Privacy Statement

Please direct all related inquiries to:

Click & Pledge
2200 Kraft Drive
Suite 1000
Blacksburg, VA 24060-6356
Email: privacy@clickandpledge.com

For privacy reasons Vimeo needs your permission to be loaded. For more details, please see our Privacy Statement.
I Accept

This privacy statement covers clickandpledge.com and all other domains managed and hosted by Click & Pledge (“we” or “us” or “our”). The following topics are described in detail:

As part of Click & Pledge’s online payment system, we save a donor’s information on behalf of our Customers (“Organization” or “Merchant”). We do not, however, own any donor’s information. A donor’s collected information belongs solely to the specific organization to which the individual donated to or purchased from.

We will not sell, share, or rent this information to others except as disclosed in this document. Clickandpledge.com collects a variety of information from site visitors, donors and customers at several different points on our website.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Revised” date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the Site. You are encouraged to periodically review this Privacy Policy to stay informed of updates. By using our Site, you are accepting this Privacy Policy.

DEFINITIONS

Within this Privacy and Protection Policy, we define these following items:

“Applicable Privacy Law” means the relevant data protection and privacy law (including the GDPR) to which a Merchant is subject, as well as any guidance or statutory codes of practice issued by the relevant Privacy Authority.

“Customer” a third party (nonprofit, organization, political entity, or private company) who contracts Click & Pledge to provide products and services that allow the third party to collect money and organize events over the Internet.

“Data Controller” an entity that collects and owns data for its own use.

“Data Processor” an entity that collects, processes, and/or stores data on behalf of a third party. Generally, the third party is the owner of the data and is the Data Controller.

“GDPR” or General Data Protection Regulation, is the data protection and privacy law of the European Union.

“PII or Personally Identifiable Information, is any data collected by Click & Pledge acting as a Data Controller or a Data Processor that can identify a natural living person as defined by Applicable Privacy Laws.

“Services” means any service that Click & Pledge provides for itself or its Customers that may collect, process, and/or store PII.

“Erasure” is the removal or modification of any Personally Identifiable Information such that any remaining data can no longer be used to identify a natural living person.

“Security Breach” is the unauthorized access, use, modification, or removal of Personally Identifiable information that collected, processed, or stored by Click & Pledge.

COLLECTION OF YOUR INFORMATION

We may collect information about you in a variety of ways. The information we may collect on the Site includes:

… As A Data Controller

We collect certain information from site visitors and from customers and those applying for an account. We also collect information from users of auxiliary services such as forums.clickandpledge.com and help.clickandpledge.com. For these sites we are the Data Controller and may collect information that is considered personally identifiable information.

Account Applications (Customers and Potential Customers Only)

To use some of our services, a customer must first complete the application form. When completing the application, a customer is required to give their contact information (such as name, address, and email address) and information about their organization (such as name of organization, Tax ID, and tax designation). We use this information to contact the customer about the services on our site for which they have expressed interest.

Personal Data (Customers and Potential Customers Only)

When you voluntarily register with the Site or when you choose to participate in various activities related to the Site, such as online chat and message boards, we store PII, such as your name, shipping address, email address, and telephone number. You are under no obligation to provide us with PII of any kind. However, your refusal to do so may prevent you from using certain features of the Site.

Financial Data (Customers and Potential Customers Only)

We may collect financial information, such as your payment method (e.g. valid credit card number, card brand, expiration date) when you purchase, order, return, exchange, or request information about our services from the Site.

Derivative Data

Information our servers automatically collect when you access the Site, such your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site.

Data From Social Networks

If you connect your social networking accounts to our Site, such as Facebook or Twitter, you may be sending these third parties your data. This might include your name, social network username, location, gender, birth date, email address, profile picture, and public contact data.

… As A Data Processor

We collect, store, and process information from visitors and donors on the websites of our Customers. For these sites we act as a Data Processor. The privacy policy that applies to information we collect, process, and/or store is governed by the Customer.

Personal Data

When a donor chooses to participate in various activities related to the Site, such as online chat and message boards, we store PII, such as your name, shipping address, email address, and telephone number. You are under no obligation to provide us with PII of any kind. However, your refusal to do so may prevent you from using certain features of the Site. This data is owned by the Customers, and is used by us in fulfillment of our business obligations to the Customer.

