Privacy Policy | Fundraise Up

Privacy policy

Your privacy rights

Effective Date: July 23, 2024

This Privacy Policy describes the types of information gathered by Fundraise Up Inc. (“Fundraise Up”, “us” or “we”) in the process of providing this website (https://fundraiseup.com/) (the “Site”), the cloud-based platform (the “Software”) and the data, services, information, tools, functionality, updates and similar materials (collectively, the “Service”), how we use it, with whom the information may be shared, what choices are available to you regarding collection, use and distribution of information and our efforts to protect the information you provide to us through the Service.

By using the Service, you hereby consent to allow us to process information in accordance with this Privacy Policy. Please also refer to our Terms of Service, available here https://fundraiseup.com/terms, which are hereby incorporated as if fully recited herein. Any defined terms found, but not defined herein, shall have the same definition as in the Terms of Service.

Territoriality

Regardless of where our servers are located, your personal data may be processed by us in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE SITE AND USING THE SERVICE, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF ANY INFORMATION COLLECTED OR OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND, TO THE EXTENT POSSIBLE, THAT U.S. LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.

This Privacy Policy is subject to the provisions of the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act of 2018, as amended, (“CCPA”), the Australian Privacy Act 1988 (Cth), as amended (“APA”) and other applicable privacy laws. Fundraise Up agrees that under the GDPR, it is a data “processor”, the non-profits we work with are data “controllers”, and you, if you are an individual and reside in the United Kingdom, the European Economic Area, or Switzerland (collectively, and for the purposes of this Privacy Policy, the “EEA”), are a “Data Subject” with certain protected privacy rights concerning your “Personal Data.” In the event that you are a Data Subject and using our Site, an employee or agent of one of the non-profits that we work with, applying for a job with us, we are a “controller” with respect to your personal data, or if we are using your personal data for an internal purpose. Similarly, under the CCPA, we are a “Service Provider”, the non-profits are “Businesses”, and you, if you are an individual residing in California, are a “Consumer” with certain protected privacy rights concerning your “Personal Information”. However, in the event that you are a Consumer and using our Site, an employee or agent of one of the non-profits that we work with, applying for a job with us, or if we are using your personal data for an internal purpose, we are a “Business” with respect to your Personal Information. We will take commercially reasonable steps to maintain compliance with GDPR and CCPA requirements. Your Personal Data and Personal Information may identify you as a person, and thus may be referred to as Personally Identifiable Information ("PII").

1. Who Collects Your Information On Our Service?

We do. Under the CCPA we are a “Business” and pursuant to the GDPR, Fundraise Up is what is known as the “processor” of the PII that you provide to us. We collect information from you on the Service, and we are responsible for protection of your information.

2. Where did we get your data from?
  1. Browser

    Your internet browser (such as Mozilla Firefox, Google Chrome, etc.) automatically transmits some information to us every time you access content on one of our internet domains. Examples of such information include the URL of the particular Web page you visited, the IP (Internet Protocol) address of the computer you are using, or the browser version that you are using to access the website.

  2. Directly from you

    We may obtain PII directly from you, e.g. when you contact us.

  3. Third parties

    We may also obtain your PII from organizations, when our cookies are enabled on the non-profit clients’ (“organizations”) websites, and other third parties.

3. What data, for what purposes, on what basis, and for how long do we process?

We will only collect personal data about you and your donors insofar as is necessary to achieve the purposes set out in this Privacy Policy.

Processing operations at our website fundraiseup.com

Purpose of Data ProcessingLegal BasisData CategoriesRetention Period
To monitor user activity at our website to improve its performanceConsentSession data (which includes Session ID, Session start date and time, Session total time, Session start source, Session start URL, Session start referrer, Custom event type, Event ID, Event date and time, Page View ID, URL Page referrer, Page title, Languages UTM source Clicks on links),Client ID, Client Locale, Time zone, IP address, Country code Region, City, Latitude and longitude, Connection type, Status (online/offline), Device data (which includes Device pixel ratio, Device memory, Hardware Concurrency, Connection Downlink, Connection RTT Device type,Battery Charging, Battery Level, Device model, Operating system, Resolution width and height) User AgentUntil you withdraw your consent
To monitor user activity at our website to ensure its security (necessary cookies)Legitimate interest to ensure security and proper functionality of our websiteSession
To apply to careers sectionLegitimate interestFirst name, Last name, Email, Phone, Education, Work experienceUp to 3 years
To contact our sales teamContractEmail, First name, Last name, Organization name, Organization location, Job title, Phone numberTerm of Agreement or Terms of Service
To answer incoming technical support questionsContractEmail, Data from messages, Organization nameTerm of Agreement or Terms of Service

