Effective Date: 31 October 2019
Thank you for using the services of Your Giving Group (YGG). We build Services for churches, ministries and other organizations to help you increase giving and engagement.
This Privacy Policy applies to the processing of personal data by Your Giving Group (as defined) located at 901 Woodland Street, Suite 104, Nashville, TN, 37206 (‘YGG’, ‘Tithe.ly’, 'we’, ‘us’, ‘our’).
We may change this Policy from time to time. If we do, we shall post a revision of this Privacy Policy at https://get.tithe.ly/privacy-policy and your continued use of this Website and the Services shall be subject to such revised terms.
Our Services include:
We reserve the right to upgrade, maintain, tune, backup, amend, add to or remove items from, redesign, improve or otherwise alter our Services at our sole and absolute discretion.
We collect information from people who visit our website, make enquiries or otherwise contact us, trial our software, or set up and operate an account on behalf of an organisation (including Organisation Administrators and Authorized Users). We call this ‘Customer Information.’
The Customer Information we collect includes:
We collect and process this information as a Data Controller (for GDPR purposes).
Personal information is also collected from individuals who use our Services to interact with, or donate to, organisations. We call this information ‘Individual Information.’
Information collected from individuals includes:
We collect and process Individual Information as a Data Controller (for GDPR purposes).
More detailed information about the data collected in relation to the use of any Giving Service is included in the YGG Terms of Service.
You may use our Services by attending an event hosted through Events, or by using an account in our Church Management Software which will have been set up by your Organization Administrator.
We call information collected for these services ‘Customer Collected Information.’
Organisations who use our Church Management Software upload or support the uploading of information about their congregations, members and other individuals. In this case, your Organisation Administrator determines what personal information they will collect from you. That information is usually not disclosed to us nor do we have any right to use that information.
We process Customer Collected Information as a Data Processor (for GDPR purposes).
We assume that organisations collect and process all Customer Collected Information lawfully, and in accordance with their obligations as Data Controllers pursuant to the GDPR and other applicable data protection laws.
The Customer Information, Individual Information and Customer Collected Information processed as part of our Services will include “special category data” for the purposes of the EU GDPR, or “sensitive data” under other privacy laws, as it includes information that relate to an individual’s religious affiliation.
We need your consent to collect this type of data (where we are acting as Data Controller as outlined above). To support this requirement, we have included confirmation of your consent in our on-line forms and on our website. If you do not provide this information, we may not be able to provide our Services.
Customer Collected Information is also special category or sensitive information, but this information has been collected and is processed by your church or other organisation as Data Controller.
If you are concerned about the Customer Collected Information that has been included in any of our Services, we recommend you contact the organisation you are affiliated with.
YGG may collect information through the use of common information-gathering tools such as web beacons or cookies.
For more information about our collection and use of this type of data, please refer to our Cookie Policy.
YGG may also collect information from your interaction with the Site, such as statistics in connection with pageviews, IP address, and standard web log information.
Other information that may be collected includes the average donation amount, the geographic breakdown of donations by area, what times of the day have the heaviest traffic, and which type of charity receives the most gifts. This information, collected in the aggregate, allows YGG to better serve all users and in the development of new products and services. None of this information is used to identify individuals.
When browsing the Site through a mobile phone or mobile application, we will attempt to collect your location through GPS in order to pair you with nearby churches and not-for-profit organizations for donation purposes. You may remove this location sharing authorization.
YGG does not knowingly collect any Personal Information from or about a child (which we generally regard as anyone under the age of 16 years, subject to local law requirements) without the consent of the child’s parent or legal guardian. We may ask for evidence of a user’s date of birth to help us verify this.
If we discover that we have inadvertently collected information from a child without the appropriate consent, we will promptly take all reasonable measures to delete that data from our systems.
We collect Customer Information and Individual Information directly through forms on the Website or when an Organization Administrator or other individual signs up for a Service or establishes an Account directly with us.
We may also collect information:
Customer Collected Information is collected by the organization you are connected to, including when you interact with one of the YGG Services. In most cases, YGG does not directly collect or control any Customer Collected Information.
If you are concerned about the Customer Collected Information that has been included in any of YGG’s Services, we recommend you contact the organisation you are affiliated with.
We will only use Personal Information for purposes related to building and providing you with great products and services and giving you a great experience. These purposes include:
We reserve the right to use all data collected, processed or derived by us in relation to the Services, for the purpose of industry trend and best practices reporting, statistical analysis and research relating to the development or improvement of any of our services or products. We will not publish or disclose statistical findings of individual Customer or Donor activity.