Financial Data (Customers and Potential Customers Only)

We may collect a donor’s financial information, such as your payment method (e.g. valid credit card number, card brand, expiration date) when you purchase, order, return, exchange, or request information from the Site. This data is owned by the Customers, and is used by us in fulfillment of our business obligations to the Customer.

Derivative Data

Information our servers automatically collect when you access the Site, such your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site.

Data From Social Networks

If you connect your social networking accounts to our Site, such as Facebook or Twitter, you may be sending these third parties your data. This might include your name, social network username, location, gender, birth date, email address, profile picture, and public contact data.

HOW WE STORE, USE, AND TRANSMIT COLLECTED INFORMATION

… As A Data Controller

Information collected from Click & Pledge site visitors and Customers is used for a limited number of purposes. Most of these are required for business and operational purposes. Others, especially uses for Customers, are required by our gateway processors and regulatory agencies. In instances where we share any PII with third-party agencies, it is for business operation purposes. We do not sell or share customer or visitor PII for any purposes not necessary to our business.

Information Collected, Stored, and Processed

We collect PII primarily from our Customers. We use this information to:

  • Create and manage your account.
  • Email you regarding your account or order.
  • Enable user-to-user communications.
  • Respond to product and customer service requests.
  • Send marketing materials and newsletters.
  • Improve your experience on our Site.
  • Request feedback and contact you about your use of the Site.

Information collected, stored, and processed from site visitors and from users of third-party applications is primarily used for analytical research purposes. That analytical data does not contain any PII.

All PII collected as Data Controller is retained until no more than 18 months after the person is no longer associated with Click & Pledge.

… As A Data Processor

Information collected by Click & Pledge on behalf of its customers is stored and processed by Click & Pledge for our Customers. All information, including PII, is collected by Click & Pledge when we act as the Data Processor. This data is owned by the Customers and is used by us in fulfillment of our business obligations to the Customer.

Information Collected, Stored, and Processed

As part of an online payment system, we save a donor’s information and some third party application PII in our system on behalf of the Customer. That information may be used for the following purposes:

  • Create and manage your account.
  • Email you regarding your account or order.
  • Fulfill and manage purchases, orders, payments, donations, or other transactions related to the Site.
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  • Enable user-to-user communications.
  • Increase the efficiency and operation of the Site.

All PII collected on behalf of our customers is retained until the customer removes it or 18 months after the customer has ended its relationship with Click & Pledge, whichever occurs first.

Donors may choose to donate a gift in memory of someone, or in honor of someone. This particular information is shared with the Organization, only if the donor chooses to enter this information on the payment form. Otherwise, the system will neither share the information with the Organization, nor will this data be save or stored.

Donors may choose to send an email to a friend about a listing on any of the catalog checkout pages. This email is considered a private communication between the donor and the friend. The Organization will not be notified of this communication, and no data will be saved or stored.

Donation / Order

We request information from a customer on our donation/application form. A Customer must provide contact information here (name, billing, and shipping address) and financial information (credit card number, expiration date). This information is used for billing purposes and to fill customer’s orders. If we have trouble processing an order, this contact information is used to get in touch with the donor.

Donation System

A donor’s information is saved on behalf of the Organization. Organizations can log in to their administrative system to keep track of donations and payments.

Click & Pledge does not use any of the provided information, except when contacting the donor about issues or disputes over payments.

The Organization has access to a donor’s contact information and other details. This is not related to cardholder data. Please refer to the Organization’s privacy policy to view how that particular Organization will handle donor data.

DISCLOSURE OF YOUR INFORMATION

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

Third-Party Intermediaries

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, network services, customer service, and marketing assistance. These third parties include, but are not limited to:

  • TSYS
  • Global Payments
  • Optimal Payments
  • iATS Payments
  • ProPay

We may share your information for the purpose of conducting general business and research.

Interactions With Other Users & Online Postings

If you use a “forum” (including a bulletin board or chat room) on this Site, any PII you submit there can be read, collected, or used by other users of these forums. This information could be used by other users to send you unsolicited messages. To request removal of your PII from our blog or community forum, contact us at privacy@clickandpledge.com. In order to do this, we’ll need to verify your identify before removing the data. In some cases, we may not be able to remove your personal information. In these cases, we will let you know if we are unable to do so and why.