Processing operations in an organization’s dashboard

Purpose of Data ProcessingLegal BasisData CategoriesRetention Period
To create/terminate account in dashboardContractEmail, Organization name, Invitation link, First name, Last name, Password, Access rights, Organization website, Country, Default locale, Currency, Standard currency fee, PartnersTerm of Agreement or Terms of Service
To log in dashboard accountWe are a processorEmail, PasswordTerm of Agreement or Terms of Service
To manage services in a personal account in the dashboard (general)We are a processor Email, First name, Last name, Organization name, Service start date, Accounts, Campaigns, Payment methods, Account ID, Campaign ID, Password, Two-Factor Authentication (whether enabled or not)Term of Agreement or Terms of Service
To show dynamic reporting, allowing to see key findings calculated from some or all of donations and recurring plansWe are a processorEmail, First name, Last name, Email, Organization name, Service start date, Amount of donations raised, Type of donations (e.g., recurring), Campaigns, Designations, Source of donations, Percentage of supporters that used suggested amount of donation, Percentage of donations that were upsold to core transaction costs, Percentage of donations made from mobile devices, Percentage of donations made from desktop, Payment methodsTerm of Agreement or Terms of Service
To keep track of donationsWe are a processorDate of donation, Accounts, Donation amount, Payment methods, Donation ID, Donation status, Organization name, Supporter name Email, First name, Last name, Receipt, Receipt number, Campaigns, Designations, Type of donations (e.g., recurring), Fees, Payment ID, Payment processor, Credit card credentials (last 4 signs and effective date), Supporter email, Mailing lists the supporter is subscribed to, Comments, Source of donation (website, page, element), Supporter IP address, Supporter geolocation (country and city), Browser, Device, Operating system, Suggested cover fees, Suggested frequency used, UTM parameters, Emails sent to the supporter, TributesTerm of Agreement or Terms of Service

Our actions at organizations’ websites and checkout pages

Purpose of Data ProcessingLegal BasisData CategoriesRetention Period
To detect fraudulent activitiesLegitimate interest to ensure security of our servicesIP address, Donation amount, Organization name, Payment methodsUp to 3 years
To monitor user interaction with donation element (checkout) at organizations’ websites to prevent fraudulent activityLegitimate interest to ensure security of our servicesDetails of the last incomplete payment via our Checkout User interaction with our Checkout Session page (the order number of the currently viewed page), User ID, Session data, Session token, Client ID, Client start date and time, Client Locale, Time zone, IP address, Country code, Region, Connection type, Number of requests from this IP at landing and dashboard Status (online/offline), Device data, User Agent Languages, Checkout type, type of donation (e.g., recurring), Elements in the checkout clicked, Errors, Checkout frequency, Currency, Donation amount, Currency rate, Campaign key, Donation status, Fee covered, Payment methods, Card last 4 digitsUp to 3 years
To monitor user interaction with donation element (checkout) at organizations’ websites to optimize user experienceConsentThe same data categories as are mentioned aboveUntil you withdraw your consent
To process donationsWe are a processorDate of donation, donation amount, Payment methods, Donation ID, Supporter name,receipt number, Type of donations (e.g., recurring), Payment ID, Payment processor, Credit card credentials (last 4 signs and effective date), Percentage of supporters that used suggested amount of donation, Mailing lists the supporter is subscribed to, Comments, Source of donation (website, page, element), Supporter IP address, Supporter geolocation (country and city), Browser, Device, Operating System, Suggested cover fees, Suggested amounts used, Suggested frequency used, UTM parameters, Supporter’s employer (if requested by an organization), Phone number (if requested by an organization), Accept of Terms of Use, Date of first donation, Date of last donation, DesignationsDetermined by the controller (organizations)
To process donation made via cryptoWe are a processorOrganization name, Supporter IP address, Supporter’s employer (if requested by an organization), Mailing lists the supporter is subscribed to, Supporter name, Supporter email, Supporter geolocation (country and city)Determined by the controller (organizations)
To make donation via virtual terminalWe are a processorCampaigns, Type of donations (e.g., recurring), Donation amount Date of donation, Transaction costs, Supporter name, Supporter email, Receipt number, Credit card effective date, Payment methods, PDF Receipt (if enabled)Determined by the controller (organizations)
To remind of an incomplete donation through a pop-upWe are a processorDetails of the last incomplete payment via our Checkout User IDDetermined by the controller (organizations)
To make hints of the amounts in the checkoutWe are a processorUser Agent Session total time DeviceDetermined by the controller (organizations)
To suggest further donations (post-donation upsell)We are a processorDonation amount, Supporter IP address, User interaction with our Checkout, User ID, Donation status, Type of donations (e.g., recurring)Determined by the controller (organizations)
To become a recurring supporterWe are a processorSupporter name, Donation amount, Total amount of donations made by a particular supporter, Date of next donation InstallmentsDetermined by the controller (organizations)
To double the donation according to donor’s employment policyWe are a processorDonation amount, Supporter IP address, User interaction with our Checkout, User ID, Donation status, Type of donations (e.g., recurring), Supporter’s employmentDetermined by the controller (organizations)
To determine if an email is validLegitimate interest to ensure that email is deliveredEmailUp to 3 years
To determine whether the address of a donor is validLegitimate interest to ensure that data are correctAddressUp to 3 years
To thank supporters via email for donations made and scheduled as well as for becoming a recurring supporterWe are a processorDate of email, Supporter email, Data from messagesDetermined by the controller (organizations)
To notify supporters about failed donations via emailWe are a processorDate of email, Supporter email, Data from messagesDetermined by the controller (organizations)
To notify supporters about successful donations via emailWe are a processorDate of email, Supporter email, Data from messages PDF Receipt (if enabled)Determined by the controller (organizations)
To notify fundraisers about start of the campaignWe are a processorFundraiser’s link, Supporter email, Campaigns, Organization nameDetermined by the controller (organizations)

