Privacy Policy
Last Updated 3/31/2020
WHO WE ARE:
This privacy policy is for GivFast, Inc., a Delaware corporation that governs the use of your GivFast account and our products and services.
At GivFast, we build and provide solutions that helps provide for the transmission of donations and generosity between churches, faith-based organizations, non-profit organizations and their members and/or donors.
When you use our Services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control. This notice applies to GivFast.com and any other websites we own or operate (collectively, our “Website”) and all products and services we provide, including our online and mobile giving, payments, engagement services, products, and applications, and any other apps or services we may offer. For the purpose of this notice, we’ll just call them our “Services.”
When we say “Personal Data” or “personal information”: we mean identifiable information about you, including like your name, email, address, telephone number, bank account details, payment information, or other online identifiers. If you can’t be identified (for example, when Personal Data has been aggregated and anonymized) then this notice doesn’t apply.
By using the Services, you consent to the collection and use of information by us as set forth in this Privacy Policy. If we decide to change our Privacy Policy, we will post those changes on this page so that you will always be aware of what information we collect, how we use it, and under what limited circumstances, if ever, we disclose it. Continued access or use of Services shall constitute your express acceptance of any modifications to this Privacy Policy. If you do not agree to the Privacy Policy, you must immediately cease using the Services.
This Privacy Policy does not cover information that you submit on other websites that are not operated by us, even if we communicate with you on those sites. For example, if you post something on Facebook, Twitter, or YouTube, that information is governed by the privacy policies on those websites and is not governed by this Privacy Policy.
DATA PROTECTION/SECURITY
THIRD PARTY ASSESSMENTS
PCI compliance and what it means: GivFast is a fully PCI-DSS Compliant Level 2 Service Provider, in addition to working with PCI-certified partners. This is the highest certification available, which means that GivFast complies with the PCI Data Security Standard (PCI DSS). The PCI DSS is a security standard created by the credit card brands (Visa, Mastercard, etc.) based on their experiences fighting off numerous security threats while securing their customer’s data. As a PCI compliant service provider, GivFast’s software development standards, infrastructure, and organization are audited annually by a certified external party.
APPLICATION SECURITY
Infrastructure Security: GivFast hosts our infrastructure with DigitalOcean. DigitalOcean maintains multiple certifications for its data centers, including PCI-DSS and SOC2 (view https://www.digitalocean.com/legal/data-security/ for more information on their security controls and https://www.digitalocean.com/legal/certifications/ for more information on their certifications).
To further ensure availability of the GivFast application, customer data, code, and all components necessary to bring GivFast’s services online are streamed between AWS regions continuously. We have well-documented disaster recovery procedures that are tested regularly.
FRAUD DETECTION THROUGH MACHINE LEARNING
Utilizing machine learning algorithms, GivFast is able to detect suspicious payments and alert our fraud investigation team to investigate and intervene.
CORPORATE SECURITY
Security Awareness Training: All employees are required to pass our security awareness training program upon hire and annually thereafter. Additional training is provided throughout the year via company-wide sessions, team-specific sessions, email updates, and more.
Vendor Risk Management: GivFast performs security reviews on our key technology providers as part of our due diligence process.
Business Continuity Plan: GivFast maintains a business continuity plan to ensure the continued operation of GivFast services to its customers, end-users, employees and other stakeholders. The business continuity plan is tested at least annually.
HOW WE COLLECT YOUR DATA
When you visit our Website or applications, or use our other Services, we collect Personal Data. The ways we collect it can be broadly categorized into the following:
- Information you provide to us directly: When you visit or use some parts of our Website, applications and/or other Services, we may receive information from you, for example, when you register for an account, make a payment, or provide information to us in any other way through your use of the Services. If you don’t want to provide us with Personal Data, you don’t have to, but it might mean you can’t use some parts of our Website, applications, or other Services.
- Information we collect automatically: We collect some information about you automatically when you visit our Website, applications, or use our other Services, like your IP address and device type. We also collect information when you navigate through our Website, applications, or other Services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our Website, applications and other Services so that we can continue to provide the best experience possible (e.g., by personalizing the content you see).
