Updated: September 2016

PURPOSE AND SCOPE

This policy covers all websites from the YourCause.com domain, either through a-record, sub-domain, forwarding, re-directing (collectively "YourCause.com") or any other domains owned by YourCause, LLC ("YourCause").

YourCause, LLC ("YourCause", “us”, “we”, or “our”) provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use and disclosure of personal information we receive from users of YourCause.com (the "Site"; Site and any login service, API, or web service collectively, the "Services").

Any agreements between YourCause, LLC and the company contracting our Services (“Company”), and their respective terms and conditions regarding data, privacy and accessibility, may take precedent over this Privacy Policy, as stated within such executed agreements.

This Privacy Policy applies only to information that is provided to us through the Services (including that which we may collect on your behalf) when using our Site Services. By using this Site, you indicate your acceptance of this Privacy Policy and the collection and use of your information in accordance with this policy.

As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.

INFORMATION COLLECTION AND USE, INCLUDING DATA TRANSFERS RECEIVED FROM CLIENTS AND THIRD PARTIES

  1. Personally Identifiable Information

    • In the course of using the Services (including a Hosted Application), we may ask you to provide us with certain personally identifiable information (“PII”) that can be used to contact or identify you and administer your account. Personal Information includes, but is not limited to, your name, phone number, credit card or other billing information, email address and home and business postal addresses. We transmit credit card information directly to our processing partners through a secure (as they exist at the time this policy is implemented) API integrated within the Site over a reasonably secure connection. We do not store any credit card details (credit card number, expiration date, Card Verification Value). We do store the user's contact information (more details provided below).

    • We use your Personal Information (in some cases, in conjunction with your Non-Identifying Information) to provide the Services, complete your transactions, administer your inquiries, and as further explained below.

    • Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your Personal Information with Non-Identifying Information and aggregate these two sets of information with information collected from other YourCause digital properties to provide you with a better experience, to improve the quality and value of the Services and to analyze and understand how our Site and Services are used. We may also use the combined information to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.

    • YourCause does not sell, lend, rent, or lease your Personally Identifiable Information. Except as described in this Privacy Policy, your Personally Identifiable Information will be used only by YourCause and its controlled subsidiaries, affiliates, agents, or contractors, and verified partners and your Personal Information will not be disclosed to any non-qualified partner and/or third party without your prior consent.

    • YourCause will store all collected PII until account deletion is requested by the entity contracting with YourCause to provide such services. At that point, the requested PII will be scheduled for deletion. Some data may not be erasable, such as activity listings in public activity feeds, which are made of first name and last name initial.

    • We do not share your credit card information with any entity other than the payment card processor. We do not retain your credit card information..

    • Personal information may be disclosed to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders.

  2. Donation Processing

    YourCause processes donations through our partner APIs. Visit the websites for Ammado, CanadaHelps, GlobalGiving, Heartland Payment Systems, Network For Good, and United Way Worldwide for additional information related to tax deductions, tax receipt, processing fees and the privacy policies for those websites.

  3. Cookies

    Like many websites, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We and our third-party service providers use session cookies, which link your actions during a particular browser session and expire at the end of that session, as well as persistent cookies, which remain on your device and allow us to remember your actions or preferences across multiple browser session. At YourCause, we make use of cookies for the following business purposes:

    • Security - We use authentication cookies to ensure you only access data intended for your view and prevent unauthorized access of your credentials and information.

    • Operational - URL redirection is a process by which our Site commands your browser to redirect you to a page based on the value stored in the redirection cookie we configured.

    • Analytical - To better understand how our users interact with our Site and aggregate information on users’ engagement with our Services, we use an analytics tool that may store cookies on your device on our behalf

    If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. The Help feature on most web browsers will tell you how to prevent your browser from accepting new cookies, how to receive notice when a new cookie is set, and how to disable cookies altogether. However, if you choose to block or delete cookies, certain features of our websites may not operate correctly and the following may occur:

    • If you change the settings on your web browser, you will be presented with the consent option again the next time you visit our website.
    • Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you visit this website.