Our processing operations at donor’s portal

Purpose of Data ProcessingLegal BasisData CategoriesRetention Period
To manage donations in personal donor’s portalWe are a processorSupporter name, Donation amount, User ID, Supporter email, Payment processor, Payment ID, Receipt, Donation ID, Date of donation, donation status, Languages, Location, Donations history, Donation dedication type, Donation tribute name, Donation tribute name, Customized card settingsDetermined by the controller (organizations)
To log in donor’s portalWe are a processorEmail, Password, Invitation linkDetermined by the controller (organizations)
To improve our service by tracking actions at donor’s portalConsentSession data, Client ID, Country code, Region, City, Latitude and longitude, Connection type, Status (online/offline), Device data, User Agent Languages
To become a FundraiserWe are a processorLast name, First name, Organization name, Fundraiser’s link, Checkout text, Checkout photo, Campaign goal, Number of page views, Number of donations, User ID, Campaign ID, Designations, Goal date, MembersDetermined by the controller (organizations)
To notify member of FundraisersWe are a processorLast name, First name, Email, Role, Fundraiser’s link, Invitation link, Checkout photo, Amount of donations raised, Goal date, Campaign goalDetermined by the controller (organizations)

Relations with organizations’ representatives

Purpose of Data ProcessingLegal BasisData CategoriesRetention Period
To contact people who have left an application on the websiteContractEmail, First name, Last name, Organization name, Organization location, Job title, Phone number, Call recordingUp to 3 years
To fill in client’s data in CRM system to maintain relations with themLegitimate interest to maintain relations with our clientsEmail, First name, Last name, Organization name, Organization location, Job title, Phone numberUp to 3 years
To search for potential clients on LinkedInLegitimate interest to offer our services to those who might be interestedLinkedIn Profile, Organization, Job title, Email, Phone numberUp to 3 years
To conduct account-based marketing according profiles’ titles via LinkedInLegitimate interest to offer our services to those who might be interestedJob titleUp to 3 years
To contact potential clients via LinkedInLegitimate interest to offer our services to those who might be interestedLinkedIn Profile, Organization, Job title, Email, Phone numberUp to 3 years
To find contact details of NGO staff Legitimate interest to offer our services to those who might be interestedOrganization, Job title, Email, Phone numberUp to 3 years
To contact potential clients via emailLegitimate interest to offer our services to those who might be interestedOrganization, Job title, Email, Phone numberUp to 3 years
To inform potential clients about services in which they may be interestedLegitimate interest to offer our services to those who might be interestedOrganization, Job title, Email, Phone numberUp to 3 years
To sign contracts with our customersContractFirst name, Last name, Organization name, Job title, Organization tax ID, Email, Phone numberUp to 3 years
To communicate with the client during the projectContractFirst name, Last name, Organization name, Job title, Email, Phone number, Data from messagesUp to 3 years
To receive a commission on donations provided to the organizationContractOrganization, Payment methods, Donation amountUp to 3 years
To register participants of offline conferences and webinarsContractFirst name, Last name, Organization name, Job title, Email, Phone number, Data from messagesUp to 3 years
To conduct webinarsContractZoom profileUp to 3 years
To inform about our upcoming conferences and webinars via email newsletterLegitimate interest to keep our customers updated Organization, Last name, First name, EmailUp to 3 years
To send news and updates of our servicesConsentOrganization, Last name, First name, EmailUp to 3 years
  • Personal data that we process to enter into a contract are necessary to provide you with our services. If you choose not to provide Fundraise Up with your data, following obstacles may occur:
    • When the data is processed to contact our sales team, we may be unable to provide you with information about our products or services;