COOKIES
Some of this information is collected using cookies and similar tracking technologies.
A cookie is a small text file that’s placed on your computer or mobile device when you visit a website. We, and some of our affiliates and third-party service providers, may use a few different types of cookies. Some are persistent cookies (cookies that remain on your hard drive for an extended period of time) and some are session ID cookies (cookies that expire when you close your browser). Cookies set by the website owner (in this case, GivFast) are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”.
We also use other tracking technologies like web beacons (sometimes called “tracking beacons” or “clear gifs”) and local storage. These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited the Website or opened an email that we have sent them.
There are also cookies set by third parties across our Website and Services. Third party cookies enable third party features or functionality to be provided on or through our Websites and Services, such as advertising, interactive content and analytics. They also enable us to use advertising networks to manage our advertising on other websites. The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites
Plus cookies: These cookies are strictly necessary to provide you with Services available through our Website or otherwise and to use some of its features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Website to you, you cannot refuse them.
Analytics and customization cookies: These cookies collect information that is used either in aggregate form to help us understand how our Website is being used or how effective our marketing campaigns are, or to help us customize our Website for you.
THIRD PARTY COOKIES
These cookies are used to enhance the performance and functionality of our Website but are non-Plus to its use. However, without these cookies, certain functionality may become unavailable.
GivFast uses the following performance and functionality cookies:
Customization and analytics cookies: These cookies collect information that is used either in aggregate form to help us understand how our Website is being used or how effective are marketing campaigns are, or to help us customize our Website for you.
GivFast uses the following analytics and customization cookies:
Google Analytics (Analytics): Google Analytics uses cookies to help us analyze how our users use our websites and services. You can find out more about this service and how Google uses your data at http://www.google.com/analytics and www.google.com/policies/privacy/partners/. To refuse this cookie please click on the following available opt-out link: https://tools.google.com/dlpage/gaoptout
Jetpack (Analytics): Jetpack uses cookies to help us analyze how our users use our websites and services. You can find out more about this service and how Jetpack uses your data at https://jetpack.com/support/wordpress-com-stats/.
HOW CAN YOU CONTROL COOKIES?
You can accept or reject cookies by amending your web browser controls. Because they’re important, our Website and Services might not work like they’re supposed to, and in some cases, might not work at all, if you decide to reject our cookies.
You can manage your cookie settings by following your browser’s instructions. Here are some links that might be of assistance:
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
Microsoft Internet Explorer: https://support.microsoft.com/en-nz/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/en-nz/guide/safari/manage-cookies-and-website-data-sfri11471/mac
WHAT DO WE DO WITH YOUR DATA
We use your Personal Data to operate our Website and applications and provide you with any other Services you’ve requested, and to manage our relationship with you. We also use your Personal Data for other purposes, which may include the following:
To protect: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our Website, applications, and other Services fairly and in accordance with our terms of use.
To market to you: In addition to sending you marketing communications, we may also use your Personal Data to display targeted advertising to you online – through our own Website, applications, and other Services or through third party websites and their platforms.
To analyze, aggregate and report: We may use the Personal Data we collect about you and other users of our Website, applications, and Services (whether obtained directly or from third parties) to produce aggregated and anonymized analytics and reports, which we may share publicly or with third parties.
HOW WE SHARE YOUR DATA
There will be times when we need to share your Personal Data with third parties. We will only disclose your Personal Data to:
- third party service providers and partners who assist and enable us to use the Personal Data to, for example, support delivery of, or provide functionality on, our Website, applications, or our Services, or to market or promote our Services to you;
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business; and
- others where we have your consent.
