PRIVACY POLICY

Your Privacy Rights

Effective Date: March 12, 2020

This Privacy Policy describes the types of information gathered by Fundraise Up Inc. (“Fundraise Up”, “us” or “we”) in the process of providing this website (https://fundraiseup.com/) (the “Site”), the cloud-based platform (the “Software”) and the data, services, information, tools, functionality, updates and similar materials (collectively, the “Service”), how we use it, with whom the information may be shared, what choices are available to you regarding collection, use and distribution of information and our efforts to protect the information you provide to us through the Service.

By using the Service, you hereby consent to allow us to process information in accordance with this Privacy Policy. Please also refer to our https://fundraiseup.com/terms, which are incorporated as if fully recited herein. Terms defined in the Terms of Service that are not defined herein shall have the same definition as in the Terms of Service.

Territoriality

Regardless of where our servers are located, your personal data may be processed by us in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE SITE AND USING THE SERVICE, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF ANY INFORMATION COLLECTED OR OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND, TO THE EXTENT POSSIBLE, THAT U.S. LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.

This Privacy Policy is subject to the provisions of the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act of 2018 (“CCPA”), and other applicable privacy laws. Fundraise Up agrees that under the GDPR, it is a data “Controller” and you, if you are an individual and reside in the United Kingdom, Northern Ireland, the European Union, or Switzerland (collectively, and for the purposes of this Privacy Policy, the “EEA”), are a “Data Subject” with certain protected privacy rights concerning your “Personal Data.” Similarly, under the CCPA, we are a “Business”, and you, if you are an individual residing in California, are a “Consumer” with certain protected privacy rights concerning your “Personal Information”. We will take commercially reasonable steps to maintain compliance with GDPR and CCPA requirements. Your Personal Data and Personal Information may identify you as a person, and thus may be referred to as Personally Identifiable Information ("PII").

1. Who Collects Your Information On Our Service?

We do. Under the CCPA we are a “Business” and pursuant to the GDPR, Fundraise Up is what is known as the “Controller” of the PII that you provide to us. We collect information from you on the Service, and we are responsible for protection of your information.

2. What Information Does Fundraise Up Collect?

1. Personal Information. We collect certain Personal Information about you, which may be supplied when you sign-up for the Service, when you complete a survey, when you create or update an account, when you use the Service, when you request services, or otherwise when you submit such information.We only collect basic personal data about you that does not include any special types of information (e.g., health-related) as defined in the GDPR, or location-based information. The types of personal information we collect and save include:

   • Contact and account information such as name, email address, physical address, location data, phone number, and social media information, such as your user name and other information collected through the Service’s social media integration;
   • Technical information collected in our logs. Such information may include standard web log entries that contain your IP address, cookies (first party, third party, session, persistent, and flash), web beacons, page URL and timestamp.

   You may provide us information when you interact with us through email, online chat, messaging functions within the Service, or otherwise. We may retain such information in order to provide you with services, and you agree that we may share this information as needed with other users in order to resolve any issues that may arise between you and another user of the Service.

   The Service may record photos, audio or video of your usage of the Service for quality and security purposes. The Service may also request permission and access to your photo gallery, camera roll or other device storage holding your images, audio or videos, in order for you to upload and transmit them through the Service.

   You may provide us information when you interact with other users on the Service through the Service.

   Although it may appear that the Service collects financial information, it is actually collected and processed through our third-party payment processor, Stripe, (“Payment Processor”) to process payments for the Service. Our Payment Processor may collect information such as banking information or credit card number, name, CVV code or date of expiration, from you on the Service.We do not hold your financial information.

2. Non-personal Information. Non-Personal Information is anonymous or non-personally identifiable information about you, including but not limited to links and materials posted, information about your web browser, enrollment history, purchase history, the pages accessed most frequently, how pages are used, applications downloaded, search terms entered, and similar non-personal data.

   Automatically tracking Internet Protocol (IP) addresses is one method of automatically collecting information about your activities online and information volunteered by you. An IP address is a number that is automatically assigned to your device whenever you surf the internet. Further, the Service may utilize web beacons, pixel tags, cookies, embedded links, and other commonly used information-gathering tools. Through collecting your IP address, we may be able to approximate your geographic location, however, unless and until this is information is paired with your Personal Information, it cannot be used to identify you.

