It is GivingData’s policy to respect your privacy regarding any information we may collect while using our software applications and websites, collectively called the Services.
GivingData operates a web based application called GivingData that is part of the services that we offer. The application consists of various modules and all such products, applications, websites are collectively called “Services”.
Data Controller and Data Processor
We process two main types of personal data.
- User Data – Personal data that forms part of data that is provided by our users (clients, grantees, and applicants) for processing.
- Other Data – Personal data about our clients, visitors and other individuals that is collected and processed directly by us.
Information We Collect
As users (clients, grantees, and grant applicants), you provide data to us for processing as part of usage of our GivingData applications.
User Data may be processed by us when our clients input or upload information into the Service. For example, clients who use our GivingData application may upload User Data about themselves or their employees.
This data includes name, address, email address, phone number, description of the client and details about the grant programs they administer. We collect billing details for invoice purposes.
Similarly, User Data may be processed by us when grant applicants input or upload information into the Service. For example, applicants applying to a grant listed on GivingData may upload User Data about themselves, which may include name, address, email address, phone number, general geographic location and details about themselves in response to a specific grant program questionnaire or other application form.
GivingData may also collect client, grantee, or applicant data, on your instruction, from third parties on your behalf.
Users provide data that is necessary to create user accounts.
For creation of user accounts, you provide your name, email address, password, telephone number and correspondence address.
We also collect data when you use our applications and websites
- Log Data – Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address
- Subscription Data – You provide personal data to us as part of signing up for GivingData.
- Contact Us Data – When you enquire about our products and services, we collect and store this data to communicate with you and respond to your enquiry.
Data from Others
GivingData may receive your data from public sources other than from you, such as the Internal Revenue Service
Publicly Available Data
As part of client data processing, we collect or receive, on your behalf, publicly available information from sources like the Internal Revenue Service, which we use to process applications and provide the Service. We do not collect your data from any private third party sources.
We collect data through cookies.
The information we collect from cookies may include your IP address, browser and device characteristics, referring URLs, and a record of your interactions with our Service. We will respect your choices relating to on-line tracking, whether you choose to reject individual cookies or set your web browser to reject cookies and other tracking technology. However, refusing a cookie may, in some cases, preclude you from using, or negatively impact the display or function of, the Service or certain areas or features of the Service.
How We Use Your Data
How we use your personal data will depend on which Services you use and how you use those Services.
User Data will be used by GivingData in accordance with the User’s instructions, including any applicable terms in the Client Agreement and as required by applicable law. For purposes of EU data protection regulations (the “Data Protection Regulations”), GivingData is a processor of User Data and the applicable User is the controller.
Other Data is used by us to provide our services, send our newsletters and to communicate with you by responding to your requests, comments and questions.
Lawful basis for processing
We have lawful basis to process your personal data. We have a legitimate interest in processing, also may also in some cases use your consent as basis for lawfully processing your personal data.
We process your personal data only when we have a lawful basis. Presently, we have a legitimate interest and, in some cases, your consent as the lawful basis for processing. Our legitimate interest is to deliver the services to our clients, clients’ grantees and grant applicants. We have determined that our processing of your personal data is necessary to deliver the services to our clients and grant applicants, and that our processing of such data is no more intrusive than other ways of delivering the services to our clients. Finally, we believe that our processing of personal data will not cause unjustified harm in a way that would override our legitimate interest basis as provided under the Data Protection Regulations.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Where you have consented to a particular processing, you have a right to withdraw the consent at any time.
How we use Client and Applicant data
We use your data to authenticate you and authorize access to our services.
We only process client-related User Data on behalf of our clients and in accordance with their instructions provided in the applicable Services agreement with us. We process grant-applicant related User Data on behalf of grant applicants, to provide the Services and connect grant applicants with our clients. We use the data that we have about you to provide our services and provide support to you. In each case, GivingData collects such information only in so far as is necessary or appropriate to fulfil the purpose of the interaction with our services.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services and our Services offerings. These communications are considered part of the Services and you may not opt out of them unless you choose to not use our Services.