    For further information about deleting or blocking cookies, please visit: http://www.allaboutcookies.org/manage-cookies.

Changing or Deleting Your Information

All registered users may review, update, correct or delete the Personal Information in their registration profile by contacting YourCause and/or the appropriate individuals at their employer. If a user’s profile information is deleted, then the user’s account will become deactivated. If you would like us to delete your record in our system, please contact us with a request that we delete your Personally Identifiable Information from our database. We will use commercially reasonable efforts to honor your request and will work with the employer contracting with YourCause to ensure your data is properly removed within a reasonable time (though some information may not be erasable, as described above). We may retain an archived copy of your records as required by law.

Security

At YourCause, we are very concerned with safeguarding all information, as the protection of the data you share with us is very important. All sensitive data you transmit to us via our Site is encrypted using industry standards as they exist at the time this policy is implemented both in transit over HTTPS using the Transport Layer Security protocol (“TLS”) and at rest using Transparent Data Encryption and other encryption standards of data at rest.

All sensitive data we collect from you (such as credit card information for the purpose of making a donation) is encrypted and transmitted to our processing partner when applicable, in a reasonably secure manner (where the data is encrypted over TLS using the Advanced Encryption Standard with a key length of 256 bits). You can verify the connection security by looking for a lock icon on your browser address bar.

We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your electronically stored PII in accordance with appropriate legal or regulatory requirements, taking into account the need to accommodate (i) legitimate requests by law enforcement and (ii) any measures reasonably necessary to investigate the scope of the breach and restore the reasonable integrity of the data system.

U.S. – SWISS SAFE HARBOR FRAMEWORK

YourCause complies with the U.S.-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. YourCause has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the U.S.-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/

In compliance with the U.S.-Swiss Safe Harbor Principles, YourCause commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact YourCause at: security@yourcause.com

YourCause has further committed to refer unresolved privacy complaints under the U.S.-Swiss Safe Harbor Principles to PrivacyTrust, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit PrivacyTrust’s dispute resolution portal at https://www.privacytrust.com/drs/applicable for more information or to file a complaint. The services of the PrivacyTrust are provided at no cost to you.

This Safe Harbor Privacy Policy Statement (the “Policy”) applies to all personal information received by YourCause in the United States from Switzerland, in any format, including electronic, paper or verbal.


EU – U.S. PRIVACY SHIELD FRAMEWORK

YourCause recognizes that the EU has established certain protections regarding the handling of EU Personal Data, including requirements to provide adequate protection for EU Personal Data transferred outside of the EU. To provide adequate protection for certain EU Personal Data about corporate customers, clients, suppliers, and business partners received in the US, YourCause has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (“Privacy Shield”).

YourCause has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Correction, Enforcement and Dispute Resolution. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. To view our certification under Privacy Shield, please visit https://www.privacyshield.gov/list

You may direct any complaints pertaining to our collection and/or use of your information to us at: security@yourcause.com or by mail at YourCause Security Office 6111 West Park Blvd. Suite 1000 Plano Texas, 75093. In compliance with the EU-U.S. Privacy Shield Principles, YourCause commits to resolve complaints about your privacy and our collection or use of your personal information within 45 days. If you are unsatisfied with the resolution of your complaint, please contact the independent recourse mechanism listed below:

  • HR Data Recourse Mechanism

    If a complaint involving HR data remains unresolved, individuals should contact the state or national data protection or labor authority in the jurisdiction where the individual works for resolution. YourCause commits to cooperate with the competent European Union Data Protection Authorities (DPAs) and comply with the advice given by such authorities with regard to data transferred from the EU including human resources data transferred from the EU in the context of the Services offered by YourCause. In the event that YourCause or the DPAs determine that YourCause did not comply with this Policy or Privacy Shield principles, YourCause will take appropriate steps to address any adverse effects and to promote future compliance, comply with any directive given by the DPAs where the DPAs have determined that YourCause should take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Privacy Shield principles. A listing of all EU Data Protection Authorities (“DPAs”) is located at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.html

  • Non-HR Data Recourse Mechanism

    YourCause has committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to PrivacyTrust, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit PrivacyTrust’s dispute resolution portal at https://www.privacytrust.com/drs/applicable for more information or to file a complaint. The services of the PrivacyTrust are provided at no cost to you.

