Privacy Policy – Givewith Ltd

US | UK

July 13, 2022

Givewith Ltd (“Givewith,” “we,” “us” or “our”) is committed to maintaining your privacy and informing you of our privacy practices. This privacy policy (“Privacy Policy”) covers how we collect, use, and treat personal data in the UK.

Summary:

  • This policy tells you what you need to know about what information we collect about you as well as how, when, and why we collect it, what we do with it and how long we keep it for (this information is known as “personal data”).
  • In summary, we collect personal data to provide our services to you, by authorised personnel to access the Givewith Software or to deliver our services through our business partners.
  • We collect personal data when you sign up or use our services, either direct or through our business partners, and when you contact us (e.g., by email).
  • We don’t sell your personal data to anyone, but we do have to share it with some third parties so that they can help us run our business (for example, we share company name with our Impact Network partners in the execution of social or sustainability sales incentives).
  • We only keep your data for as long as we need it, and you have a right to ask us to do things like delete it, give you a copy of it, or correct it where it’s wrong.

About us

Givewith operates cloud-based SaaS software (the “Software”).

Givewith Ltd (which has a registered office at CMS Cameron Mckenna Nabarro Olswang LLP Cannon Place, 78 Cannon Street, London, EC4N 6AF) is the controller and responsible for your personal data. Givewith Ltd is a subsidiary of Givewith LLC.

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact assist@givewith.com.

Scope of this Privacy Policy

This Privacy Policy applies to anyone who uses or accesses the Software or who uses Givewith services through one of our business partners. This Privacy Policy applies to you and your personal data as an individual, including where you are an employee of an entity that has entered into an agreement with us or with one of our business partners.

The Software may contain links to other websites for your convenience and reference. We are not responsible for the privacy practices or the content of those sites and encourage you to check their privacy policies.

We keep this Privacy Policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

How we use your personal data

  • We collect personal data from you directly upon registration, from your employer in order to authorise your account, and we will also collect some personal data based on how you interact with the Software or where you contact us. Below sets out how we process your personal data and the lawful bases on which we process it.
Our Use of the InformationCorresponding Lawful Basis
To operate, manage and administer the Software, including your account, or to provide services to you through one of our business partners
  • Legitimate interests
To allow you to interact with us (including handling your enquiries)
  • Performance of a contract
  • Consent
To improve our Software and services
  • Legitimate interests
To inform you of events and programs that may be appealing to you
  • Consent
To perform internal administration, auditing, operation, and troubleshooting for our services
  • Legitimate interests
To let you know of any critical information regarding the Software
  • Performance of a contract
To comply with our legal obligations
  • Compliance with our legal obligations

Note that when determining the bases for our use of your information, we rely on what we consider to be the most appropriate basis, even if there are multiple bases available in connection with our use. We may also process your personal data for additional purposes but only where these are compatible with the purposes outlined above, and we will update this Privacy Policy in such circumstances.

How we share your personal data

We may share your personal data with the parties set out below for the purposes set out in the table above.

Internal Third-Parties

  • Internal third-parties including our affiliates, authorised personnel, and group companies including, but not limited to, Givewith LLC.

External Third-Parties

  • Email distribution services
  • Analytics services including Google Analytics
  • Aggregation services
  • Professional advisors
  • Any third-parties with whom we are legally required to share your personal data as and when we are legally compelled to do so

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Additionally, we may need to transfer personal data to a third-party in connection with or related to an actual or potential reorganization, merger, sale, joint venture, assignment, transfer or other disposition (including a disposition in connection with a bankruptcy or similar proceedings) of the assets or stock of the business unit or division responsible for the information under this Privacy Policy; provided the acquiring third party has agreed to safeguard your personal data with protections that are compatible with those set out in this Privacy Policy.

If you wish to prevent your data from being used by Google Analytics, you may use the opt–out browser add on available here.

How we keep your personal data safe

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

International transfers

Some of the purposes set out in the table above require us to transfer data outside of the UK. Most notably this includes to our parent company Givewith LLC, located in the US. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are in place and a lawful transfer mechanism is used.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

How long we keep your personal data for

We retain information for the period of time necessary to fulfil the purposes for which we obtained the information and consistent with all applicable data protection laws. We use the following criteria to set our retention periods: (i) the duration of our relationship with you or our business partner through whom we deliver our service; (ii) the existence of a legal obligation as to the retention period; and (iii) the advisability of retaining the information in light of our legal position (for example, in light of applicable statutes of limitations, litigation, or regulatory investigations).

Accuracy and data minimisation

We take reasonable steps (i) to maintain the accuracy of the personal data we process; and (ii) to limit the personal data that we process to that which is reasonably necessary for the purposes for which we obtained the information.

Exercising your rights

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us.

Unsubscribing from email – if you no longer wish to receive email messages from us, you can opt out of this by either (i) following the “unsubscribe” instructions located near the bottom of each email message, or (ii) contacting us.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please be aware that each of the rights listed above is a qualified right and there may be reasons why we are unable to comply with it, but in such circumstances, we will explain the reasons for this.

Givewith