Effective Date: 31 October 2019
What this Policy Covers:
- Information we collect about you
- How we collect your personal information
- How we use your personal information
- How we disclose your personal information
- Security and retention of personal information
- International transfers of personal information
- Your rights in relation to personal information
- EU GDPR matters
- Contacting us and complaints
Thank you for using the services of Your Giving Group (YGG). We build Services for churches, ministries and other organizations to help you increase giving and engagement.
2. Our services
Our Services include:
- Giving and Payment Processing Platform including Text Giving, that enables Text-to-Give functionality; and QuickGive™ (giving with one tap).
- Church Management Software
- Website Services
- Custom Church Apps
We reserve the right to upgrade, maintain, tune, backup, amend, add to or remove items from, redesign, improve or otherwise alter our Services at our sole and absolute discretion.
3. Information we collect about you
1. Customer Information
We collect information from people who visit our website, make enquiries or otherwise contact us, trial our software, or set up and operate an account on behalf of an organisation (including Organisation Administrators and Authorized Users). We call this ‘Customer Information.’
The Customer Information we collect includes:
- Name, email address and phone number and other contact details;
- Organisation name, location, website and number of members;
- Financial information such as your organisation’s bank account details and Tax ID;
- Legal representative information such as name, address, date of birth and copy of personal identification;
- Electronic data such as IP addresses.
We collect and process this information as a Data Controller (for GDPR purposes).
2. Individual Information
Personal information is also collected from individuals who use our Services to interact with, or donate to, organisations. We call this information ‘Individual Information.’
Information collected from individuals includes:
- Name, email, phone number, address, and contact details;
- Other information required for verification purposes such as date of birth and copy of personal identification;
- Donation amount and designation of funds;
- Payment information such as bank account details or credit / debit card information.
We collect and process Individual Information as a Data Controller (for GDPR purposes).
More detailed information about the data collected in relation to the use of any Giving Service is included in the YGG Terms of Service.
3. Customer Collected Information
You may use our Services by attending an event hosted through Events, or by using an account in our Church Management Software which will have been set up by your Organization Administrator.
We call information collected for these services ‘Customer Collected Information.’
Organisations who use our Church Management Software upload or support the uploading of information about their congregations, members and other individuals. In this case, your Organisation Administrator determines what personal information they will collect from you. That information is usually not disclosed to us nor do we have any right to use that information.
We process Customer Collected Information as a Data Processor (for GDPR purposes).
We assume that organisations collect and process all Customer Collected Information lawfully, and in accordance with their obligations as Data Controllers pursuant to the GDPR and other applicable data protection laws.
4. Sensitive Data
The Customer Information, Individual Information and Customer Collected Information processed as part of our Services will include “special category data” for the purposes of the EU GDPR, or “sensitive data” under other privacy laws, as it includes information that relate to an individual’s religious affiliation.
We need your consent to collect this type of data (where we are acting as Data Controller as outlined above). To support this requirement, we have included confirmation of your consent in our on-line forms and on our website. If you do not provide this information, we may not be able to provide our Services.
Customer Collected Information is also special category or sensitive information, but this information has been collected and is processed by your church or other organisation as Data Controller.
If you are concerned about the Customer Collected Information that has been included in any of our Services, we recommend you contact the organisation you are affiliated with.
5. Cookies and Web Beacons
YGG may collect information through the use of common information-gathering tools such as web beacons or cookies.
- A cookie is a small string of text that a website can send to your browser which helps the Site remember and customize your visit. You have the option to delete or decline cookies by changing your browser’s settings.
- Web beacons help sites to understand the browsing, viewing, and click activity of visitors to our site.
6. Other information
YGG may also collect information from your interaction with the Site, such as statistics in connection with pageviews, IP address, and standard web log information.
Other information that may be collected includes the average donation amount, the geographic breakdown of donations by area, what times of the day have the heaviest traffic, and which type of charity receives the most gifts. This information, collected in the aggregate, allows YGG to better serve all users and in the development of new products and services. None of this information is used to identify individuals.
When browsing the Site through a mobile phone or mobile application, we will attempt to collect your location through GPS in order to pair you with nearby churches and not-for-profit organizations for donation purposes. You may remove this location sharing authorization.
