"Processor" refers to the company acting as the data processor, providing services to its Customers.
"Customer" refers to the company or organization that subscribes to Processor’s grant management platform and utilizes Processor’s platform to process personal data on its behalf.
"Personal data" refers to any information relating to an identified or identifiable individual as defined by applicable data protection laws.
Processor does not control the content of our Customer's application or the types of Personal Data that Customers may choose to collect or manage using the Subscription Service. We store our customers' information on our service providers' infrastructure but process in accordance with our Terms of Service (ToS), which prohibits us from using the customer data except as necessary to troubleshoot end-user support issues and provide and improve the Subscription Services.
You may connect third-party integrations to your GivingData application, which may ask for certain permissions to access data or send information to your GivingData account. It is the Customer’s responsibility to review and authorize any third-party integrations.
We collect usage data when you or your users in your GivingData account interact with the Subscription Service. Usage data includes metrics and information regarding your use and interaction with the Subscription Service such as what product features you use the most. Additionally, the usage data could include audit logs that can be used for troubleshooting or for performing root cause analysis.
We engage third-party services to collect and process usage data. For more information about how we protect your information with these service providers, please see Section 4 "Data Security."
Processor does not disclose personal data to any third parties unless instructed or authorized to do so by the Terms of Services (ToS) or by the Customer. The Processor may share personal data with sub-processors, subcontractors, or other third parties who assist in providing the services to the Customer. Any such disclosure is done in accordance with the Terms of Services (ToS).
Processor may disclose your personal information if required to do so by law.
The Processor takes reasonable technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to, encryption, access controls, regular security assessments, and employee training. Processor also requires its sub-processors to implement appropriate security measures to protect personal data.
In case of data breach, our goal is to notify the impacted parties, mainly our Customers and appropriate authorities where applicable, within 72 hours from when we first became aware of the breach.
Processor retains personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. Upon the termination of the contract, the data will be removed in accordance with the Terms of Services (ToS).
Our Customers control and are responsible for correcting, deleting or updating the information they intake using the Subscription Service and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to GivingData for processing purposes.
Any consumer privacy requests should be directed to the Customer, who has control over the personal data. The Processor may assist the Customer in fulfilling its obligations to respond to any requests in accordance with Terms of Services (ToS).
The Processor intends to keep the Customer data in the same region the Customer operates in. In some cases, the Processor may transfer personal data to countries or host services in countries outside of the European Economic Area (EEA) or any other jurisdiction where the data protection laws may differ from those of the country where the data was originally collected. In such cases, Processor or relevant 3rd party service providers will ensure that appropriate safeguards, such as data security controls, standard contractual clauses or appropriate certification, are in place to protect the personal data in accordance with applicable data protection laws.
We (as a Processor) believe that this policy is sufficient to address any U.S. and international privacy regulations including California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR). If there are any questions, please contact us at the information provided below.
The Privacy Office at GivingData is led by the Head of Security, Privacy, and Systems who will be the point of contact (acts as a Data Protection Officer aka DPO) for the EU Customers for any privacy-related matters. Please note that a DPO requirement (under article 37 of GDPR) does not fully apply to GivingData as GivingData is not involved in the systematic monitoring of data subject (Customer’s data) on a large scale. Additionally, GivingData enables its Customers to be the owner and custodian of the data.
The Privacy Officer can be contacted at: firstname.lastname@example.org