    Finally, as a last resort and in limited situations, a binding arbitration option will also be made available to EU individuals to address residual complaints not resolved by any other means.

  1. Scope

    The EU-U.S. Privacy Shied Framework applies to all personal information received by YourCause and emanating from the EEA and from Switzerland (collectively “EU Personal Data”), in any format, including electronic, paper or verbal. This policy is applicable to all YourCause entities in the United States.

  2. Privacy Principles

    The privacy principles in this Policy have been developed based on the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework.

  3. Notice

    YourCause is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

    YourCause may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

    Where YourCause collects personal information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses personal information about them, the types of non–agent third parties to which YourCause discloses that information, the choices and means, if any, YourCause offers individuals for limiting the use and disclosure of personal information about them, and how to contact YourCause. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to YourCause, or as soon as practicable thereafter, and in any event before YourCause uses or discloses the information for a purpose other than that for which it was originally collected.

    Where YourCause receives personal information from its subsidiaries, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.

  4. Choice

    YourCause may offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

    For sensitive personal information, YourCause will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

    YourCause will provide individuals with reasonable mechanisms to exercise their choices.

  5. Data Integrity

    YourCause will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. YourCause will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

  6. Onward Transfers to Agents and Third Parties

    In cases YourCause leverages the use of onward transfer to third parties of Personal EU Data, YourCause is potentially liable and will obtain assurances from its agents that they will safeguard EU Personal Data consistently with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Privacy Principles, certification by an agent, or being subject to another European Commission or Swiss FDPIC adequacy finding (e.g., companies located in Canada). Where YourCause has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, YourCause will take reasonable steps to prevent or stop the use or disclosure.

  7. Access and Correction

    Upon request, YourCause will grant qualified and approved individuals reasonable access to EU Personal Data that it holds about them. In addition, YourCause will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

  8. Security

    YourCause will exercise generally acceptable industry standards coupled with commercially reasonable precautions to protect EU Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

  9. Enforcement

    YourCause will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that YourCause determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.

  10. Limitation on Application of Principles

    EU Personal Data will not be processed in a way that is incompatible with or materially different from the purposes for which it has been collected or subsequently authorized by the individual. Reasonable steps will be taken to ensure that EU Personal Data is reliable for its intended use, accurate, complete and current. Further, all EU Personal Data will be retained only for as long as it serves the purposes for which it was collected or subsequently authorized by the individual.

    Adherence by YourCause to all the aforementioned Policies and Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

Links to Other Sites

Our Services, from time to time, may contain links to other websites. If you choose to click on another third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise complete control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.

Our Policy Toward Children

The Site and Services are not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.

Business Transfers

In connection with a business transaction where an entity acquires all or substantially all of the business or assets of YourCause, whether by merger, acquisition, or reorganization or in the event of bankruptcy, YourCause may transfer to or otherwise share with such acquiring entity, all data associated with the product and services provided by YourCause, subject to any agreements between the Company and YourCause.

Changes To This Privacy Policy

This Privacy Policy is effective as of September 2016 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately upon validation. YourCause reserves the right to amend this Privacy Policy from time to time.

You are advised to consult this policy regularly for any changes. Please note that a notice will be posted YourCause web pages at www.yourcause.com and www.csrconnect.me whenever this Privacy Policy is changed in a material way.

Contact

Questions or comments regarding this Policy should be submitted to the YourCause Security Office by mail to:

YourCause Security Office
YourCause, LLC
6111 W. Plano Parkway – Suite 1000YC
Plano, Texas 75093
security@yourcause.com