Privacy Policy (EU/EEA)
1. INTRODUCTION
This Privacy Policy applies to individuals located in the European Union (“EU”) and the European Economic Area (“EEA”).
We understand your concerns about safety and security and want to assure you that we make every effort to safeguard your privacy when you make donations through our giving system. Our mission is to help you support any charity, anywhere online – in a convenient and secure manner.
In this Privacy Policy references to we, us or our means
1) Nonprofit For Good (“NFG”), a Hawaii non-profit corporation based in the United States, with our headquarters located at HI, the United States and
2) The Nonprofit For Good, Inc. is based in the State of Hawaii, United States.
References to you or your means the person accessing and using the www.TheNFG.org website (collectively, the “Website”) and/or using the services that we make available to you via the Website.
2. COMPLIANCE WITH THE EU-U.S. PRIVACY SHIELD FRAMEWORK AND SWISS-U.S. PRIVACY SHIELD FRAMEWORK
NFG complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU) to the United States or from Switzerland to the United States (as the case may be). Our affiliate NFG also adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Our participation with the Privacy Shield Framework does not apply to our human resources’ personal information. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. For more information, please review our “PRIVACY SHIELD PROVISIONS” section below.
3. PRIVACY POLICY
This Privacy Policy sets out the basis on which we collect and use personal information about you through your use of the Website and the Services. This Privacy Policy describes in detail who is responsible for the personal information that we collect about you, what personal information we collect, how we will use such personal information, who we may disclose it to, and your rights and choices in relation to your personal information.
In this Privacy Policy where we use the words personal information, we use these words to describe information that is about you and which identifies you.
4. GENERAL INFORMATION ABOUT YOUR DONATION AND COMPLYING WITH DONOR ADVISED FUND REGULATIONS
Most donations through the Services are processed by us (i.e., NFG) which will distribute your donation to the nonprofit organization that you recommended. However, some donations made through the Services are processed directly by the nonprofit of your choice and not by us. When your donation is processed by us, as required by the Internal Revenue Service (“IRS”), we have exclusive legal control over the donations to our donor-advised fund. All donations are final and may not be refunded. In the rare event that a charity you have recommended does not satisfy our criteria for receiving donations (e.g., it has been classified by the IRS as a disqualified supporting organization, it cannot or does not accept donations, is not recognized by the IRS as a section 501(c)(3) public charity, or is not in good standing with federal and state regulators), we will select an alternate charity to receive your donation funds.
5. WHO IS RESPONSIBLE FOR THE PERSONAL INFORMATION THAT WE COLLECT?
In most cases, NFG and it’s partners are joint data controllers for the purpose of data protection law, in respect of your personal information collected and used through your use of the Website and the Services. This is because we jointly dictate the purposes for which your personal information is used and the means by which we use your personal information. NFG has arranged to work together to respond to your questions and to respond to any rights that you may exercise (see Section 14 below on “Your Rights”).
For limited purposes, such as when NFG is required to process your personal information in order to comply with NFG’s legal reporting and registration obligations, then NFG is the data controller for such purposes.
Customers of NFG’s Services may also be data controllers as they also have access to donations processed via NFG’s Services.
