At GiveSmart, we are committed to treating your security and privacy with the utmost importance. The following describes the processes we follow to safeguard your data and the measures we take, where applicable, to meet compliance requirements.
The GiveSmart platform is held to stringent compliance standards and is both SOC 2 and PCI-DSS compliant. GiveSmart does not store sensitive credit card data. Therefore, we rely on our credit card processing partner, CardConnect (www.cardconnect.com) to secure that sensitive information, and we utilize tokens to communicate with CardConnect when running transactions. Because the data stored by CardConnect is more sensitive, CardConnect is held to higher compliance standards and is therefore SOC 3 compliant. Our certification of compliance is available upon request.
Our hosting provider, Amazon Web Services (AWS) provides security capabilities and services to maintain privacy and control network access. AWS is also SOC 3 compliant. More details about the security of AWS can be found directly on their site here: https://aws.amazon.com/security
HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The Privacy Rule portion of the law sets national standards to protect individuals’ personal health information and medical records, and stipulates conditions on how that information can be used without patient authorization. In 2013, updated HIPAA regulations were released that explain the rules fundraisers must follow to comply with this statute.
GiveSmart provides software and services, including credit card processing, to hospitals and health care organizations. GiveSmart products and services do not store patient information and therefore are not required to adhere to HIPAA requirements to protect patient information and rights.
References from other hospitals and health/human services organizations that are current GiveSmart customers are available upon request.
Accessibility and 508 Compliance
Our development team follows accessibility best practices in designing and testing all new features and functionality within GiveSmart. In addition, our on-site staff is readily available to assist persons with disabilities in using our platform and services.
At GiveSmart, we follow industry best practices for software development and are proud of the quality and integrity of the features we release on a regular basis. GiveSmart utilizes more than 2,500 automated tests to extend quality throughout our platform and to ensure that we are not introducing regressions or older defects into the application. Throughout the development process, our most senior developers personally review every line of code to guarantee all product enhancements meet our high standard of quality.
Additionally, all members of the GiveSmart development team are trained in security practices and must pass stringent background checks. Our combined team has decades of experience and training in security best practices and handling risks.
Hosting and Disaster Recovery
Our data is encrypted and backed up daily, with incremental backups throughout the day.
GiveSmart utilizes out-of-the-box Amazon Web Services and therefore we are able to leverage all security patches and updates as applied by Amazon.
We also undergo quarterly penetration testing to evaluate and verify the security of our servers.
In addition to the Websites, GiveSmart operates the web-based software platforms, GiveSmart, Gesture, and 501 Auctions, used by our Clients to provide access to a website for authorized individuals, including their employees and customers. The use of information collected through this platform is strictly limited to the purpose of meeting our contractual obligations to our Clients and providing the services requested by our Clients, which are defined within our service agreements. The information we collect is done so at the direction of our Clients and we have no direct relationship with their customers, the individuals whose personal data we process.
Policy Regarding Children
GiveSmart Websites and Services are not designed for use by children under the age of 16. As such, this Website is not directed at children under the age of 16 nor do we knowingly collect or maintain information from children under the age of 16 on this Website.
Collection and Use of Data
All communication via the GiveSmart platform is over HTTPS, so any data sent is transferred over a secure connection that encrypts that information.
We also utilize reCAPTCHA within key transaction forms in our application in order to prevent spam and any unlawful attempts to automatically extract data from our platform.
Personal Information and Business Information
The Personal Information you provide will vary based upon the context, and we will not collect your Personal Information unless you make it available. You are not required to provide Personal Information at any time while visiting the Websites; however, you may be required to provide Personal Information to use certain Services. You may provide us with Personal Information by participating in online surveys, subscribing to newsletters and other recurring offerings through the Websites, and in connection with other products, services, features, or requests made available through the Websites.
GiveSmart collects the Business Information necessary to enable us to respond to your requests for our products and services and to send you information regarding our products and services from time to time. Since most of the users of our products and Websites are doing so in their capacity as employees or companies, most Business Information we collect will be in that capacity (rather than information about you individually, such as your personal tastes, etc.). For these purposes, we have defined “Business Information” as any information that identifies or may identify a company or an individual contact at a company or that allows others to contact a company or an individual contact at a company. When you visit our Websites, you may be asked to submit information such as e-mail address, company name, address, phone number, your product version and/or areas of interest. We may also ask you where you heard about our company or products, or for other information that will help us understand more about your needs or help us process your requests for information. In addition, we collect credit card and related payment information when you order products, services or support plans online. Our information collection and use practices are described in more detail below.
