ENGIVEN PRIVACY POLICY
Last Updated: July 12, 2022
This Privacy Policy for Engiven, Inc. (“Engiven”, “us” or “we”) explains how we collect and use information through engiven.com and our other online channels (the “Site”), and as a service provider to donation platforms and the non-profit and enterprise merchants that use the Engiven API and related technology via those platforms (in each case, a “Merchant”) to collect donations in the form of cryptocurrency (collectively, the “Services”). We encourage you to read it carefully to understand how we collect and use your information.
This Privacy Policy is governed by and part of our Terms of Service. Any additional notices about our privacy practices we provide are also part of this Privacy Policy. If you have questions about our privacy practices or would like to make a complaint, please contact us at legal@engiven.com.
1. CONSENT
By using or accessing our Services in any manner, you acknowledge and consent to this Privacy Policy, and you consent to Engiven’s collection, use, and disclosure of your information as described below. If you do not agree with this Privacy Policy, do not use our Services.
Note that this Privacy Policy DOES NOT apply to information collected through a website or platform not owned or controlled by Engiven, such as Merchant platforms or websites.
2. PERSONAL INFORMATION
In this Privacy Policy, “Personal Information,” means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or household, such as:
a. Identifiers (e.g., name, address, telephone number, email address, username);
b. Sensitive Personal Information (e.g., government identification number; racial or ethnic origin; religious beliefs; health information; contents of messages sent to others);
c. Protected classification information (e.g., race, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);
d. Biometric information (e.g., voice, keystrokes, behavioral or biological characteristics);
e. Internet or other similar activity (e.g., browsing history, content interactions);
f. Employment-related information (e.g., current or past employment);
g. Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99);
h. Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies); and
i. Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.
Personal Information does not include (i) publicly available information (ii) aggregated information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) deidentified information that cannot be easily linked back to the individual.
3. COLLECTION AND USE OF PERSONAL INFORMATION
Engiven’s collection and use of Personal Information depends on how you use our Services, whether via a Merchant or by interacting with Engiven directly. We collect Personal Information with your consent, as a service provider to a Merchant, with a legitimate interest, or as authorized or required by law.
a. Categories. During the preceding 12 months, we have collected Personal Information in the categories of identifiers, commercial information, and internet or similar activities from the sources described below.
b. Sources of Collection. Engiven has collected Personal Information from these sources:
· From you as a Donor to a Merchant, as a service provider. Merchants use our Services to place a widget or button on the Merchant platform or website to collect cryptocurrency donations. If you make a donation to a Merchant via the Services, we will collect identifiers like your name, email, address, phone, and commercial information about your donation activity. When a Donor uses our forms generation feature for IRS Forms, we also collect the date, amount, and place where the Donor acquired the donated asset. We collect this information with your consent and to fulfill our contractual obligations as a service provider to the Merchant. Donations are securely processed through the Engiven Foundation, a charitable foundation formed to accept and process donations for the benefit of your chosen Merchant, and its payment processors.
· From your communications with Engiven, with consent. If you visit our Site and sign up for our email list or request information about our Services, we will collect your name, email address, and other identifiers to provide the information you request. When you contact Engiven by email or other means, we will collect your contact information and any other information you choose to share with us. We may keep a record of our correspondence with you. We collect this information with your consent, and we use it for the purposes stated at the time of collection, to communicate with you, or to send you direct marketing communications based on your stated communication preferences.
· Automatically from your use of our Services, with a legitimate interest. When you use our Services to donate to a Merchant or when you visit our Site, we use cookies and related technologies to collect technical data, which may include Personal Information, like your IP address, referral URL, device ID, and operating system, and data about your interactions with the Services. Please review our Cookie Notice to learn more. We collect and use this information to achieve our legitimate interests of administering and improving the Services.
c. Other Uses of Personal Information. In addition to the specific uses above, we might also use your Personal Information to:
· Monitor your compliance with any of your agreements with us;
· Protect your privacy and enforce this Privacy Policy;
· Identify, contact, or bring legal action against persons or entities who may be causing injury to you, to Engiven, or to others, if we believe it is necessary;
· Comply with a law, regulation, legal process, or court order; or
· Fulfill any other purpose to which you consent.
Engiven only collects, uses, retains or discloses Personal Information as reasonably necessary and proportionate to achieve our purposes, or for other purposes that we disclose to you and are compatible with the context of how we collected the Personal Information. We will not collect additional categories of Personal Information or use your Personal Information for purposes that are incompatible with the purpose stated at the time of collection without first notifying you, either by updating this Privacy Policy or through other means, and collecting your further consent when required by law.