    • When the data is processed to answer incoming technical support questions, we may not be able to effectively address your technical support inquiries, which could lead to delays in resolving issues or providing assistance;
    • When the data is processed to create/terminate your account in dashboard, failure to provide the necessary personal information may prevent you from accessing or managing your account on our platform, limiting your ability to utilize its features and services;
    • When the data is processed to contact people who have left an application on the website, we may be unable to follow up on your application or inquiry, potentially resulting in missed communication regarding your request or interest;
    • When the data is processed to sign contracts with our customers, non-provision of personal data may hinder our ability to complete the contract formation process;
    • When the data is processed to communicate with the client during the project, lack of personal data may impede effective communication during the project, potentially leading to misunderstandings, delays, or difficulties in achieving project goals;
    • When the data is processed to receive a commission on donations provided to the organization, we may be unable to properly attribute and process commissions related to donations;
    • When the data is processed to register participants of offline conferences and webinars, failure to provide personal data may prevent your registration for events; and
    • When the data is processed to conduct webinars, we may be unable to effectively manage participant access and communication.
4. Co-branded Site(s)

We may partner with other companies to provide you with content or Services on a joint or “co-branded” basis. At a co-branded site, you will see both our logo and the logo of the co-branding partner displayed on your screen. In the instance of a co-branded site, we will still be the entity collecting your information, and our Privacy Policy will apply to that information. However, the privacy policy of our co-branding partner may still apply as well. You should read the individual privacy policies of our co-branding partners, as they may differ in some respects from ours. Reading these policies will help you to make an informed decision about whether to provide your information to a given site.

5. Do We Share Your Personal Information?

We will not share your personal information except: (a) for the primary purposes for which you provided it, such as to payment processors for donations, and as otherwise described in the Terms of Service (available here, https://fundraiseup.com/terms/), and as may reasonably or foreseeably be required to give effect to such primary purposes; (b) with your consent, or at your direction, including running analytics; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (d) with persons or organizations with whom we contract to carry out internal operations or business activities (such as our cloud hosting provider, and our security auditors). With your knowledge and consent, we may share your personal information with our business partners.

We may also share aggregate information with others, including affiliated and non-affiliated organizations, including Customers, co-branding partners, and co-owners of the Site.

Finally, we may transfer your PII to a third party, or our successor-in-interest, in relation to, or in the event of, a merger, acquisition, sale of all or substantially all of our assets, reorganization, bankruptcy, or other change of control. After such disclosure or transfer, the third party or successor in interest may use the information in accordance with applicable law.

To the extent required by the GDPR, we utilize the EU Standard Contractual Clauses and UK International Data Transfer Addendum (together with the EU Standard Contractual Clauses, “Appropriate Safeguards”) to govern applicable international transfers of your data to ensure that they are properly protected.

  • Organizations

    In our role as a data processor, we enable access to your data for organizations that utilize our product. Our relations are covered by Data Processing Agreements and Appropriate Safeguards, where applicable.