We will not use your information for purposes other than described in this Policy unless we have your consent or there are specified law enforcement or public health and safety reasons or other uses required by law.
We may communicate directly with you by sending newsletters, promotions, charitable stories and other updates about our products and services.
If you do not wish to receive marketing communications from YGG, you may unsubscribe by:
YGG does not participate in bulk email solicitations (i.e., “spam”) without your consent.
Your Personal Information will not be disclosed to third party marketers. We never sell, share, or otherwise use personal information for any commercial purposes outside of YGG. However, we may share aggregated anonymous information with third party advertisers, but this aggregated anonymous information cannot be matched with you personally unless you voluntarily share your Personal Information with the third-party advertisers.
Personal data may be shared among the different members of the YGG group (subject to compliance with any legal restrictions on cross-border transfers).
YGG may disclose or transfer personal information to a third party in the event of a proposed or actual purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, transfer, conveyance or financing of all or any portion of YGG in order for you to continue to receive the same services from the third party.
Unless you consent, we will not disclose any Customer Information or Individual Information to third parties, other than data processors or sub-processors we use as part of delivering our services.
A list of the data processors used by us is available here.
For all our processors and sub-processors:
We give our Customers the option to use services that may involve third parties. This may be done via a link to another service or website and may include, as an example, links to PayPal or Stripe for online payment as part of our ChMS service.
The decision to use these services is at the discretion of each Customer.
Although we try to only partner with reputable and trustworthy suppliers, we cannot control or be responsible for the policies of other sites we may link to, or the use of any personal information you may share with them. Please note that this Policy does not cover these other websites, and we recommend that you review the privacy policies attached to the use of those services and websites before deciding whether to proceed.
If you opt to use an optional third-party processor, you give that processor the right, power, and authority to act on your behalf to access and transmit your personal and other information (including Financial Information) according to terms of that third-party provider’s privacy policy.
If you do not want your Individual Information to be shared with third parties for example for the purposes of emailing or texting you or supporting event registration, please let the Organization you are affiliated with know and they can disable these services for you.
When undertaking a financial transaction via our Services, for example, when lodging a donation, you may provide information including credit, debit or bank account details, and your name and address (“Financial Information”). YGG does not disclose Financial Information except to the appropriate banking institutions or payment processing provider in order to process a credit or debit authorization for payment, or to resolve a dispute or for other related purposes.
YGG does not have any access to your Financial Information inputted via third party payment processors
We use social networking services such as Twitter, Facebook, Instagram and YouTube to communicate with Customers, Organisation Administrators, Authorized Users, organizations and the public about our Services. When you communicate with us using these services, we may collect your personal information. The social networking service will also handle your personal information for its own purposes.
Our Site may also contain links to websites not affiliated with the YGG.
These social networking and non-affiliated sites have their own privacy policies and we recommend that you review them. We cannot control or be responsible for the policies of other sites we may link to, or the use of any personal information you may share with them.
By integrating your YouTube channel or Playlist with any YGG Services you are also bound by Google Privacy Policy at http://www.google.com/policies/privacy.
Some of the processors and sub-processors we use are located in jurisdictions including Australia, the US, the United Kingdom and the EU. Use of their services may involve the cross-border transfer of personal information. YGG also has offices and employees located globally, for example, in the USA and Australia. This means that the YGG may process personal information in another country from time to time.
In all cases, appropriate safeguards for the purposes of the GDPR and other laws which restrict the cross-border flow of personal information, have been established and are maintained, whether in the form of standard contractual clauses, appropriate inter-company agreements, adequacy measures or through ensuring certification with the US-EU Privacy Shield. For more information, please refer to our Terms of Service (and the YGG Data Processing Addendum).
Access to your account is secured via unique user passwords. You can help to keep your personal information secure by ensuring that any password you use is kept strictly confidential and by logging off when you have finished using a shared computer.
More information about your security responsibilities are included in the Terms of Service.
We take steps to protect the security of the personal information we hold from both internal and external threats by:
Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while YGG attempts to protect all Personal Information, YGG cannot ensure or warrant that Personal Information will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network.
If a data breach (as defined by applicable laws) involving Personal Information occurs, YGG will:
Please note, our obligations in regard to notification of data breaches may vary depending on whether we are acting as Data Controller or Data Processor in regard to the Personal Information affected by the data breach.