LOCATION-BASED SERVICES
Our applications collects and records each user’s location, provided that users have given their consent and their device settings allow it. This location information is used to identify organizations in a user’s proximity and to pinpoint the location of a transaction for security purposes (which we refer to as “location-based services).“ If you choose to disable any location-based services on your device and/or opt out of any location-based services through the Application’s Settings menu, you will not be able to utilize certain features of our services. By enabling location-based services on your device, you agree and acknowledge that (1) device data we collect from you is directly relevant to your use of the services, (2) we may provide location-based services related to and based on your then-current location, and (3) we may use any such information collected in connection with the provision of location-based services in connection with its provision of our services and as otherwise provided for in this Privacy Policy.
INTEGRATED SERVICES
You may be given the option to access or register for our Services through the use of your user name and passwords for certain services provided by third parties (each of which we refer to as an “integrated service”). By doing this, you authorize us to access and store the credentials you provide and your name. You should check your privacy settings on the integrated service to understand and change the information sent to us through that integrated service. Please review each integrated service’s terms of use and privacy policies carefully before using their services and connecting to our services.
INTERACTIVE FEATURES
Our Services may contain interactive functionality that allows you to engage with other users on the services, post comments to forums, to make prayer requests, to upload photographs and other content (which we refer to as “User Materials“), participate in surveys, and otherwise to interact with our Services and with other users. If you use any interactive functionality on our Services that request or permit you to provide us with Personal Data (including, for example, any services that allow you to post User Materials on any of our Services), we collect the Personal Data that you provide to us in the course of using these interactive features.
TECHNOLOGY PARTNERS
GivFast partners with payment gateways to process credit card payments and those gateways maintain their own privacy policies. Please consult those policies for details on how your Personal Data will be handled by those partners.
RETENTION
We will retain your Personal Data for a period of time consistent with the original purpose of collection, including to pursue our legitimate business interests, comply with our legal, tax or accounting requirements, resolve disputes and enforce applicable agreements.
YOUR RIGHTS
It’s your Personal Data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, click on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or send your request to unsubscribe@givfast.com.
You also have rights to:
- know what Personal Data we hold about you, and be able to check to make sure it’s correct and up to date;
- request a copy of your Personal Data, or ask us to restrict processing your Personal Data or delete it; and
- object to our continued processing of your Personal Data.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
CHILDREN
Our Website, applications, and other Services are intended for a general audience and not directed to children under 13 years of age. We do not intend to collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA“) (which we refer to as “children’s personal data”) in a manner that is not permitted by COPPA, or by applicable data protection laws. If you are a parent or guardian and believe we have collected children’s personal data in a manner not permitted by COPPA, please contact us by sending a letter to the email address listed on our Contact Us page.
By using any of our Website, applications or other Services, you represent that you are at least the age of majority in your state or province of residence.
FOR EEA AND SWISS USERS ONLY
For Individuals from the EEA or Switzerland, the following terms also apply. If you are a visitor from the EEA or Switzerland, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
Where we collect Personal Data, we typically only Process it:
• to perform a contract with you;
• when you provide consent;
• where we have legitimate interests to process the Personal Data and they’re not overridden by your rights; or
• in accordance with a legal obligation.
International Data Transfers (For EEA And Swiss Users Only)
Your data may be transferred outside of the EEA or Switzerland. Where your Personal Data is transferred outside the EEA or Switzerland, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your Personal Data – for example, by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out in the Contact us section.
CORRECT OR REMOVE INFORMATION ABOUT YOU.
If you would like to access, correct, amend, remove or limit the use or disclosure of any Personal Data about you that has been collected and stored by us, or have it transferred to another organization, please notify us that we may consider and respond to your request in accordance with applicable law.
For your protection, we only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we need to verify your identity before implementing your request.
Please note that we need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such access, change or deletion.
UPDATES TO THIS PRIVACY POLICY
We may amend this Privacy Policy from time to time. The “Effective Date” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes to this Privacy Notice will become effective when we post the revised Privacy Policy on our Website.
CONTACT US
We’re always happy to hear from you. If you’re curious about what Personal Data we hold about you or you have a question or feedback for us on this notice, our Website, applications, or other Services, please reach out and get in touch.
As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is office@givfast.com, our mailing address is GivFast, Attention: Privacy Team, P.O. Box 941, Clark New Jersey, 07066.