  • CRM Systems

    We use CRM systems to effectively organize and maintain a record of our interactions with our customers and partners. In particular, we use services provided by HubSpot, Inc., Virtuous Software, Inc., Neon One, LLC, Salesforce, Inc., PartnerStack Inc.

  • Platforms for search of contact data of potential customers

    We employ such platforms to streamline our marketing and outreach efforts by identifying and collecting contact information of individuals or businesses who may have expressed an interest in our services. This enables us to effectively reach out to potential customers and provide them with relevant information. In particular, we use services provided by ZoomInfo Technologies Inc., LinkedIn, Inc., Outreach.io.

  • Email verification and delivery services

    Email verification services help us validate email addresses, reducing the likelihood of sending emails to non-existent or incorrect addresses. Email delivery services ensure that emails are sent reliably and securely. In particular, we use services provided by SparkPost, ZeroBounce, Lob.com, Inc.

  • Payment processors

    We engage payment processors to securely process donations made by supporters. In particular, we use services provided by Gemini Trust Company, LLC, Crypto APIs, iDEAL BV, PayPal, Inc., Plaid Financial Ltd., Apple Inc., Stripe, Inc.

  • Hosting and databases

    We utilize hosting services and database solutions to store and maintain the data necessary for the operation of our services and websites. In particular, we use services provided by Amazon Web Services, Inc., MongoDB, Inc., Microsoft, Inc., Twilio Inc., Hetzner Online GmbH, OVH Groupe SA, Clickhouse, Cloudflare, Inc.

  • Marketing and analytics

    We collaborate with marketing and analytics partners to enhance our services, understand user behavior, and improve our marketing strategies. This includes tailoring content, advertisements, and user experiences to your preferences. In particular, we use services provided by Google LLC and ConvertFlow Inc.

  • Zoom, Inc.

    The services are provided by Zoom Video Communications, Inc. Address: 55 Almaden Boulevard, 6th Floor, San Jose, California 95113, USA. Relevant privacy policy of Zoom. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

  • Tally.so

    We use the service to process responses to our forms. Tally is based in Belgium (EU). Relevant Privacy Policy.

After becoming a user of the Service, you may revise or edit your information through your account or by sending an email to legal@fundraiseup.com. For instructions on how you can further access your personal information that we have collected, or how to correct errors in such information, please send an e-mail to legal@fundraiseup.com. We will also promptly stop using your information and remove it from our servers and database at any time upon your e-mail request. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.

6. How Do We Store and Protect Your Information?
  1. After receiving your personal information, we will store it on our servers for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers' systems.
  2. Please note that we encrypt any PII in our possession and are compliant with the Payment Card Industry Data Security Standard (PCI DSS) v. 3.2 under the Self-Assessment Questionnaire (SAQ) A standard. Further, all data transfers are through secure http protocol (HTTPS), and as such are encrypted. We also restrict access to PII to key employees and log all instances of access to PII. Our Payment Processor is fully PCI-Compliant and encrypts all payment transactions using Secure Socket Layer (SSL) technology.
  3. If you are visiting the Site from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our servers and internal systems located within the USA.
  4. We store your personal information until you request to discontinue the Service or that we otherwise remove such information from our services, at which point we will remove all related PII from our possession, unless we are required to retain some or all of it in order to comply with applicable law. We store our logs and other technical records indefinitely.
7. How do we use cookies and other network technologies?
  1. To enhance your online experience with us, our web pages may presently or in the future use "cookies." Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Although it may be possible to turn off the collection of cookies through your device or browser, certain features of the Services may not function properly without the aid of cookies.
  2. Our Service uses Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Analytics uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may collect information regarding the use of other websites, apps and online resources. For more information on how Google uses data when you use our Site or Service, please follow this link: https://policies.google.com/technologies/partner-sites. You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on, available at, https://tools.google.com/dlpage/gaoptout. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit http://optout.aboutads.info.
  3. We also use Google’s marketing services, which allow us to display ads in a more targeted manned in order to present ads of interest to the users. This is accomplished through Google’s use of cookies, and all ads are displayed/served to the owner and/or device to which the relevant cookie pertains, whether or not that cookie is linked to any PII. For more information about Google’s use of data for marketing purposes, please see the summary page: https://www.google.com/policies/technologies/ads. Google’s privacy policy is available at https://www.google.com/policies/privacy. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
  4. Fundraise Up or our service providers may also use "pixel tags," "web beacons," "clear GIFs" or similar means (collectively, "Pixel Tags") in connection with some Fundraise Up Site pages and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of the Fundraise Up Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.
  5. Our Service uses the “Custom Audience pixel” of Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
  6. As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as "clickstream data”, can be collected and stored by a website’s server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to the Fundraise Up Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our site.
  7. Do Not Track. At present, the Site does not specifically respond to browser do-not-track signals.
8. Collection of Information by Others