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Statement. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Social Media Contacts

If you connect to the Site through a social network, your contacts on the social network may be able to view your name, profile photo, and descriptions of your activity.

COOKIE POLICY

A “cookie” is a piece of data stored on the user’s hard drive containing information about the user. Once the user closes their browser, the cookie remains on your hard drive until the user explicitly deletes it. For instance, by setting a cookie on our Site, the user would not have to log in a password more than once, thereby saving time while on our Site.

If a user rejects the cookie, they may still use our Site. The only drawback to this is that the user will have limited capabilities in some areas of our Site.

We may use cookies or other tracking technologies on the Site to help customize the Site and improve your experience. By using the Site, you agree to our Cookie Policy.

Cookies Used

Visitors to clickandpledge.com uses the following cookies:

  • _ga , _gat and _gid: These three cookies allow Google Analytics to generate statistics for us to generate general usage reports and navigation paths through the Site. These cookies are a data aggregate. Google’s cookie policy prohibits the collection of PII through its analytics engine.
  • collect: This cookie is associated with Google Analytics and is used to identify user behavior across multiple websites, including our affiliate domains (clickandpledge.org, help.clickandpledge.com, and forums.clickandpledge.com). We can follow individual navigation behaviors, but cannot personally identify anyone with this cookie. Please refer to Google’s cookie policy for their usage of information provided by this cookie.
  • vuid: This cookie is associated with vimeo.com which is used by Click & Pledge to host videos that are recorded. The cookie is used to keep track of which videos have been watched. Click & Pledge can follow some behavior of individual persons, but cannot identify those persons.
  • fr, frimpression.php and other Facebook cookies: These cookies are used by Facebook to track interactions of browsers with Facebook products. Please refer to Facebook’s cookie policy for their usage of information provided by these cookies.
  • _jkIncludedInSample and Hotjar cookies: These cookies are used by Hotjar to monitor user behavior on the website for analytics purposes (heatmaps, funnels, recordings, etc.) Please refer to Hotjar’s cookie information for their usage of information provided by these cookies.
  • privacy_embeds: This cookie is used to store and keep track of your cookie consent preferences, and which cookies you agree to have loaded when you visit our website. This cookie is stored by default for 90 days.

Visitors to Click & Pledge donation platforms use the following cookies:

  • Coyote-2-nnnnn: This cookie is used by Click & Pledge’s server-farm to make sure an individual browser stays on the assigned server for the entire browsing session. This cookie cannot be used to identify individual persons.

Visitors can manage Cookies in the most commonly used browsers. Instructions are available for Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Internet Explorer.

Payment System

The payment system also uses session state values for passing information from one Web page to another. The session state values are required to navigate the site and cannot be turned off. Session site values are only used while you are navigating the site. Once you conclude your session or close your browser, session state values no longer exist.

Cookies are also used if a donor chooses the “Remember Me” feature. The feature allows for the donor to skip the address or personal information (except credit card information) the next time the donor wishes to donate to an organization. Cookies allow donor information like name, address, email, phone number, to be retrieved for future donations.

Website Analytics

We partner with selected third-party vendors, such as Google Analytics, to allow analytics technologies on the Site through the use of first party cookies and third-party cookies, to, among other things:

  • Analyze and track a visitor’s use of the Site
  • Determine the popularity of certain content
  • Help us better understand online activity.

By accessing the Site, you consent to the collection and use of your Site browsing data by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. If you do not want any information to be collected and used by tracking technologies, you can visit the third-party vendor or Digital Advertising Alliance Opt-Out Tool.

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

Administrative System

Cookies are used only if an account user selects the “Remember Me” feature. The feature saves the UserID and OrgID for future logins. Only the user’s password or smartphone authentication is required if “Remember Me” is chosen. When using a one-time password to login to the site, the visitor can choose to continue access for 30 days without receiving a new code.

Session state information is used to provide page-to-page interactions. Other uses include security checks and maintaining the login information during administrative sessions.