4. ENGIVEN IS NOT A PAYMENT PROCESSOR
Engiven Services do not collect or store payment information, process payments or receive, transmit, or otherwise handle or process any funds. For subscriptions and fees, Engiven uses a PCI-DSS payment processor for payment transactions. All Merchants receive donations through PCI-DSS compliant payment processors, either their Gemini Subaccounts via the Site or through the Engiven Foundation when using Engiven via a third-party platform.
5. CHILDREN’S PRIVACY
Engiven Services are for adults, not children. Engiven does not knowingly collect Personal Information from children under 16 without verification of parent or guardian consent. If we discover that a child under 16 has provided us with Personal Information without parent or guardian consent, we will delete such information from our systems. If you believe Engiven might have any information from or about a child under 16, please contact us at legal@engiven.com.
Engiven cannot control the practices of Merchants or other third parties and is not responsible if a Merchant or other third party collects or uses Personal Information from a child under 16.
6. RETENTION OF PERSONAL INFORMATION
Engiven retains Personal Information for the period necessary to fulfill the purposes for which it was collected. If you make a donation to a Merchant through our Services, we will retain your Personal Information as long as the Merchant uses our Services. Engiven may retain Personal Information for longer periods if necessary to resolve a dispute, conduct audits, enforce our agreements, or comply with applicable law. We reserve the right to delete, anonymize, or aggregate Personal Information on our systems at any time as we deem necessary for our business purposes.
7. DISCLOSURE OF PERSONAL INFORMATION
In the preceding 12 months, Engiven has disclosed Personal Information for a business purpose from all of the categories of Personal Information that we collect. Engiven may disclose Personal Information to the following recipients:
a. Merchants. We may share your Personal Information with the Merchants to which you make donations through our Services to facilitate your donation. Any Personal Information received by the Merchant is also subject to that Merchant’s privacy policy. Please contact the Merchant to learn more about their privacy practices.
b. Service Providers. Our service providers like analytics companies, data and hosting providers, and payment processors may have access to your Personal Information while they are performing their contractual obligations. The type of information that we disclose to a service provider depends on the service that they provide to us. We prohibit our service providers from selling or sharing your Personal Information, and we require our service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information.
c. Law enforcement or other government agencies, as legally permitted or required.
d. Other Third Parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
e. Aggregated and Deidentified Information. We reserve the right to share aggregate, anonymized, or deidentified information about any individuals with nonaffiliated entities for marketing, advertising, research or other purposes, without restriction.
8. YOUR PRIVACY RIGHTS
Depending on where you live or are located, you may have certain rights over your Personal Information that we collect and retain. We will facilitate your exercise of those rights as described in this section.
a. Controlling Your Data. We provide you with a variety of methods and options to directly control how we collect and use your Personal Information, including but not limited to:
· Email Communications. If you provide us with your email address, we may send you informational or support emails or, if you opt-in, marketing emails about our Services. If you do not wish to receive these emails, you can change your preferences via the links provided in the emails or by sending a request to legal@engiven.com to be removed from our email list. Please note, however, you cannot opt out of certain service emails relating to your use of our Services.
· Texting. If you provide us with your wireless phone number, you consent to Engiven sending you informational or service text messages. However, we will only send you marketing text messages if you opt-in to receive these notifications from us. For all text messages, the number of texts you receive will depend on the Services you use and the information you request from us. You can unsubscribe from our text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.
· Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests.
· Block Location Tracking. You can stop all collection of information by an app by uninstalling it. You can also reset your device Ad Id at any time through your device settings, which is designed to allow you to limit the use of information collected about you. You can stop all collection of precise location data through an app by uninstalling the app or withdrawing your consent through your device settings.
· Privacy Requests. If you wish to exercise your privacy rights beyond the methods described above, or if you want to express concerns, lodge a complaint, or request information, please submit a privacy request. PLEASE CONTACT THE MERCHANT DIRECTLY FOR QUESTIONS RELATED TO A DONATION.
For all other concerns, please submit a request to legal@engiven.com. We can only fulfill a request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Information, and to properly understand, evaluate, and respond to the request. We endeavor to respond to privacy requests as required by the law of your jurisdiction, subject to statutory exceptions and limitations. We do not charge a fee to respond to a request unless we have legal grounds to do so. If we determine that your request warrants a fee, we will tell you why and provide you with an estimate before completing your request.
b. California and Other U.S. States. This section offers informational notices and disclosures pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) and consumer privacy laws applicable to residents of Virginia, Colorado, Nevada, Utah, and other U.S. states with laws providing similar protections. The following paragraphs apply solely to residents of those states to the extent the same legal protections apply (each a “Consumer”). Most of our privacy practices are as a service provider to Merchants. Please note that Engiven is not currently governed by the CCPA, and certain other U.S. laws may not apply in whole or in part.