YGG does not knowingly collect any Personal Information from or about a child (which we generally regard as anyone under the age of 16 years, subject to local law requirements) without the consent of the child’s parent or legal guardian. We may ask for evidence of a user’s date of birth to help us verify this.
If we discover that we have inadvertently collected information from a child without the appropriate consent, we will promptly take all reasonable measures to delete that data from our systems.
4. How we collect your personal information
We collect Customer Information and Individual Information directly through forms on the Website or when an Organization Administrator or other individual signs up for a Service or establishes an Account directly with us.
We may also collect information:
- When you interact with us via our website, Chatbot or other online channel;
- When you connect with us via one of our social media platforms.
- When you contact us via email or over the phone.
Customer Collected Information is collected by the organization you are connected to, including when you interact with one of the YGG Services. In most cases, YGG does not directly collect or control any Customer Collected Information.
If you are concerned about the Customer Collected Information that has been included in any of YGG’s Services, we recommend you contact the organisation you are affiliated with.
5. How we use your personal information
1. Use in delivering services
We will only use Personal Information for purposes related to building and providing you with great products and services and giving you a great experience. These purposes include:
- To provide organisations and Individuals with the goods and services they have requested;
- To allow users to create or register and manage accounts;
- To enable individuals to give to organisations via a Giving account, and to administer Giving accounts, including pre-authorised recurring donations.
- To enable us to administer accounts, including billing and dealing with payment issues;
- To respond to requests, enquiries or complaints and other customer care related activities;
- For administrative purposes including fraud and security checks;
- To improve our website and Services and support the development of new products and services, including undertaking surveys and market research;
- To generate statistics and aggregate reports for internal and external use;
- To improve our understanding of all our Customers and our broader community, to help give all users and visitors a great experience.
We reserve the right to use all data collected, processed or derived by us in relation to the Services, for the purpose of industry trend and best practices reporting, statistical analysis and research relating to the development or improvement of any of our services or products. We will not publish or disclose statistical findings of individual Customer or Donor activity.
We will not use your information for purposes other than described in this Policy unless we have your consent or there are specified law enforcement or public health and safety reasons or other uses required by law.
2. Direct Marketing and Mailing List
We may communicate directly with you by sending newsletters, promotions, charitable stories and other updates about our products and services.
If you do not wish to receive marketing communications from YGG, you may unsubscribe by:
- following the instructions in the communications sent to you; or
- contacting us by email to firstname.lastname@example.org.
YGG does not participate in bulk email solicitations (i.e., “spam”) without your consent.
Your Personal Information will not be disclosed to third party marketers. We never sell, share, or otherwise use personal information for any commercial purposes outside of YGG. However, we may share aggregated anonymous information with third party advertisers, but this aggregated anonymous information cannot be matched with you personally unless you voluntarily share your Personal Information with the third-party advertisers.
3. Other sharing
Personal data may be shared among the different members of the YGG group (subject to compliance with any legal restrictions on cross-border transfers).
YGG may disclose or transfer personal information to a third party in the event of a proposed or actual purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, transfer, conveyance or financing of all or any portion of YGG in order for you to continue to receive the same services from the third party.
6. How we disclose your personal information
Unless you consent, we will not disclose any Customer Information or Individual Information to third parties, other than data processors or sub-processors we use as part of delivering our services.
1. Processors and Sub-processors
A list of the data processors used by us is available here.
For all our processors and sub-processors:
- each has agreed that it will only access and use personal information to the extent necessary to perform the functions contracted to it by us and which are necessary for us to be able to provide the Services;
- we ensure that they will comply with all the obligations contained in this Policy either as part of the terms of service we have with them or pursuant to their commitment as organisations that have certified as being compliant with the EU-US Privacy Shield arrangement.
2. Optional Third-Party Services
We give our Customers the option to use services that may involve third parties. This may be done via a link to another service or website and may include, as an example, links to PayPal or Stripe for online payment as part of our ChMS service.
The decision to use these services is at the discretion of each Customer.
Although we try to only partner with reputable and trustworthy suppliers, we cannot control or be responsible for the policies of other sites we may link to, or the use of any personal information you may share with them. Please note that this Policy does not cover these other websites, and we recommend that you review the privacy policies attached to the use of those services and websites before deciding whether to proceed.