6. WHAT PERSONAL INFORMATION DO WE HOLD ABOUT YOU?
Information You Provide to Us
We collect and use personal information about you in the course of providing the Website and the Services. The information that you provide to us may include the following:
Contact information | Name, mailing address, email address, and telephone number |
Professional information | Organization name, your title within the organization, industry type, 501(c)(3) status, and other business information about the organization |
Account information | Contact information as set forth above, username, password, and any other information you choose to include in your profile |
Donation information | Billing address, email address, information about the donation (charity donating to, the amount of the donation), payment information, records of donations, receipts of donations |
Payment information | Payment card number (credit or debit card), expiration date, or other financial account number and account details |
Marketing preferences, marketing activities, and customer feedback | Marketing preferences, or responses to voluntary customer satisfaction surveys. To improve our marketing communications, we may collect information about interaction with, and responses to, our marketing communications |
Attendance information | Registration information; record of attendance at a webinar or another event; contact information |
Other information you provide to us | For example, if you write a review of our Services or provide other information to us in the course of your use of our Websites or Services |
This information may be provided:
- in the course of communications between you and us (including by phone, email, chat, Website or otherwise);
- when you register for an account and/or fill out an application form;
- when you inquire about our Services;
- when you make a donation;
- when you register to attend one of our webinars or other events;
- when you sign up for our e-newsletter or other materials;
- when you post on our Website’s publicly available features, such as online blogs; and
- when you report a problem with our Website or Services.
Information We Collect About You
We may also collect personal information about you through your use of the Website and the Services. This information includes online activity information and technical information about your usage activities, to the extent that such information constitutes personal information.
We collect technical information automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), operating system type (Windows or Mac) and version, internet browser type and version, internet service provider (ISP), and language. We also collect information about your use of our Website, for example, dates and times of log-in and out to your account, time spent on pages, and the pages visited. We use this information to ensure that the Website and the Services function properly. Please also see additional information on our cookie usage in Section 7 below.
Information We Receive from Third Parties
We may also receive personal information from other sources, such as:
- any of the other websites we operate or the other services we provide (if you use any of them);
- information we obtain from publicly available sources such as Facebook or LinkedIn;
- information from public records in order to conduct due diligence or for conducting fraud prevention checks or to supplement your profile (i.e., zip code);
- information from your employer if you are using our Services through an employer-run program;
- information from corporate partners if you are using our Services through a corporate partner program.
7. COOKIES
The Website uses cookies to distinguish you from other users of the Website. Cookies are pieces of information stored directly on the device you are using. Cookies allow us to recognize your device and to collect information such as internet browser type, time spent using Services, and pages visited. This helps us to provide you with a good experience when you browse the Website and also allows us to improve the Website.
We use Google Analytics, a web analytics service provided by Google, Inc. For more information about Google Analytics, or to opt-out of Google Analytics, please go to Google Analytics Opt-Out Settings page here https://tools.google.com/dlpage/gaoptout.
- We use cookies in order to bring you more relevant messaging with Google Display and Search Advertising (e.g., Remarketing or Google Display Network Impression Reporting).
- We use third-party vendors, including Google, in order to show ads on third-party sites across the Internet.
- We, along with third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on past visits to our Website and to report how ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Website.
- We use data from Google Analytics Demographics, Interest Reporting, and third-party audience data to help us understand how people find and use our Website.
- Visitors can opt-out of Google Analytics for Display Advertising, customize Google Display Network ads using Google’s Ads Settings page.
- Cookies do not allow the Website to access personal information that you haven’t already provided to us.
- We may use third party analytics services like Crazy Egg’s Analysis Service or FullStory, which provide us with a clearer picture of how you use the Websites, such as where you click on the Websites, non-sensitive text entered into the Websites, and mouse movements. Your use of the Website is also subject to Crazy Egg’s and FullStory’s privacy policies. You can visit Crazy Egg’s privacy policy at: https://www.crazyegg.com/privacy and their opt-out feature on Crazy Egg’s Opt Out Settings page. You can read FullStory’s privacy policy here: https://fullstory.com/legal/privacy. If you wish to opt out of our use of FullStory with respect to your use of the Websites, you may do so by visiting https://www.fullstory.com/optout/.
You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Website and or our Services.
8. HOW DO WE USE THE PERSONAL INFORMATION WE COLLECT ABOUT YOU?
We use your personal information in connection with the provision of the Website and the Services to you. In particular, your personal information may be used by us, our employees, service providers, and disclosed to third parties for the following purposes. For each of these purposes, we have set out the legal basis on which we use your personal information.
