2. INFORMATION WE COLLECT AND HOW WE USE IT
Information You Voluntarily Provide Us.
When you sign up for an account through the Service, you will be required to provide us with various Personal Data. Specifically, when you sign up for the Service, we collect your name and email address, and you will be required to create a password. In addition, as you use the Service, you may choose to provide additional Personal Data, including weight, height and access to your camera or photos. Furthermore, the Service allows you to post content on the Service through functions such as chat and comments and we collect this information, which can be considered Personal Data. You may provide the foregoing Personal Data and information by entering it into the Service, or through a third party service. While the information described here is provided to us only with your permission, some aspects of the Service may not be available if you choose not to provide us with such information and Personal Data.
Donors are not required to create an account through the Service, but will be required to provide their name, and email address to process their payment via our payment processing integration partner. In some instances, additional information may be requested by DonaLeb to ensure that your contribution can be managed correctly by our partner, which may include your address e.g. to send you a donation confirmation as further described in this policy.
Information We Automatically Collect as You Use the Service.
In addition to the information you voluntarily provide us, when you sign up for the Service and use the Service, we automatically collect your geo-location while the application is running on your device. You may be able to limit such collection in the settings on your device. As with the voluntarily provided information described above, some aspects of the Service may not be available if you choose not to provide us with such information and Personal Data.
Other Anonymous Data We Collect.
3.PURPOSES OF COLLECTION AND LEGAL BASIS FOR USE
In furtherance of these purposes, we use the Personal Data described above primarily for providing you with the core aspects of the Service. The legal bases for us to process your Personal Data to provide the core aspects of the Services, where we are acting as controller of your Personal Data, are as follows: (a) first and foremost, you provided your consent by agreeing to this Policy, which you may withdraw at any time by emailing us at firstname.lastname@example.org; (b) the processing is necessary for our contractual relationship with you (in other words, to provide the Service to you that we have agreed to provide, we need to process your Personal Data); (c) the processing is necessary for us to comply with our legal or regulatory obligations; and (d) the processing is in our legitimate interest as a provider of the Services (for example, to protect the security and integrity of our systems and to provide you with customer service and the core functionality of the Service).
However, we also use the Personal Data to send you information about DonaLeb and the Service. When creating your DonaLeb profile, you have the option to consent to us sending you the DonaLeb newsletter or to otherwise contact you about promotions, updates, and features of the Service.
We may provide Partners with metrics and analytics associated with a challenge that Partners are supporting, such as participation in a challenge, success of a challenge, and other related information and to provide Partners with your Personal Data to contact you about their products, services, and calls to action.
Your Personal Data will only be shared with the Partners who are involved with the challenge that you are participating in. If you are involved in more than one challenge, your Personal Data will be shared with those Partners who are involved in the subsequent challenges you participate in.
Personal Data of Donors is collected for the purpose of providing the peer to peer functionality, which enables Corporate Giving Donors (who may not be users of the Service) to contribute money in the name of a user such that the user can raise additional funds as part of the challenge in which the user is participating.
4. HOW WE SHARE YOUR PERSONAL DATA
Information Shared By You Through The Service.
You may, now or in the future, be able to choose to voluntarily share Personal Data collected through the Service, to public forums on the Service, through email, or through third party social media platforms.
In particular, you may also choose to voluntarily share photos or other similar materials through the Service. We or the Partners who are involved with the challenge(s) that you are participating in may use, copy, modify, share, publish, or redistribute, such materials for promotional or for other similar purposes.
To be able to effectively provide you with the Service, and to improve the functionality of the Service, we may disclose your Personal Data to our personnel, including our employees, contractors, and agents, to the extent that such persons or entities have a need-to-know such information in furtherance of the Service.
We work with third party service providers to provide website, application development, hosting, maintenance, data processing, customer service, payment processing, and other services for us in furtherance of the Service. These third parties (who are data sub processors for the purposes of GDPR) may have access to or process your Personal Data as part of providing those services for us. However, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we have contracts in place with such vendors in line with the Article 28 requirements of GDPR, pursuant to which they are required, amongst other things, to maintain the confidentiality of the Personal Data to the extent required by GDPR.
Charities, Mission-Driven Businesses, and Company Donors (Our Partners).
A core aspect of the Service is that our Partners may have access to Personal Data for the purposes described above. Namely, our Partners may have access to your Personal Data for the purposes of (1) receiving metrics and analytics associated with a challenge that a Partner is supporting, (2) for providing Partners with your Personal Data to contact you about their products, services, and calls to action, and (3) for our Partners to use your Personal Data for their own marketing and promotional purposes. As such, we may share your Personal Data with our Partners who support campaigns on the Service or who benefit from campaigns on the Service.
Sale of Company or Assets.
In the event that we sell all or substantially all of our company or its assets, including the Personal Data collected through our Service, we may transfer your information to the acquiring company. However, we will notify you before we do so.