THIRD-PARTY WEBSITES

The Site may contain links to third-party websites and applications of interest that are not affiliated with us. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information.

Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.

SECURITY OF YOUR INFORMATION

Click & Pledge takes every precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected both online and offline.

When our registration/order form asks users to enter sensitive information (such as a credit card number), that information is encrypted and is protected with the best encryption in the industry. While on a secure page, such as our order forms, the lock icon on Web browsers — such as Chrome, Firefox, or Microsoft Edge — becomes locked, as opposed to unlocked, or open. When the icon is locked, it indicates that your information is encrypted before transmission to ensure that it remains secure.

While we use secure encryption to protect sensitive information online in our Payment System used by various organization, we also do everything in our power to protect user information offline. All of our users’ information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. Our employees must use password-protected screensavers when they leave their desk. Furthermore, ALL employees are kept up-to-date on our security and privacy practices.

Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers’ information is protected. Finally, the servers that we store personally identifiable information on are kept in a secure environment, in a locked cage that requires electronic card access and is video-monitored 24 hours per day.

If you have any questions about the security at our website, please send an email to security@clickandpledge.com.

Breach Notification

Unless otherwise prohibited by applicable law, we will notify Customers of a Security Breach as soon as is reasonably possible under the circumstances. In any event, this is no later than 72 hours after becoming aware of any accidental, unauthorized or unlawful destruction, loss, alteration, disclosure of or access to Personal Data.

This notification would include:

  • A detailed description of the Security Breach.
  • The type of data that was the subject of the Security Breach.
  • The identity of each affected person (Or, where not possible, the approximate number of data subjects and PII records concerned.)

Click & Pledge will communicate to the Merchant:

  • The name and contact details of Click & Pledge’s Data Protection Officer (DPO) or other point of contact, where more information can be obtained.
  • A description of the likely consequences of the Security Breach.
  • A description of the measures we’ve taken or proposed to address the Security Breach, including measures to mitigate possible adverse effects.
  • Additional notifications as soon as any additional information regarding the Security Breach becomes available.

In any case, we will take prompt action to investigate the Security Breach and use industry-standard efforts to mitigate its effects. We are obligated by our contracts with Merchants to carry out any recovery or other action needed to remedy the Security Breach.

YOUR RIGHTS REGARDING YOUR INFORMATION

NOTE: These rights are GDPR compliant and apply to all people who access our websites.

Right To Access

You may at any time review or change the personal information we store by sending a request to privacy@clickandpledge.com. Please note that we need to confirm your identity before we can share or change any information.

Right to Erasure

You have the right to request that we remove or modify any PII about you that we store or use. Once the request has been granted, any records created prior to the time Erasure was requested will be removed or changed.

Granting erasure does NOT prevent us from gathering information on future visits to our website(s). The right to erasure may be limited due to reporting requirements from credit card vendors, law enforcement or other legal obligations. To request erasure of personally identifiable information, send an email to privacy@clickandpledge.com. We will need to confirm your identity before we can proceed with erasure of your PII.

Additional information for customers and account applicants

Upon your request to erase information, we will deactivate or delete any accounts and information where your PII is used as the primary contact and/or bank officer for that account. The only exception is if your erasure request is accompanied by validated information from a person who will replace you in that role.

Some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

Right to Move Data

You may at any time review or change the information in your account or terminate your account by contacting us using the contact information provided. We can also provide you with information we have collected in a format that can be imported into other systems and applications. We will need to confirm your identity before we can transfer your PII to you or a qualified third party.

NOTE: Certain information, such as recurring transaction information, can only be transferred to another PCI compliant entity. For these data, we need contact information and PCI certifcation(s) of the entity that the data will be transferred to.

Emails and Communications

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by contacting us using the contact information provided.

If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

LEGAL DISCLAIMER

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our website. In cases where we are required to provide information to a court, or other governing entity, we will endeavor to inform the effected Customer(s) unless such order or requirement prevents said notification.

NOTIFICATION OF CHANGES

If we decide to change our privacy policy, we will post those changes on clickandpledge.com so our users are always aware of what information we collect, how we use it, and under circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email and/or through a notice posted on our website. Users will have a choice as to whether or not we use their information in this different manner.