If you do not want your Individual Information to be shared with third parties for example for the purposes of emailing or texting you or supporting event registration, please let the Organization you are affiliated with know and they can disable these services for you.
3. Financial Information
When undertaking a financial transaction via our Services, for example, when lodging a donation, you may provide information including credit, debit or bank account details, and your name and address (“Financial Information”). YGG does not disclose Financial Information except to the appropriate banking institutions or payment processing provider in order to process a credit or debit authorization for payment, or to resolve a dispute or for other related purposes.
YGG does not have any access to your Financial Information inputted via third party payment processors
4. Social Networks
We use social networking services such as Twitter, Facebook, Instagram and YouTube to communicate with Customers, Organisation Administrators, Authorized Users, organizations and the public about our Services. When you communicate with us using these services, we may collect your personal information. The social networking service will also handle your personal information for its own purposes.
Our Site may also contain links to websites not affiliated with the YGG.
These social networking and non-affiliated sites have their own privacy policies and we recommend that you review them. We cannot control or be responsible for the policies of other sites we may link to, or the use of any personal information you may share with them.
7. International Transfers of Personal Information
Some of the processors and sub-processors we use are located in jurisdictions including Australia, the US, the United Kingdom and the EU. Use of their services may involve the cross-border transfer of personal information. YGG also has offices and employees located globally, for example, in the USA and Australia. This means that the YGG may process personal information in another country from time to time.
In all cases, appropriate safeguards for the purposes of the GDPR and other laws which restrict the cross-border flow of personal information, have been established and are maintained, whether in the form of standard contractual clauses, appropriate inter-company agreements, adequacy measures or through ensuring certification with the US-EU Privacy Shield. For more information, please refer to our Terms of Service (and the YGG Data Processing Addendum).
8. Security and retention of personal information
1. Securing your account
Access to your account is secured via unique user passwords. You can help to keep your personal information secure by ensuring that any password you use is kept strictly confidential and by logging off when you have finished using a shared computer.
More information about your security responsibilities are included in the Terms of Service.
2. Data Security
We take steps to protect the security of the personal information we hold from both internal and external threats by:
- regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information
- conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
- encrypting the transfer of data all the way from the browser to where the data is stored. We use HTTPs and all our data is encrypted at rest.
3. Data Breaches
Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while YGG attempts to protect all Personal Information, YGG cannot ensure or warrant that Personal Information will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network.
If a data breach (as defined by applicable laws) involving Personal Information occurs, YGG will:
- notify you of it as soon as reasonably possible after it comes to our attention;
- take reasonable steps to secure the affected data and minimise harm to all individuals; and
- provide you with whatever reasonable assistance might otherwise be required.
Please note, our obligations in regard to notification of data breaches may vary depending on whether we are acting as Data Controller or Data Processor in regard to the Personal Information affected by the data breach.
4. Retention of Personal Information
Generally, we will keep Personal Information for as long as a Customer is actively using YGG’s Services or the period during which any legal claim may be made in regard to the provision of Services in accordance with legal requirements or to meet our legal obligations. For example, we hold billing records, and any information associated with those records (such as the number of members a Church had) for 7 years.
If we hold personal information about you, and we do not need that information for any purpose, we will take reasonable steps to securely destroy or de-identify that information unless we are prevented from doing so by law.
We apply the following rules to the permanent deletion of information:
- Customer accounts and associated Individual Information, where there has been no activity for more than 7 months (and where not required for YGG’s own records or administrative processes) will be deleted permanently; and
- Individual Information which has been deleted or disabled, will be permanently deleted or de-identified 90 days after deletion or disabling (or 18 months where members have financial data associated to them).
9. Your rights in relation to personal information
1. Access and Amendments
If you would like to request details about Customer Information or Individual Information that we hold about you and how we process it, contact us via the contact details below and we’ll be more than happy to help.
If you ever wish to amend personal information held by us, you may do so by:
- logging into your account using your login credentials and password; or
- contacting us at email@example.com or via the contact details below.
2. Deleting your Personal Information
Persons who wish to delete any personal information held by YGG can contact us via the contact details below and we’ll be more than happy to help.