Consumers may exercise the following rights over their Personal Information, subject to any exceptions or limitations that apply:
· Right to Disclosure. You may request that a business disclose information to you about its collection and use of your Personal Information, such as: (i) the categories of Personal Information the business has collected about you; (ii) the categories of sources for the Personal Information the business has collected about you; (iii) the purpose for collecting or selling that Personal Information; (iv) the categories of third parties with whom the business has shared that Personal Information; and (v) if the business sold or disclosed your Personal Information for a business purpose, two separate lists stating: (1) sales, identifying the Personal Information categories that each category of recipient purchased; and (2) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. Under the CCPA, a business is only required to respond with respect to activities over the past 12 months and only to two disclosure requests within a 12-month period.
· Right to Correct. You have the right to request that a business correct inaccurate Personal Information about you on its systems.
· No Sale or Sharing of Personal Information. Engiven does not sell your Personal Information or share your Personal information with third parties for cross-contextual behavioral advertising purposes. If this changes in the future, we will update this Privacy Policy and provide you with a method to opt-out. Please direct any questions about Merchant sale or sharing of Personal Information to the Merchant to which you donated.
· Limited Use and Disclosure of Sensitive Personal Information. Engiven does not seek to collect sensitive Personal Information about any individual. In no case will we use or disclose any sensitive Personal Information for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Policy and provide you with methods to limit use and disclosure of sensitive Personal Information. Please direct any questions about Merchant use or disclosure of sensitive Personal Information to the Merchant to which you donated.
· Right to Access. You have the right to request that a business provide you with access to specific pieces of Personal Information it has collected about you (also called a data portability request). If you submit an access request, the business must provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that some laws prohibit businesses from providing access to copies of certain pieces of Personal Information because doing so would create a substantial, articulable, and unreasonable risk to the security of the information, the business systems, or your account. Under the CCPA, a business is only required by law to respond to access requests covering the prior 12 months and only two requests within a 12-month period.
· Right to Deletion. You have the right to request deletion of your Personal Information, with certain exceptions. A business may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion.
· Right to Opt-Out of Profiling. The Services do not use automated processing of Personal Information or “profiling”. If this changes in the future, we will update this Privacy Policy and provide you with a method to opt-out. Please direct any questions about Merchant use of profiling to the Merchant to which you donated.
· Right to Nondiscrimination. Some laws prohibit a business from discriminating against you for exercising any of your legal rights. Unless permitted by law, the business must not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under privacy law.
· Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
To exercise these rights related to a donation, please contact the Merchant. For all other inquiries, please submit a request to legal@engiven.com.
c. EEA and UK. This section provides the disclosures and notices required under the General Data Protection Regulation (“GDPR”) governing the European Economic Area (“EEA”) and its counterpart regulation applicable to residents of the United Kingdom. This section applies solely to residents of the EEA and the United Kingdom (“Data Subject”). Most of our privacy practices are as a processor to a Merchant, but when you interact with us directly as a current or potential new Merchant we may act as a controller. Data Subjects have the following rights over their Personal Information, subject to applicable limitations:
· Right to know how we process your Personal Information. We have set the required notices in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Information by sending you a notice via email or by another method.
· Right to access your Personal Information. Upon request, we will provide you with a copy of your Personal Information and details about the types of Personal Information we process, why we process it, and any third parties we work with to collect Personal Information on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example, to protect the rights of other individuals.
· Right to restrict processing of your Personal Information. You can request that we restrict the processing of your Personal Information if: (i) the data is inaccurate; (ii) the processing is unlawful; (iii) we no longer need the Personal Information; or (iv) you exercise your right to object.
· Right to rectify your Personal Information. If you become aware that the Personal Information that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
· Right to data portability. In some circumstances, we are required to provide your Personal Information to another organization at your request and in a structured, commonly used and machine-readable format.
· Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, we must delete your Personal Information in certain circumstances and where required by law. This right is not absolute, and we may be entitled to retain and process your Personal Information despite your request. If you make this request, we balance certain legal, contractual, and business interests against your right to request the deletion of your Personal Information.
· Right to object to certain processing of your Personal Information. Upon your request, we will limit our processing of your Personal Information as you request in certain circumstances and where we are required to do so by law.
· Right not to be subject to automated decision-making. Engiven does not use automated decision-making to provide the Services. If this changes in the future, we will update this posting to describe our use of automated decision-making and your options to exercise your privacy rights related to your Personal Information processed using automated decision-making. Please direct any questions about Merchant use of automated decision-making to the Merchant to which you donated.
· Right to lodge a complaint with a supervisory authority. Data Subjects can submit requests, questions, or complaints to Engiven using the methods described under Privacy Requests. If, after contacting us, you feel a privacy issue has not been resolved, you have the right to file a complaint with a supervisory authority. We suggest the Data Protection Commissioner of Ireland.