3. Aggregate Information. We may also collect anonymous, non-identifying and aggregate information such as the type of browser you are using, the date and time of any request, language preference, referring site, and the domain name of your Internet service provider.

3. Why Is My Information Being Collected?

We accept and gather information in an effort to provide the Service to you.We need to collect your personal information so that we can respond to your requests for information or to be added to our email lists, to integrate with social media platforms, and to process your payment for the Service. We also collect aggregate information to help us better design the Service. We collect log information for monitoring purposes to help us to diagnose problems with our servers, administer the Service, calculate usage levels, and otherwise provide services to you.

4. How Do We Use the Information We Collect?

1. We use the personal information you provide for the purposes for which you have submitted it including:

   • Internal Uses. We may use your PII to respond to your inquiries, to fulfill your requests for information, track usage trends, conduct experiments, develop and improve the Service and other offerings, and perform research and analytics.
   • Creating and Maintaining Your Account. We use your PII to create and maintain an account for you to allow you to purchase and use the Service.
   • Paying For the Service. We use your PII to process your payment for the Service.
   • Communicating With You About Our Services. We may use your PII to send you information about new services and other items that may be of interest to you.
   • Social Media Integration. We may use your PII to integrate your social media accounts with the Service, and to provide to you the social media features of the Service.
   • Sending Administrative and Promotional Emails. We may use your PII to send you emails to: (a) confirm your account information and your other PII; (b) process your transactions to purchase our Service; (c) provide you with information regarding the Service; (d) inform you of changes to this Privacy Policy, our Terms of Service, or our other terms, conditions, or policies; or (e) provide you with information on our other services and products, or promotions related to the Service or our other services and products.
   • Serve You Targeted Advertisements. We may use your PII to serve you advertisements with the Service that are targeted to your interests.
2. We may use anonymous information that we collect to improve the design and content of our Service, and to enable us to personalize your internet experience. We also may use this information in the aggregate to analyze how our site is used, as well as to offer you programs or services.

5. Co-branded Site(s)

We may partner with other companies to provide you with content or Services on a joint or “co-branded” basis.At a co branded site, you will see both the our logo and the logo of the co-branding partner displayed on your screen. In the instance of a co-branded site, we will still be the entity collecting your information, and our Privacy Policy will apply to that information.However, the privacy policy of our co-branding partner may still apply as well.You should read the individual privacy policies of our co-branding partners, as they may differ in some respects from ours.Reading these policies will help you to make an informed decision about whether to provide your information to a given site.

6. Do We Share Your Personal Information?

We will not share your personal information except: (a) for the purposes for which you provided it; (b) with your consent; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (d) with persons or organizations with whom we contract to carry out internal operations or business activities. With your knowledge and consent, we may share your personal information with our business partners. We may also share aggregate information with others, including affiliated and non-affiliated organizations, including co-branding partners and co-owners of the Site.

7. How Can You Access And Control Your Information?

After becoming a user of the Service, you may revise or edit your information through your account or by sending an email to legal@fundraiseup.com. For instructions on how you can further access your personal information that we have collected, or how to correct errors in such information, please send an e-mail to legal@fundraiseup.com. We will also promptly stop using your information and remove it from our servers and database at any time upon your e-mail request. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.

8. How Do We Store and Protect Your Information?

1. After receiving your personal information, we will store it on our servers for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect.Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers' systems.
2. Please note that we encrypt any PII our possession and are compliant with the Payment Card Industry Data Security Standard (PCI DSS) v. 3.2 under the Self-Assessment Questionnaire (SAQ) A standard. Further, all data transfers are through secure http protocol (HTTPS), and as such are encrypted.We also restrict access to PII to key employees and log all instances of access to PII.Our Payment Processor is fully PCI-Compliant and encrypts all payment transactions using Secure Socket Layer (SSL) technology.
3. If you are visiting the Site from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our servers and internal systems located within the USA.
4. We store your personal information until you request us to remove it from our servers. We store our logs and other technical records indefinitely.