Purpose | Legal Basis |
To communicate with you and other individuals | For our legitimate business purposes (i.e., the provision of the Website and our Services) |
To provide you with the Website and the Services | For our legitimate business purposes (i.e., the provision of the Website and our Services), and depending on the circumstances, to perform a contract between you and us |
To process your donations and communicate with you and our partners about your donations | For our legitimate business purposes (i.e., the provision of the Website and our Services), and depending on the circumstances, to perform a contract between you and us |
To notify you about changes to the Website or the Services | For our legitimate business purposes (i.e., the provision of the Website and our Services) |
To audit and monitor the use of the Website | For our legitimate business purposes (i.e., the provision of the Website and our Services, as well as to improve and monitor the security of the Website)We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law (e.g., in relation to our use of certain cookies) |
To improve the quality of the Website and the Services | For our legitimate business purposes (i.e., the provision and improvement of the Website and our Services) |
To manage complaints, feedback, and queries | For our legitimate business purposes (i.e., the provision and improvement of the Website and our Services) |
To carry out market research and analysis | For our legitimate business purposes (i.e., the provision, improvement, and promotion of the Website and our Services)We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law |
To carry out satisfaction surveys and analysis | For our legitimate business purposes (i.e., the provision, improvement, and promotion of the Website and our Services)We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law |
To provide you with information about the Services we offer (including details of any services which we believe may be of interest to you, including notifying you of opportunities for future donations) in accordance with your preferences as indicated when you entered into any agreement with us, including any marketing consent preferences | For our legitimate business purposes (i.e., the provision and promotion of the Website and our Services)We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law |
To compile aggregate statistics about how our Website and Services are being used | For our legitimate business purposes (i.e., the provision and improvement of the Website and our Services) |
To comply with any legal or regulatory obligations (including in connection with a court order and to meet our reporting requirements) | For our legitimate business purposes and for compliance with legal obligations to which we are subject |
To enforce or apply the agreements concerning you (including agreements between you and us) | For our legitimate business purposes and for compliance with legal obligations to which we are subject |
We may be required to obtain your personal information to comply with our legal requirements, to enable us to fulfill the terms of our contract with you, or in preparation for us entering into a contract with you. If you do not provide the relevant personal information to us, we may not be able to provide the Website and the Services to you.
Where we rely on our legitimate business interests or those legitimate interests of a third party to justify the purposes for using your personal information, this will include:
- pursuit of our commercial activities and objectives, or those of a third party;
- compliance with applicable legal and regulatory obligations and any codes of conduct;
- improvement and development of our business operations and service offering, or those of a third party; or
- protection of our business, shareholders, employees and customers, or those of a third party.
9. WHO MAY WE DISCLOSE YOUR PERSONAL INFORMATION TO?
You agree that we may share your personal information with:
Recipient charities | When you make a donation via a charity website that subscribes and links to a DonateNow or Fundraising Pages, your full contact information will be shared with that charity. When you make a donation via the Website, other services, or a partner website that uses our donation processing services, you may be asked what information you wish to be shared with the recipient charity(ies). You may have a choice of: full contact information, name and email address only, or no personal information (anonymous). |
Partner companies | Employee giving: We provide employee giving solutions for partner companies. When we are processing donations as part of a specific employee giving campaign on the Websites or a page hosted by NFG, we do share some donor information (such as name, email address, donation amount), but not credit card or financial information, with the partner company to confirm that the donation was made by a legitimate employee. In these instances, the partner company has disclosed its relationship to us through its Intranet, website, or employee communications prior to the donation being made. Corporate partners: We partner with other organizations and companies to enable giving across the Internet. Please be aware that donor information shared through a corporate partner site is accessible by the partner and us. We are not responsible for the privacy practices of our partners and any donor information shared through partner sites. Any such information is subject to that partner’s privacy policy. However, when donations are “Powered by Nonprofit For Good,” the donor information shared with recipient charities is subject to our Privacy Policy. |
Our service providers | Our business partners, suppliers, and sub-contractors who help us provide the Website and the Services (for example, our payment services provider, marketing and advertising service providers, and our shipping and other distributors) |
Our professional advisers | Including accountants, lawyers, and other professional advisers that assist us in carrying out our business activities |
Government authorities and third parties involved in court action | External agencies and organizations (including the police and the relevant local authority) for the purpose of complying with applicable legal and regulatory obligations |
We may also disclose your personal information to other third parties, for example:
- in the event that we sell or buy any business or assets we will disclose your personal information to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party (or are subject to a reorganisation within our corporate group), personal information held by us will be one of the transferred assets; and
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation and in response by public authorities, including to meet national security or law enforcement requirements.