We offer certain limited online support services. If you access our online support, you may be asked for information such as customer ID, product name, product version and other information to help us determine what the technical issues are and how best to help you resolve them. In addition, certain products allow you to submit support-related questions directly from the product. If you access online support services from a product, information about your network, operating system, printer, data and program path, product type, version, customer ID, the product’s technical support information sheet, product serial number and other similar information will be automatically pre-populated for submission to our customer support representatives to assist them in answering your questions.
Product-Related Information Collection
GiveSmart collects certain additional information in connection with your use of our Services, web-based products and/or desktop products with online features. For instance:
- Product Updates: Some products provide you with the ability to download and register product and/or tax updates as they become available. During the download and registration process, we collect “Business Information”, including customer ID number and product version, type and serial number. This is collected so that we can authorize your access, provide you with the appropriate update, and to update our records as to the product and products updates you have downloaded or installed, so that we may provide the appropriate support.
- Account Set-Up and Access: Upon subscribing to our services, GiveSmart collects Business Information, which may include information such as product serial number, customer ID and your customer profile information. This allows us to identify you to authorize your access and use of the services, and to provide you with your relevant account information. Certain products allow you to access your account to obtain information such as your support plan status, service subscriptions, registrations and order history.
- Online Product /Account Application: Certain products and services are subject to an application and enrollment process, which may be completed on paper or online. Information requested may include federal ID numbers, bank account, payroll, credit card and contact information. This information is used to process your enrollment request and, if approved, to set up and administer your account.
- Web-based Services: Some of our web-based Services collect certain additional information, including IP address, browser, connection speed, domain, referring URL and other environment-related information. This enables us to provide a secure environment for the use of the services, to pre-populate forms and calculate aggregate statistical information about the customers using these services. We use this information to better protect you and to provide a better user experience.
GiveSmart may use your Business Information to inform you of special discounts or offers from other companies we have carefully selected and whose products and services may be of interest to you.
To access information (blogs, demos of our products, marketing materials etc.) on the Websites, a user may be required to register with GiveSmart. During registration, a user is required to give certain information (such as name, email address, job title). This information is used to contact you about the products/services on our site in which you have expressed interest.
We request information from you on our order form. To buy from us, you must provide contact information (like name and shipping address) and financial information (like credit card number, expiration date). This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we’ll use this information to contact you.
Surveys and Contests
From time-to-time, our Websites may request information via surveys or contests. Participation in these surveys or contests is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code). Contact information will be used to notify winners and award prizes, if applicable. Survey information will be used for purposes of monitoring or improving the use and satisfaction of the Websites.
GiveSmart may place “cookies” on the browser of your computer. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. Cookies may enhance the convenience and use of the Website. For example, the information provided through cookies may be used to recognize you as a previous user of the Website (so you do not have to enter your personal information every time), offer personalized information for your use, and otherwise facilitate your experience using the Website. You may choose to decline cookies if your browser permits but doing so may affect your ability to access or use certain features of the Website.
Most web browsers automatically accept cookies, but you can disable this function so that your browser will not accept cookies. Please be aware that disabling this function may impact your use and enjoyment of this Website.
We may also allow certain third-party analytics service providers to include cookies and web beacons within the pages of the Websites on our behalf and to retain and use the information received from such cookies and web beacons themselves. Third-party service providers that collect this data on our behalf may offer information about their data collection practices, and in some cases, an opt out on their respective websites which you can access here: http://www.google.com/analytics/.
Do Not Track Currently, various browsers — including Microsoft Edge, Google Chrome, Internet Explorer, Mozilla Firefox, and Apple Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites’ visited by the user about the user’s browser DNT preference setting. We do not currently commit to responding to browsers’ DNT signals with respect to the Company’s Web sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. We take privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Protecting Data During Collection
We take precautions to protect your information. When you submit sensitive information via the Websites, your information is protected both online and offline. We use appropriate security measures to protect the security of your data both online and offline. These measures vary based on the sensitivity of the information that we collect, process, store, and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
How We Use The Data We Collect
Each email we send will contain instructions on how to unsubscribe should you decide not to receive future promotional e-mails. If you choose to opt-out of receiving promotional e-mail communications from any GiveSmart business unit, we may still periodically communicate with you via mail and telephone. Please allow up to 10 business days to be removed from our promotional e-mail list.
We send notification emails about the Website and Services from time to time as necessary. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
We also send newsletters to our users with news of new service offerings and promotions. Should you change your mind about receiving these newsletters, you can unsubscribe by following the directions present in each email we send out.