- Aggregated Analytics. We may also use our User Data to derive aggregated analytics such as total grantees, grants awarded, grant applicant totals, average and total grant amounts, and similar usage analytics. We also use aggregated analytics to inform the ongoing development and improvement of GivingData by reviewing usage patterns and behaviors.
- User Support. If you send us a request (for example via a support email or via one of our feedback mechanisms), we respond to your request or to help your issues.
- For any other purpose as provided for in the Services Agreement between us and the client, or as otherwise authorized by the client.
- In accordance with or as may be required by law.
How we use Other data
We may send you service related messages or marketing / promotional materials. You may choose to restrict the collection or use of your personal information.
We will update you with improvements in our services, new features and from time to time also carry out direct marketing of our products and services. Direct marketing is carried out only if you consent to receiving such communications from us.
Users under 16 years of age
The Sites and Services do not knowingly collect personal information from users under the age of 16.
If you are under the age of 16, you are not permitted to use the Sites and Services or to disclose Personal Information. If we learn we have collected or received Personal Information from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us.
Data Retention Policy
User Data – We retain your information for as long as you have an active Services account. We may also retain your personal information for extended period under applicable statutory laws.
GivingData will retain client-related User Data in accordance with a Client’s instructions, including any applicable terms in the Client Agreement and as required by applicable law. Similarly, we will retain grant applicant-related User Data as long as you have an active account with us or as long as needed to provide the Services. When you decide to close your account, we delete all personal information about you.
You can request to access, update or correct your personal information. You also have the right to object to direct marketing.
You may have additional rights pursuant to your local law applicable to the processing. For example, if the processing of your personal information is subject to the Data Protection Regulation, and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR you may also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.
User’s Rights to Control Data
Whenever you use our services, we aim to provide you easy means to access, modify, delete, object to or restrict use of your personal information.
We strive to give you ways to access, update/modify your data quickly or to delete it unless we have to keep that information for legal purposes. Some rights can be accessed from within the GivingData application. For visitors, these rights can be exercised by contacting us with your specific request.
- Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Delete Data: You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Services to you).
- Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g. if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal data is inaccurate or unlawfully held).
- Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
We keep some personal data even after account closure.
Once you choose to close your account, we generally delete your login profile within 30 days of closure of your account. Some information that is necessary for statutory obligations such as records of payment processing, invoicing data will be retained as necessary. If you are a grant recipient and have shared your contact information with grant providers (our clients), such contact information may be maintained by such grant providers even after you close your account with us.
Your information shared with others
Recipients of your data
Your data will be shared with other recipients in order to provide you with services.
While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers. Examples of when and for what purpose your data is shared include data center / hosting services, email marketing services, etc.
The following categories of recipient will most likely receive your data in order for us to provide services to you:
- Third Party Data Center Services such as Microsoft Azure and Google Analytics
- Third Party SMTP Services such as SendGrid
- MailChimp for direct marketing
Each of these service providers has contractually committed to treat your data with the same or a higher degree of care than we do.
To Comply with Laws. If we receive a request for information, we may disclose if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. We may also share your data to an acquirer in the event of a sale of substantially all of our assets or other change of control transaction.
Cross-Border Data Transfers
Your data will be stored and processed in multiple countries including outside of the European Union (EU) Region
Since we are an international company, your data will be processed outside of the EU region. Your data will be processed within Third Party Data Centers in USA. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer.
Security Measures to Protect your Data
We implement security controls to prevent breaches and unauthorised access to your data.
We maintain reasonable and appropriate security measures to protect User Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of security measures include physical access controls, encryption, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.
Protection of personal information
Our Sites and Services uses commercial efforts to maintain safeguards for protection of your Personal Information.
GivingData takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
If you have questions or complaints regarding this Policy, you may contact us through email at firstname.lastname@example.org or through phone at 1-617-600-3399. You may contact us at our mailing address below:
P.O. Box 300736
Boston, MA 02130
If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the Data Protection Regulation, you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.