We may also share demographic and statistical information in aggregated and anonymous format with our other partners.
10. WHERE WILL WE TRANSFER YOUR PERSONAL INFORMATION?
We are headquartered in the United States and we will process your personal information in the United States. Your personal information will be transferred and stored in the United States.
If we transfer personal information outside the EU and EEA, we will implement appropriate and suitable safeguards to ensure that such data will be protected as required by applicable data protection law. We comply with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks with respect to personal information (described in this Policy) transferred from either the EU and Switzerland to the U.S. For more information on the Privacy Shield, see the section below on “Privacy Shield Provisions.” Depending on the circumstances, we may also enter into with certain vendors, or rely on the European Commission’ adequacy decisions, or, in certain cases, obtain your consent. For further information as to the safeguards, we implement please contact us.
11. PRIVACY SHIELD PROVISIONS
Scope. Our commitment to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework covers personal data collected from the EU or Switzerland and transferred to the U.S., including customer and vendor data, and other personal data. In this Privacy Policy, we refer to “personal information” which is information about an identified or identifiable individual that is received by us from the EU or Switzerland and recorded in any form.
Right of Access. You have the right to access the personal information we hold about you. If such information is inaccurate or processed in violation of the Privacy Shield Principles, you may also request that such information be corrected, amended, or deleted. For additional information on the right to access and other rights available to you under the General Data Protection Regulation (GDPR), including how to exercise such rights, please see the “YOUR RIGHTS” section and “QUESTIONS/CONTACT US” below.
Choice. You also have the right to opt-out of
(i) disclosures of your personal information to third parties not identified at the time of collection or subsequently authorized and
(ii) uses of personal information for purposes materially different from those disclosed at the time of collection or subsequently authorized. To exercise this right, please see the “QUESTIONS/CONTACT US” below.
Onward Transfers. If we receive personal information subject to our certification under the Privacy Shield and then transfer such information to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if the agent processes such information in a manner inconsistent with the Privacy Shield except when we are not responsible for the event giving rise to the damage.
Our Internal Recourse Mechanism. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints should first contact us at privacy@thenfg.org or at the address listed in the “QUESTIONS/CONTACT US” section below. We will respond to your request within a reasonable timeframe but in no event less than 45 days after receipt of your complaint.
Independent Recourse Mechanism. If a complaint cannot be resolved through our internal process, we commit to cooperate with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC) and will comply with the advice given by the DPAs with regard to personal information transferred from the EU and with the advice given by the FDPIC with regard to personal information transferred from Switzerland. Such individuals may direct complaints about their personal information to their respective DPA or the FDPIC (as applicable).
Binding Arbitration. You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
Regulatory Oversight. The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
12. HOW WE PROTECT YOUR PERSONAL INFORMATION
We take reasonable security precautions to protect the personal information that we collect and you provide to us. We use industry-accepted tools, including technology protocols, to protect against the loss, misuse, and unauthorized alteration of the information we collect. We help to protect your information by working with our vendors who provide a secure and safe environment for credit card donations. Please remember that the safety and security of your information also depends on you. Where we have given you (or you have chosen) a login ID or password to access certain of our Services or areas of the Website, you are responsible for keeping such ID and/or password confidential. We ask that you not share such information with anyone or allow anyone to sign in using your credentials.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Website and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorized access.
13. HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION
We will retain your personal information for as long as is necessary for the purposes for which it was collected. The precise period will depend on the reason why it was collected. Those periods are also based on the requirements of applicable data protection laws, applicable legal and regulatory requirements, and periods relating to the commencement of legal actions.
14. YOUR RIGHTS
In addition to any rights described in the “Privacy Shield Provisions” section above, the following is a summary of the data protection rights available to you under the General Data Protection Regulation (GDPR). The rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. You can exercise these rights using the contact details at the end of this Privacy Policy.
Summary of your Rights | |
Right of access to your personal information | You have the right to receive a copy of your personal information that we hold about you, subject to certain exemptions. |
Right to rectify your personal information | You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete. |
Right to erasure of your personal information | You have the right to ask that your personal information be deleted in certain circumstances. For example (i) where your personal information is no longer necessary in relation to the purposes for which they were collected or otherwise used; (ii) if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal information; (iii) if you object to the use of your personal information (as set out below); (iv) if we have used your personal information unlawfully; or (v) if your personal information needs to be erased to comply with a legal obligation. |
Right to restrict the use of your personal information | You have the right to suspend our use of your personal information in certain circumstances. For example (i) where you think your personal information is inaccurate and only for such period to enable us to verify the accuracy of your personal information; (ii) the use of your personal information is unlawful and you oppose the erasure of your personal information and request that it is suspended instead; (iii) we no longer need your personal information, but your personal information is required by you for the establishment, exercise or defense of legal claims; or (iv) you have objected to the use of your personal information and we are verifying whether our grounds for the use of your personal information override your objection. |
Right to data portability | You have the right to obtain your personal information in a structured, commonly used, and machine-readable format and for it to be transferred to another organization, where it is technically feasible. The right only applies where the use of your personal information is based on your consent or for the performance of a contract, and when the use of your personal information is carried out by automated (i.e. electronic) means. |
Right to object to the use of your personal information | You have the right to object to the use of your personal information in certain circumstances. For example (i) where you have grounds relating to your particular situation and we use your personal information for our legitimate interests (or those of a third party); and (ii) if you object to the use of your personal information for direct marketing purposes. |
Right to withdraw consent | You have the right to withdraw your consent at any time where we rely on consent to use your personal information. |
Right to complain to the relevant data protection authority | You have the right to complain to the relevant data protection authority where you think we have not used your personal information in accordance with data protection law. |
15. LINKS TO THIRD PARTY WEBSITES
The Website may contain links to the websites of third parties. We have no control over the content or operation of these websites, nor do we control the confidentiality or privacy practices of the website operators. Consequently, any personal information you submit through such websites is governed by the privacy policies of the websites in question. It is therefore your responsibility to find out about the third-party policies in order to protect information that concerns you.
16. NO SERVICES FOR MINORS
We do not knowingly collect information from minors. To use the Website, you must be the age of legal majority in your place of residence. By using the Website, you hereby represent that you are at least the age of legal majority in your place of residence. We do not use an application or other mechanism to determine the age of users of the Website. We will use commercially reasonable efforts to delete information associated with a minor as soon as practicable if we learn that a minor has submitted information to us.
17. CHANGES TO OUR PRIVACY POLICY
We periodically review and update this Privacy Policy. If we decide to change this Privacy Policy, we will post those changes to our Website so our donors and customers are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We may also, in our sole discretion, notify you of such changes via our e-Newsletter or email to your email address that we have in our records. Any updates or changes to this Privacy Policy will become effective upon posting.
18. QUESTIONS/CONTACT US
If you have any questions regarding this Privacy Policy or the way we use your personal information, you can contact us by:
Email: privacy@thenfg.org
Mail:
The Nonprofit For Good Foundation
7 Waterfront Plaza
Honolulu, HI, 96813
USA
Telephone: +1-732-665-6650
This Privacy Policy was last updated on September 8, 2021.