9. How Do We Use Cookies And Other Network Technologies?

1. To enhance your online experience with us, our web pages may presently or in the future use "cookies." Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Although it may be possible to turn off the collection of cookies through your device or browser, certain features of the Services may not function properly without the aid of cookies.
2. Our Service uses Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”).Google Analytics uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends.This service may collect information regarding the use of other websites, apps and online resources.For more information on how Google uses data when you use our Site or Service, please follow this link: https://policies.google.com/technologies/partner-sites.You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on, available at, https://tools.google.com/dlpage/gaoptout.For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit http://optout.aboutads.info.
3. We also use Google’s marketing services, which allow us to display ads in a more targeted manned in order to present ads of interest to the users.This is accomplished through Google’s use of cookies, and all ads are displayed/served to the owner and/or device to which the relevant cookie pertains, whether or not that cookie is linked to any PII.For more information about Google’s use of data for marketing purposes, please see the summary page:https://www.google.com/policies/technologies/ads. Google’s privacy policy is available at https://www.google.com/policies/privacy. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google:http://www.google.com/ads/preferences.
4. Fundraise Up or our service providers may also use "pixel tags," "web beacons," "clear GIFs" or similar means (collectively, "Pixel Tags") in connection with some Fundraise Up Site pages and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of the Fundraise Up Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.
5. Our Service uses the “Custom Audience pixel” of Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”)) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
6. As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as "clickstream data”, can be collected and stored by a website's server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to the Fundraise Up Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our site.
7. Do Not Track. At present, the Site does not specifically respond to browser do-not-track signals.

10. Collection of Information by Others.

Our Terms of Service document identifies certain third party websites to which we may provide links, and that you may click on our Site. Please check the privacy policies of these other websites to learn how they collect, use, store and share information that you may submit to them or that they collect.

11. ‘European Union’ Privacy Rights.

If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject.The GDPR requires that we, as a Controller, have a legal basis to process your PII.

1. We process your PII under one or more of the following legal bases:

   • Processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
   • To perform the contract that we are about to enter with you (e.g. our Terms of Service);
   • To comply with a legal obligation; and/or
   • If we have your consent to do so.

2. Under the GDPR, as a Data Subject you have certain rights. They are:

   • The right to be informed. This is your right to be informed about what they are processing, why, and who else the data may be passed to.
   • The right of access. This is your right to see what data about you is held by us.
   • The right to rectification. This is the right to have your data corrected or amended if what is held is incorrected in some way.
   • The right to erasure. This is the right to have your personal data to be deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed..
   • The right to restrict processing. This is the right to ask for a temporary halt to processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
   • The right to data portability. This is the right to ask for your personal data to be provided to you in a structured, commonly used, and machine-readable format.
   • The right to object. This is the right to object to further processing your personal data if such processing is inconsistent with the primary purposes for which it was collected.
   • Rights in relation to automated decision making and profiling. This is the right to not be subject to a decision based solely on automated processing. The service does not engage in automated decision making and profiling.

You can find instructions for enforcing some of these rights elsewhere in this Privacy Policy. Otherwise, if you wish to find out more about these rights, please contact us at legal@fundraiseup.com.

12. Children and Young People’s Information.

We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, the CCPA, USA Children's Online Privacy Protection Act (“COPPA”) and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC's website (www.ftc.gov) for more information. If you have concerns about this Site, wish to find out if your child has accessed our services, or wish to remove your child's personal information from out servers, please contact us at legal@fundraiseup.com. Our Site will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with the COPPA. If you believe that your child under 13 has gained access to our Site without your permission, please contact us at legal@fundraiseup.com.

13. California Privacy Rights.

To the extent that the CCPA applies to our practices with respect to PII and you currently reside in California, the CCPA provides you with certain rights.

1. Consumers Rights Under the CCPA.

   • California consumers have the right to request that we disclose Personal Information we have collected about them in the previous 12 months including, but not limited to, the categories of information collected by us, the source(s) of such information by category, and the purpose for collecting such information.This right may not be exercised more than twice in a 12 month period.In the previous 12 months, we have collected the following categories of Personal Information about consumers;

     • Identifiers.Identifiers can be your name, mailing address, social security number, unique personal identifiers (device identifier, IP Address, cookies, beacons, pixel tags, mobile ad identifiers), account names, and similar information;We collect the identifiers from the consumers themselves, third parties, and automatic means;
     • Personal Information Under the California Customer Records Law (Cal. Civ. Code §1798.80) (“CCRLPI”);
     • Commercial Information.Commercial information includes records of personal property, products or services purchased, obtained or considered, or other purchased or consuming histories or tendencies;
     • Geolocation Data.Such geolocation data may include GPS data;
     • Employment Information. Such employment information can include your employment history;
     • Internet/Network Activity.Internet Activity Information includes browsing history, cookies, search history and a consumer’s interaction with a website; and
     • Inferences drawn from any other category of personal information.