Our Terms of Service (available here, https://fundraiseup.com/terms/) may identify certain third-party websites to which we may provide links, and that you may click on our Site. Please check the privacy policies of these other websites to learn how they collect, use, store and share information that you may submit to them or that they collect.

9. ‘European Union’ Privacy Rights

If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject. The GDPR requires that we have a legal basis to process your PII.

  1. As a controller, we process your PII under one or more of the following legal bases:

    • Processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
    • To perform the contract that we are about to enter with you (e.g. our Terms of Service);
    • To comply with a legal obligation; and/or
    • If we have your consent to do so.
  2. When we are acting in our capacity as a processor, the non-profit organization with whom you are interacting, and/or donating to, is responsible for the legal basis (or bases) pursuant to which we process your PII. For more information on what legal bases are relied upon, please consult the privacy policy of the applicable non-profit organization.

  3. Under the GDPR, as a Data Subject you have certain rights. They are:

    • The right to be informed. This is your right to be informed about what we are processing, why, and who else the data may be passed to.
    • The right of access. This is your right to see what data about you is held by us.
    • The right to rectification. This is the right to have your data corrected or amended if what is held is incorrect in some way.
    • The right to erasure. This is the right to have your personal data to be deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.
    • The right to restrict processing. This is the right to ask for a temporary halt to processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
    • The right to data portability. This is the right to ask for your personal data to be provided to you in a structured, commonly used, and machine-readable format.
    • The right to object. This is the right to object to further processing your personal data if such processing is inconsistent with the primary purposes for which it was collected.
    • Rights in relation to automated decision making and profiling. This is the right to not be subject to a decision based solely on automated processing. The service does not engage in automated decision making and profiling.

You can find instructions for enforcing some of these rights below. Otherwise, if you wish to find out more about these rights, please contact us at legal@fundraiseup.com.

10. Children and Young People’s Information

We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, the CCPA, USA Children’s Online Privacy Protection Act (“COPPA”) and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC’s website (www.ftc.gov) for more information. If you have concerns about this Site, wish to find out if your child has accessed our services, or wish to remove your child’s personal information from our servers, please contact us at legal@fundraiseup.com. Our Site will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with COPPA. If you believe that your child under 13 has gained access to our Site without your permission, please contact us at legal@fundraiseup.com.

11. California Privacy Rights

To the extent that the CCPA applies to our practices with respect to Personal Information, and you currently reside in California, the CCPA provides you, as a Consumer, with certain rights.

  1. Right to Know Consumers have the right to request that we disclose Personal Information we have collected about them in the previous 12 months including, but not limited to, the categories of information collected by us, the source(s) of such information by category, and the purpose for collecting such information. This right may not be exercised more than twice in a 12-month period. In the previous 12 months, we have collected the following categories of Personal Information about consumers:

    • Identifiers. Identifiers can be your name, mailing address, social security number, unique personal identifiers (device identifier, IP Address, cookies, beacons, pixel tags, mobile ad identifiers), account names, and similar information; We collect the identifiers from the consumers themselves, third parties, and automatic means;
    • Personal Information Under the California Customer Records Law (Cal. Civ. Code §1798.80) (“CCRLPI”);
    • Commercial Information. Commercial information includes records of personal property, products or services purchased, obtained or considered, or other purchased or consuming histories or tendencies;
    • Geolocation Data. Such geolocation data may include GPS data;
    • Employment Information. Such employment information can include your employment history;
    • Internet/Network Activity. Internet Activity Information includes browsing history, cookies, search history and a consumer’s interaction with a website; and
    • Inferences drawn from any other category of Personal Information.

We collect Personal Information in the above categories from the consumers themselves, other users of the Service, service providers and business partners, third parties, and by automatic means for the purposes described in this Privacy Policy, and as required to comply with applicable law.