Other Third Parties.
In addition to our practices described above, we may share your Personal Data if we have a good-faith belief that such action is necessary to (1) comply with the law (see the section below on “Government Requests”), (2) protect and defend the rights or property of DonaLeb, or (3) prevent an emergency involving danger of death or serious physical injury to any person. We will only share your Personal Data for the foregoing reasons to the extent permitted by GDPR.
5. STORING YOUR PERSONAL DATA
Duration of Storage of Your Personal Data.
We will store your Personal Data for as long as it is needed to provide the Service, however, we may not know if you have stopped using the Service so we encourage you to contact us if you are no longer using the Service. However, if required by applicable law, we may retain your Personal Data for such period as may be required by such law. To continue to provide an effective service, we may store non-Personal Data perpetually and may anonymize your Personal Data and store that anonymized information perpetually.
Additionally, as described in this Policy, we use third parties to provide the Service. We will ensure that such third parties to delete or modify your Personal Data to the extent required by GDPR and the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) (the “SCCs”).
We use reasonable efforts to secure your Personal Data and to prevent the loss, misuse, and alteration of the information that we obtain from you. For example, we require our personnel and third party vendors to sign confidentiality agreements that extend to your Personal Data, and we review the privacy practices of new products and services that we integrate into our Service. In addition, we use reasonable technical safeguards such as encryption and secure hosting provided by industry leading third party vendors, to secure your Personal Data. However, loss, misuse, and alteration may occur despite our efforts to protect your Personal Data. We are not responsible to our users or to any third party due to any such loss, misuse, or alteration, except to the extent required by GDPR, the SCCs, or other applicable law.
6. YOUR CHOICES
You can change some of your Personal Data through the account settings provided on the Service. In addition, if you wish to access, receive a copy of, change or delete the Personal Data we hold about you, you may contact us as described at the end of this Policy. In addition, we encourage you to contact our Partners to access, receive a copy of, change or delete the Personal Data and we agree to work with our Partners in good faith to assist with your request.
You may withdraw the consent granted in this Policy for us or our Partners to use the Personal Data described in this Policy by contacting us as described at the end of this Policy. Please note that if you do so, it will not affect the lawfulness of the use of your Personal Data based on your prior consent.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by contacting us as described at the end of this Policy. Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, even after you opt-out from receiving commercial messages from us, you may continue to receive administrative messages from us regarding the Service.
Upon receipt of any of the above request(s), we will reflect any changes you request in our databases to the full extent required by GDPR, the SCCs, or other applicable law and we will confirm the changes to you.
If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
7. GOVERNMENT REQUESTS
From time to time, we may receive requests from government agencies to obtain information about our users. In handling such government requests, we greatly value the privacy of your Personal Data, however, we may turn over your information in accordance with such requests if we believe such action is warranted. In responding to any government request, we will (1) use commercially reasonable efforts to limit the scope of any government data request, (2) only provide any such data to the government if we reasonably determine, in consultation with our attorney, that we are required to do so by law, and (3) notify users in advance of disclosing their data to the extent we reasonably determine that we are permitted by law to provide such notice.
8. THIRD PARTY SERVICES AND PRACTICES ARE BEYOND OUR CONTROL
Our Service utilizes numerous third party services as part of the functionality of the Service. We may share your Personal Data with third parties as explained in this Policy. We have no control over such third parties, except to the extent required by GDPR and the SCCs. We encourage you to review the privacy practices of such third parties. We make no guarantees about, and assume no responsibility for, the information, services, or data/privacy practices of third parties, except to the extent required by GDPR and the SCCs.
9. INTERNATIONAL DATA TRANSFERS
Information collected in the European Economic Area (“EEA”) may be transferred, stored and processed by us or third parties (as provided in this Policy) in the United States and other countries whose data protection laws may be different than the laws of your country. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by entering into SCCs with the relevant third party.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
As described in this Policy, we may share Personal Data with third parties and may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
10. CHANGES TO THIS POLICY
DonaLeb reserves the right to change this Policy from time to time, with or without notice to you, except to the extent required by GDPR. If you continue to use the Service, you consent to the new Policy. We will always have the latest Policy posted on the Service.
11. PLEASE REACH OUT TO US WITH ANY QUESTIONS OR FEEDBACK
If you have any questions or comments about this Policy or our Service or if you wish to access, receive a copy of, change or delete your Personal Data, please feel free to contact us by email at firstname.lastname@example.org, or by mailing us at the following address:
9450 SW Gemini Dr PMB 33284 Beaverton, Oregon 97008-7105
Beaverton OR 97008
12. DATA PROTECTION OFFICER
Finally, we have appointed a Data Protection Officer (“DPO”). Our DPO can be contacted directly by email at email@example.com or by mail at:
9450 SW Gemini Dr PMB 33284 Beaverton, Oregon 97008-7105