     We collect Personal Information in the above categories from the consumers themselves, other users of the Service, service providers and business partners, third parties, and by automatic means for the purposes described in this Privacy Policy, and as required to comply with applicable law.

   • As a California consumer, you also have the right to request that we tell you which of your Personal Information we have disclosed for a business purpose, or sold, in the previous 12 months.With respect to Personal Information being disclosed for a business purpose, the consumer shall receive the categories of information disclosed and the types of entities they have been disclosed to.This right may not be exercised more than twice in a 12 month period.For Personal Information being sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold.In the past 12 months, we have disclosed personal information falling under the following categories of Personal Information:

     • Identifiers;
     • CCRLPI;
     • Internet/Network Activity; and
     • Commercial Information.

     We disclose Personal Information in the preceding categories to the consumers themselves, to other users/third parties as the consumer may direct, service providers, third parties, and government/law enforcement agencies for the purpose it was provided/provision of Services, to comply with applicable law, and as otherwise described above in this Privacy Policy.

     IN THE PAST 12 MONTHS WE HAVE NOT SOLD, AND DURING THE PERIOD OF TIME WHICH THIS PRIVACY POLICY IS POSTED WE SHALL NOT SELL, THE PERSONAL INFORMATION OF ANY CONSUMER, INCLUDING MINORS UNDER THE AGE OF 16.

   • You have the right to opt out of the sale of your Personal Information, if applicable.
   • You also have the right to request the deletion of the Personal Information that we have collected from you at any time.However, we may not be required to comply with such request under several circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes.
   • In the event that you exercise one of your rights under the CCPA, you will not be discriminated by us in any way, including by the denial of goods or services, providing you a different level of goods or services, or charging you different prices or rates for the goods or services, unless the change in price is reasonably related to the value you receive from your personal information.

2. How do you exercise your rights under the CCPA?

   • Because we offer the Services exclusively online, you may submit your requests to exercise your rights under the CCPA by emailing us at legal@fundraiseup.com, please include “Request for Privacy Information” in the subject line.
   • We will acknowledge receipt of your request within 10 business days of receiving it, and will do our very best to respond within 45 calendar days of receipt of your request, and in no event will our response come more than 90 days after receiving your request.If we are unable to provide our response within the first 45 day window, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond.
   • Before we respond to any CCPA based requests relating to your personal information, we will take steps to reasonably verify the identity of the person making the request (“Requestor”) to make sure it’s you, or your authorized agent.We do this to this avoid disclosing your information to third parties and bad actors, not to inconvenience you in any way.To do this, we will ask the Requestor to confirm at least two pieces of information that we have in our files.As the sensitivity of the information being requested goes up, we will ask the Requestor to confirm more pieces of information. If an agent is acting on behalf of the consumer, we will need to also verify the agent’s identity and their authority to act on the consumer’s behalf.For requests to delete information, after verification, we will confirm the consumer’s desire to delete one final time before actually deleting the information.If the identity of the Requestor cannot be reasonably verified, either as the consumer or their agent, then in order to protect that consumer, we shall not disclose the personal information requested.

14. Changes to this Policy.

Because our business needs may change over time, we reserve the right to modify this Privacy Policy. If at any time in the future we plan to use your PII in a way that differs from this Privacy Policy, we will revise this Privacy Policy as appropriate. In the event of a change to our Privacy Policy, we will email the updated policy to the email address that you provided to us. Your continued use of the Fundraise Up Service following our notice of changes to this Privacy Policy means you accept such changes. Please refer to the “Effective Date” above to see when this Policy was last updated.

15. Our Contact Information.

If you have any questions or concerns about this Privacy Policy you may e-mail us at legal@fundraiseup.com.

Copyright © Fundraise Up Inc. All rights reserved. The Service is the property of Fundraise Up, and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Service, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.