To exercise these rights related to a donation, please contact the Merchant. For all other inquiries, please submit a request to legal@engiven.com.
d. Canada. This section provides the disclosures and notices required under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Information offering details on an identifiable person without the inclusion of name, title, telephone number, and business address of an employee of a business or organization. The rights afforded under PIPEDA are described below.
· Right to know why we collect, use, and distribute the Personal Information we process. We have set the required notices in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Information, such as by sending you a notice via email or by other means of communication.
· Right to expect us to collect, use, or disclose Personal Information responsibly and not for any other purpose other than which you consented. We set your expectations in this Privacy Policy and collect express or implied consent at various stages of collection or processing. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as needed. You may withdraw your consent at any time with reasonable notice.
· Right to accuracy of your Personal Information. We take steps to reasonably ensure that your Personal Information we are using is accurate. If you become aware that the Personal Information that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
· Right to access your Personal Information. Upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. We may not be able to provide access to some or all of the Personal Information you request if limited by law or potential infringement of another’s privacy rights. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.
To exercise these rights related to a donation, please contact the Merchant. For all other inquiries, please submit a request to legal@engiven.com.
9. CONSENT TO CROSS-BORDER DATA TRANSFERS
Engiven owns and provides the Services in the United States to Merchants located in the United States. If you use the Services from outside of the United States, Personal Information we collect about you may be transferred to our servers in the United States. This may require the transfer of your Personal Information out of your country of origin with laws governing data collection and use that may differ from or be more restrictive than U.S. law, or may result in governments, courts, law enforcement or regulatory agencies having access to or obtaining disclosure of your Personal Information pursuant to the laws of the applicable foreign jurisdiction.
Engiven is committed to using legally valid transfer mechanisms for all cross-border transfers of Personal Information. To the extent that we are deemed to transfer Personal Information from the European Economic Area to other jurisdictions, we do so on the legal basis that such transfer is necessary to provide you with the Services you have chosen to use.
You are responsible for determining whether this Privacy Policy and our Services comply with the laws that apply to you. We do not warrant that the Services are appropriate or authorized for use outside of the United States. By allowing us to collect Personal Information about you, you consent to the transfer and processing of your Personal Information as described in this paragraph.
10. COOKIE NOTICE
Cookies are small text files downloaded and stored on your computer or mobile device when you visit or use an online platform. Cookies help the platform recognize your device, store your preferences, or perform certain functions for the platform. Cookies are used for functionality, security, analytics, or advertising. Some cookies are strictly necessary to the function of the website or other platform, while others enable certain features.
Engiven uses cookies on the Services as follows:
· Essential. Intercom cookies for the functionality of our support platform and sails.sid to facilitate user sessions
· Functionality. downloadToken temporary cookie to streamline downloads
· Analytics. Google Analytics cookies
· Security. engivenRememberDevice {{hash}} for multi-factor authentication
· Marketing. Google Ads
You can directly control how cookies interact with your device. You can change your device settings to alert you when cookies are sent to your device, or to refuse some or all cookies from being set on your device. Alternatively, you can install a third-party plugin to control cookie behavior. If you disable or refuse cookies or block the use of other tracking technologies, some parts of the Services may then be inaccessible or not function properly. If you get a new device, install a new browser, or erase or alter your device’s cookie file or privacy settings, your privacy preferences may not be saved.
11. DATA SECURITY
Engiven uses reasonable and appropriate security procedures and practices to help protect your Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. Engiven uses technical safeguards like Secure Sockets Layer (SSL) technology, firewalls, IP whitelisting, multi-factor authentication and a continuously monitored security operations center to protect data on our systems. We ensure that Engiven employees, contractors, and agents responsible for handling user inquiries are informed of applicable privacy law requirements, and we restrict access to those who need that information to process it. We also require contractors and third parties that work with us to adhere to strict privacy standards. Please note, however, that no transmission of data over the Internet or mobile platforms is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes.
12. THIRD PARTY WEBSITES
This Privacy Policy applies only to information collected by Engiven. We are not responsible for, the privacy and data collection, use, and disclosure practices of third-party websites, including Merchant platforms and websites. Any access to and use of linked websites is governed by the privacy policies of those websites. We are not responsible for the information practices of such websites. We encourage you to review and understand the privacy policies of such websites before providing them with any information.
13. CHANGES TO THIS PRIVACY POLICY
Engiven may update and revise this Privacy Policy at any time. We will post the revised Privacy Policy on this page. Your use of our Services after we make changes is deemed to be your acceptance of those changes. The date that this Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically visiting this Privacy Policy to check for any changes.