Generally, we will keep Personal Information for as long as a Customer is actively using YGG’s Services or the period during which any legal claim may be made in regard to the provision of Services in accordance with legal requirements or to meet our legal obligations. For example, we hold billing records, and any information associated with those records (such as the number of members a Church had) for 7 years.
If we hold personal information about you, and we do not need that information for any purpose, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law.
We apply the following rules to the permanent deletion of information:
If you would like to request details about Customer Information or Individual Information that we hold about you and how we process it, contact us via the contact details below and we’ll be more than happy to help.
If you ever wish to amend personal information held by us, you may do so by:
Persons who wish to delete any personal information held by YGG can contact us via the contact details below and we’ll be more than happy to help.
Customer Information
In relation to Customer Information, an Organization Administrator can ask us to delete Customer Information at any time, and we will delete it from all live systems and make sure we do not process it further in any way (other than as we may need to support your account or for other reasonable administrative or legal purposes, such as billing).
Customer Collected Information
Organizations also can delete or disable Customer Collected Information at any time.
Individuals who wish to delete or stop the use of their Customer Collected Information for the purposes of any of the Services should contact the organization they are affiliated with directly. If an individual feels their organization has not dealt with their request promptly or effectively, we will work with the relevant data controller to attempt to resolve their request.
Under the GDPR, persons residing in the European Economic Area (‘EEA) may also be entitled to, at any time:
You may also wish to make a complaint about the way we have handled your personal information or other interference with your privacy rights.
You can exercise any of these rights at any time by contacting us (see ‘Contact Details’, below) or your relevant privacy or data protection authority.
This information is relevant for organisations and individuals who use our Services and are currently residing in the European Economic Area.
1. Lawful Bases for Processing Personal Data
At least one of the lawful bases set out in Article 6 of the GDPR must apply in relation to a given processing activity. The lawful bases for YGG’s processing activities are as follows:
YGG has appointed an external Data Protection Officer (DPO) and EU Representative to help ensure that we meet our obligations under the GDPR.
If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact either us (see ‘Contact Us’, below) our DPO, EU Representative or UK Representative using the following details:
Data Protection Officer:
Dr Jodie Siganto
Privacy 108 Consulting Pty Ltd
PO Box 3295
Yeronga, QLD, 4104
Australia
jodie.siganto@privacy108.com.au
EU Representative:
DPR Group
1-2 Marino Mart
Fairview, Dublin 3
Ireland
elvanto@dpr.eu.com
UK Representative:
DPR Group
BPM 335368
372 Old Street
EC1V 9AU, London
United Kingdom
elvanto@dpr.eu.com
If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact us:
Email: privacy@tithe.ly
Phone (US): (424) 228-8870
Phone (AU): +61 (0) 7 3062 2359
Mail to the following address:
USA:
Tithe.ly
901 Woodland St.
Suite 104
Nashville, TN 37206
United States
Australia:
Chief Privacy Officer
Elvanto / Your Giving Group
PO Box 1201
Elanora QLD 4221
Australia
We will endeavour to respond to your request as soon as reasonably possible.
For Australian visitors, the Office of the Information Commissioner is a great resource.
In this Policy, these terms have the following meanings given:
Authorized Users are users who are granted permission to access the Services by either (i) a Customer, (ii) an Organization Administrator, or (iii) another Authorized User that has been given the permissions to add additional Authorized Users by an Organizational Administrator.
ChMS means YGG’s Church Management Software
Customer means any organization or individual who establishes an account with YGG or uses a Service but does not include individuals.
Data Controller has meaning given to it in the GDPR.
Data Processor has meaning given to it in the GDPR.
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of Personal Data, and repealing Directive 95/46/EC.
Organization Administrator means any user who has been granted permission to manage, access or make decisions concerning a Customer’s Account by the owner of that Customer Account.
Personal Information includes the following:
‘Personal data’ as defined in the GDPR
‘Personally identifiable information’ as defined in US data breach notification laws
‘Personal information’ as defined in the Privacy Act 1988 (Cth)
‘Personal information’ as defined in the Personal Information Protection and Electronic Documents Act (Canada)
Sub-processor has the meaning given to it in the GDPR.
Your Giving Group or YGG means Your Giving Inc (Delaware), which includes the trading name, “Tithe.ly”, and all wholly owned subsidiaries and affiliates. For a complete list of YGG’s wholly-owned subsidiaries and affiliates, click here.
Last updated October 2019.