In relation to Customer Information, an Organization Administrator can ask us to delete Customer Information at any time, and we will delete it from all live systems and make sure we do not process it further in any way (other than as we may need to support your account or for other reasonable administrative or legal purposes, such as billing).
Customer Collected Information
Organizations also can delete or disable Customer Collected Information at any time.
Individuals who wish to delete or stop the use of their Customer Collected Information for the purposes of any of the Services should contact the organization they are affiliated with directly. If an individual feels their organization has not dealt with their request promptly or effectively, we will work with the relevant data controller to attempt to resolve their request.
3. Other Rights
Under the GDPR, persons residing in the European Economic Area (‘EEA) may also be entitled to, at any time:
- Withdraw consent to our use of your information for marketing purposes.
- Object to the processing of your personal data, where we collect personal data on the basis of legitimate interests; and
- Request your personal information be transferred to yourself or a third party without hindrance in a commonly used format.
You may also wish to make a complaint about the way we have handled your personal information or other interference with your privacy rights.
You can exercise any of these rights at any time by contacting us (see ‘Contact Details’, below) or your relevant privacy or data protection authority.
10. Additional EU GDPR Matters
This information is relevant for organisations and individuals who use our Services and are currently residing in the European Economic Area.
1. Lawful Bases for Processing Personal Data
At least one of the lawful bases set out in Article 6 of the GDPR must apply in relation to a given processing activity. The lawful bases for YGG’s processing activities are as follows:
- Customer Information – Collection is necessary for the performance of a contract (to provide you with our services) or for legitimate business interests.
- Individual Information – Collection is necessary for the performance of a contract (to provide you with our services) or for legitimate business interests.
- Customer Collected Information – Refer to your Organization Administrator.
- Customer Enquiry/Support Records – Collected for our legitimate interests, namely to record your query, to be able to provide you with support and continuity in our customer service.
2. Data Protection Officer/EU Representative
YGG has appointed an external Data Protection Officer (DPO) and EU Representative to help ensure that we meet our obligations under the GDPR.
If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact either us (see ‘Contact Us’, below) our DPO, EU Representative or UK Representative using the following details:
Data Protection Officer:
Dr Jodie Siganto
Privacy 108 Consulting Pty Ltd
PO Box 3295
Yeronga, QLD, 4104
1-2 Marino Mart
Fairview, Dublin 3
372 Old Street
EC1V 9AU, London
11. Contact Details
If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact us:
Phone (US): (424) 228-8870
Phone (AU): +61 (0) 7 3062 2359
Mail to the following address:
901 Woodland St.
Nashville, TN 37206
Chief Privacy Officer
Elvanto / Your Giving Group
PO Box 1201
Elanora QLD 4221
We will endeavour to respond to your request as soon as reasonably possible.
For Australian visitors, the Office of the Information Commissioner is a great resource.
In this Policy, these terms have the following meanings given:
Authorized Users are users who are granted permission to access the Services by either (i) a Customer, (ii) an Organization Administrator, or (iii) another Authorized User that has been given the permissions to add additional Authorized Users by an Organizational Administrator.
ChMS means YGG’s Church Management Software
Customer means any organization or individual who establishes an account with YGG or uses a Service but does not include individuals.
Data Controller has meaning given to it in the GDPR.
Data Processor has meaning given to it in the GDPR.
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of Personal Data, and repealing Directive 95/46/EC.
Organization Administrator means any user who has been granted permission to manage, access or make decisions concerning a Customer’s Account by the owner of that Customer Account.
Personal Information includes the following:
‘Personal data’ as defined in the GDPR
‘Personally identifiable information’ as defined in US data breach notification laws
‘Personal information’ as defined in the Privacy Act 1988 (Cth)
‘Personal information’ as defined in the Personal Information Protection and Electronic Documents Act (Canada)
Sub-processor has the meaning given to it in the GDPR.
Your Giving Group or YGG means Your Giving Inc (Delaware), which includes the trading name, “Tithe.ly”, and all wholly owned subsidiaries and affiliates. For a complete list of YGG’s wholly-owned subsidiaries and affiliates, click here.
Last updated October 2019.