August 1, 2022
- This policy tells you what you need to know about what information we collect about you as well as how, when, and why we collect it, what we do with it and how long we keep it for (this information is known as “personal data”).
- In summary, we collect personal data to provide our services to you, by authorised personnel to access the Givewith Software or to deliver our services through our business partners.
- We collect personal data when you sign up or use our services, either direct or through our business partners, and when you contact us (e.g., by email).
- We don’t sell your personal data to anyone, but we do have to share it with some third parties so that they can help us run our business (for example, we share company name with our Impact Network partners in the execution of social or sustainability sales incentives).
- We only keep your data for as long as we need it, and you have a right to ask us to do things like delete it, give you a copy of it, or correct it where it’s wrong.
Givewith operates cloud-based SaaS software (the “Software”).
Givewith Ltd (which has a registered office at CMS Cameron Mckenna Nabarro Olswang LLP Cannon Place, 78 Cannon Street, London, EC4N 6AF) is the controller and responsible for your personal data. Givewith Ltd is a subsidiary of Givewith, Inc.
The Software may contain links to other websites for your convenience and reference. We are not responsible for the privacy practices or the content of those sites and encourage you to check their privacy policies.
How we use your personal data
- We collect personal data from you directly upon registration, from your employer in order to authorise your account, and we will also collect some personal data based on how you interact with the Software or where you contact us. Below sets out how we process your personal data and the lawful bases on which we process it.
|Our Use of the Information||Corresponding Lawful Basis|
|To operate, manage and administer the Software, including your account, or to provide services to you through one of our business partners|
|To allow you to interact with us (including handling your enquiries)|
|To improve our Software and services|
|To inform you of events and programs that may be appealing to you|
|To perform internal administration, auditing, operation, and troubleshooting for our services|
|To let you know of any critical information regarding the Software|
|To comply with our legal obligations|
How we share your personal data
We may share your personal data with the parties set out below for the purposes set out in the table above.
- Internal third-parties including our affiliates, authorised personnel, and group companies including, but not limited to, Givewith, Inc.
- Email distribution services
- Analytics services including Google Analytics
- Aggregation services
- Professional advisors
- Any third-parties with whom we are legally required to share your personal data as and when we are legally compelled to do so
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you wish to prevent your data from being used by Google Analytics, you may use the opt–out browser add on available here.
How we keep your personal data safe
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Some of the purposes set out in the table above require us to transfer data outside of the UK. Most notably this includes to our parent company Givewith, Inc., located in the US. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are in place and a lawful transfer mechanism is used.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
How long we keep your personal data for
We retain information for the period of time necessary to fulfil the purposes for which we obtained the information and consistent with all applicable data protection laws. We use the following criteria to set our retention periods: (i) the duration of our relationship with you or our business partner through whom we deliver our service; (ii) the existence of a legal obligation as to the retention period; and (iii) the advisability of retaining the information in light of our legal position (for example, in light of applicable statutes of limitations, litigation, or regulatory investigations).
Accuracy and data minimisation
We take reasonable steps (i) to maintain the accuracy of the personal data we process; and (ii) to limit the personal data that we process to that which is reasonably necessary for the purposes for which we obtained the information.
Exercising your rights
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
Unsubscribing from email – if you no longer wish to receive email messages from us, you can opt out of this by either (i) following the “unsubscribe” instructions located near the bottom of each email message, or (ii) contacting us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please be aware that each of the rights listed above is a qualified right and there may be reasons why we are unable to comply with it, but in such circumstances, we will explain the reasons for this.