Most of our communications are intended to:
- inform you of product upgrades and updates and subscription renewals;
- inform you of tax, regulatory and other compliance issues with your software product or service;
- notify you of products and services that we think may be of interest to you;
- offer you discounts or other promotions with respect to GiveSmart products and services that we think may interest you; and
- contact you for survey purposes to determine how we can better service you or provide better products to meet your needs.
Third-Party E-Mail Promotions
Services and Product Data
Business Information collected by GiveSmart as set forth in the Personal Information and Business Information section above does not include your company’s data entered in the course of operating our products (“Product Data“) or data provided by you while using our services (“Services Data“).
GiveSmart will not access your Product Data or Services Data except in the following limited circumstances:
- to provide you with technical support, solely at your request and with your permission;
- on a limited-access basis to install updates, produce regular backups or restore data from backups at your request;
- where the inherent purpose of the product or service requires GiveSmart to provide the Product Data or Services Data to a third party on your behalf (for example where GiveSmart makes tax filings on your behalf or initiates bank transfers on your behalf); and
- unless you opt-out, to utilize Aggregate Information derived from Product Data and Services Data to help us improve our products and services and in developing additional offerings. Aggregate Information is non-identifying information about you that is provided to third parties for analysis. For example, we might inform third parties regarding the number of users of this Website and the activities they conduct while on this Website to better understand user experience. Third-parties who receive aggregate information cannot identify or contact you based on the information they receive.
GiveSmart will not provide your Product Data or Services Data to any third-party or permit any third-party to access your Product Data or Services Data, except with your permission or to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order. In addition, if at any time you decide to discontinue your use of the applicable service, your Services Data will be destroyed and removed from all servers according to terms set forth in your Service Agreement, subject to applicable back-up and disaster recovery practices and procedures.
How We Share Data
Unless you give us your permission, we don’t share data we collect from you with third parties, except as described below:
Third-party service providers or consultants. We may share data collected from you on the GiveSmart Site with third-party service providers or consultants who need access to the data to perform their work on GiveSmart’s behalf, such as a website analytics company or our third-party advertising partners. These third-party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
Compliance with Laws. We may disclose your data to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of the GiveSmart Site or our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If GiveSmart is required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
Affiliates. We may share data collected from you from the GiveSmart Site with our affiliates. We all will only use the data as described in this notice.
Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you through our website may be part of the assets transferred or shared in connection with due diligence for any such transaction. Any acquirer or successor of GiveSmart may continue to use the data we collect from you through our Site as described in this notice.
Auction Sponsors. GiveSmart may share your Personal Information with the Auction Sponsors for the purpose of preparing for the event, awarding you the items you bid on, acknowledging your bids and donations, other event-related matters. In addition, the Auction Sponsors may use your Personal Information in its programs and activities so they can contact you to obtain your input, provide information about their current and future programs and events, or request contributions. The Auction Sponsor may also share the Personal Information with its volunteers, vendors and service providers that assist Auction Sponsor with Auction Sponsor’s activities and programs, such as by fulfilling orders, managing data and processing donations.
Aggregated or de-identified data. We might also share data collected from you from the GiveSmart Site with a third party if that data has been de-identified or aggregated in a way that does not directly identify you.
We do not share your data (including, but not limited to, the personal data of your end users) with third parties for their direct use.
We may retain your information for a period of time consistent with the original purpose of collection. For instance, we may retain your information during the time in which you have an account to use our Web sites or Services and for a reasonable period of time afterward. We also may retain your information during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
You may opt-out of any future contacts from us at any time. Additionally, if the collection of your personal data was based on your consent, you have the right to revoke that consent at any time. Be aware that by revoking consent, you may lose access to services you previously opted to use.
You may request to review, correct, delete, or otherwise modify any of the personal information that you have previously provided to us through the Company’s Web Site(s) and Services. You can do the following at any time by contacting us via the email address or phone number provided on our website:
- See what data we have about you, if any
- Change/correct any data we have about you
- Have us delete any data we have about you
- Express any concern you have about our use of your data
Requests to access, change, or delete your information will be addressed within a reasonable timeframe.
California Residents’ Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To request a copy of such information, please contact us as described in the “Questions, Concerns or Complaints” section below, and we will respond within 30 days as required by law.
How to Contact Us
GiveSmart commits to resolve complaints about our collection or use of your personal information. GiveSmart takes its users’ privacy concerns seriously.
Attn: GiveSmart Privacy Officer
9620 Executive Center Dr. N #200
St. Petersburg, FL 33702
Effective Date: October 11, 2019