our database as quickly as is practical. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Sites.
Your California Privacy Rights
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by emailing a request to email@example.com.
How to Contact Us
By e-mail: firstname.lastname@example.org
By regular mail:
1300 Darbyton Drive
Hewitt, TX 76643