  1. Right to Know. As a Consumer, you also have the right to request that we tell you which of your Personal Information we have disclosed for a business purpose, Sold (as defined in the CCPA) in the previous 12 months. With respect to Personal Information being disclosed for a business purpose, the consumer shall receive the categories of information disclosed and the types of entities they have been disclosed to. This right may not be exercised more than twice in a 12-month period. For Personal Information being Sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold. In the past 12 months, we have disclosed Personal Information falling under the following categories of Personal Information:

    • Identifiers;
    • CCRLPI;
    • Internet/Network Activity; and
    • Commercial Information.

We disclose Personal Information in the preceding categories to the consumers themselves, to other users/third parties as the consumer may direct, service providers, third parties, and government/law enforcement agencies for the purpose it was provided/provision of Services, to comply with applicable law, and as otherwise described above in this Privacy Policy.

IN THE PAST 12 MONTHS WE HAVE NOT SOLD, AND DURING THE PERIOD OF TIME WHICH THIS PRIVACY POLICY IS POSTED WE SHALL NOT SELL, THE PERSONAL INFORMATION OF ANY CONSUMER, INCLUDING MINORS UNDER THE AGE OF 16.

  1. Right to Opt-Out. You have the right to opt out of the Sale of your Personal Information, if applicable. We have not, in the past twelve (12) months, Sold your Personal Information and do not anticipate doing so during the time this version of the Privacy Policy is posted.
  2. Right to Deletion. You also have the right to request the deletion of the Personal Information that we have collected from you at any time. However, we may not be required to comply with such request under several circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes.
  3. Right to be Free from Discrimination. In the event that you exercise one of your rights under the CCPA, you will not be discriminated by us in any way, including by the denial of goods or services, providing you a different level of goods or services, or charging you different prices or rates for the goods or services, unless the change in price is reasonably related to the value you receive from your Personal Information.
12. Notice to Nevada Residents

If you are a Nevada resident, we do not “sell” your “covered information” as such terms are defined in the Nevada Privacy of Information Collected on the Internet from Consumers Act as amended by Nevada Revised Statutes Chapter 603A (“Nevada Privacy Law” or “NPL”). Though we do not sell your covered information, as someone that is subject to the NPL, you have a right of access in relation to the covered information of yours that we have or process, including why we process it, and other parties with whom we may share such information. If you would like to tell us not to sell your information in the future, please email us at legal@fundraiseup.com with your name, postal address, telephone number, and email address with “Nevada Do Not sell” in the subject line.

13. Exercising Your Rights

You may submit your requests to exercise your rights under this Privacy Policy by emailing us at legal@fundraiseup.com (please include “Privacy Rights Request” in the subject line).

We will acknowledge receipt of your request within 10 business days of receiving it, and will do our very best to respond within 30 calendar days of receipt of your request. If we are unable to provide our response within the 30 days, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond.

Before we respond to any requests relating to your personal information, we may take steps to reasonably verify the identity of the person making the request (“Requestor”) to make sure it’s you, or your authorized agent. We do this to this avoid disclosing your information to third parties and bad actors, not to inconvenience you in any way. The more sensitive the information subject to the request, the more rigorous the verification may be. If the identity of the Requestor cannot be reasonably verified, either as the consumer or their agent, then in order to protect that consumer, we shall not disclose the personal information requested.

14. Changes to this Policy

Because our business needs may change over time, we reserve the right to modify this Privacy Policy. If at any time in the future we plan to use your PII in a way that differs from this Privacy Policy, we will revise this Privacy Policy as appropriate. In the event of a change to our Privacy Policy, we will email the updated policy to the email address that you provided to us. Your continued use of the Fundraise Up Service following our notice of changes to this Privacy Policy means you accept such changes. Please refer to the “Effective Date” above to see when this Policy was last updated.

15. Our Contact Information

If you have any questions or concerns about this Privacy Policy, you may contact us as follows:

Fundraise Up Inc.

114 8th Street

Brooklyn, New York 11215

USA

legal@fundraiseup.com

16. Australian Regulator

If you wish to discuss our privacy practices with the Office of the Australian Information Commissioner, such office may be reached as follows:

Office of the Australian Information Commissioner

GPO Box 5288

Sydney NSW 2001

Australia

Aus. Tel: 1300 363 992

Int’l Tel: + 61 2 6123 5145

Copyright © Fundraise Up Inc. All rights reserved. The Service is the property of Fundraise Up, and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Service, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.