Raise a Data Privacy Framework complaint with PrivacyTrust
By accessing or using the Services, or by accepting our Terms and Conditions, Terms of Use (where applicable) or Services Agreement or any other terms that incorporate this Privacy Policy by reference, you agree on behalf of yourself and any organization that you represent (together, “you”) that you have read and understand this Privacy Policy and that you consent to the collection, use, and sharing of information as discussed below. If you do not agree with this Privacy Policy, do not access or use the Services. This Policy is incorporated into and made a part of our Terms and Conditions, Terms of Use (where applicable) or Services Agreement.
- Overview
FrontStream has developed this Privacy Policy to inform you how we collect data and use the data we collect. FrontStream provides a platform, applications, and our website (collectively, “Services”) specifically for fundraising activities by nonprofit and corporate customers.
In this Privacy Policy, “you” or “your” refers to a user of our Services who may use the Services directly through us or through one of our corporate customers (e.g., a nonprofit organization or other corporate entity) (“Customer”). For example, a you may be an individual seeking information from a Customer or you may be providing a donation to a Customer, and you use our platform or otherwise access the Services that we provide to the Customer. Please note that this Privacy Policy only covers the data we collect, and it does not apply to websites or services we do not control, including websites or services of our Customers.
Please review this Privacy Policy and our Cookie Policy carefully. If you have questions, please contact us. Additional contact details are at the bottom of this Privacy Policy.
- Data We Collect
When you use the Site, we collect and process the following types of information:
a. Information You Provide
You may register to use our Services, set up an account, make a donation, or respond to communications (e.g., surveys, polls, requests for feedback), we will collect the information you provide to us. This may include your IP address, first and last name(s), demographic information, mailing address, e-mail address, phone number, and credit card number. In the use of Services, you may also choose to disclose or provide your communication preferences, your physical location, and your demographic information (e.g., your age, marital status, ethnicity/race, and gender). All of this is “Personal Information,” because it can be used to identify you.
b. Information We Collect about You
We collect information about your use of our Services, including but not limited to: your Internet connections, computer equipment, web browsers, websites visited before using or accessing the Services, websites visited after leaving the Services, and other similar information about traffic and usage, as you navigate to, through, and away from our website. This is “Non-Personal Information,” because it does not identify you, but provides insights to us regarding the uses of our Services. For example, we use this information to generate statistical information, monitor and analyze traffic and usage patterns in connection with our Services, monitor and prevent fraud, investigate complaints and potential violations of our policies, and to improve the our content and the products, services, materials, and other content that we describe or make available through the Services.
In some jurisdictions, such as the United States, an IP address may be considered Non-Personal Information. In the European Economic Area an IP address is considered Personal Information under applicable data protection laws. If this is the case, we process Non-Personal Information for the same purposes as Personal Information under this Privacy Policy.
c. Geolocation Information
You may choose to allow us to access your location by granting the Services access to your location when prompted or through your device’s location services settings. You may change these settings on your device.
- How We Use Data.
FrontStream uses Personal information and Non-Personal Information for the following purposes:
- As necessary to perform the Services on your behalf or on behalf of our Customers with whom you may have an account and for other legitimate and lawful business purposes. This may include:
- Establishing accounts to use the Services
- Communicating with you in connection with Services or as a result of a request
- Communicating promotional materials, such as surveys, event notifications, newsletters, and other information
- Notifying you of changes made to the Services
- Maintaining a record of the donations and related activities in connection with your use of the Services
- Sharing with our corporate parents, subsidiaries, other affiliated entities, and associated entities for the purposes described in this Privacy Policy;
- Sharing with the recipient non-profit organization if agreed to by you when making a donation;
- Sharing with our service providers that perform certain business functions or services on our behalf and with whom are bound by contractual obligations consistent with this Privacy Policy;
- Evaluating and improving the Services;
- To comply with a legal obligation, a court order, or in order to exercise our legal claims, or to defend against legal claims;
- To prevent or investigate fraud (or for risk management purposes);
- To describe our Services to current and prospective business partners and to other third parties for other lawful purposes; and
- To conduct aggregate analysis and develop business intelligence that helps us to enhance; operate, protect, make informed decisions, and report on the performance of our Services. FrontStream may share this aggregate data with its customers, affiliates, agents and business partners. This aggregated data will not identify an end user as an individual. FrontStream may also disclose aggregated statistics prepared using Collected Information in order to describe our Services to current and prospective business partners and to other third parties for other lawful purposes.
- How We Disclose Data.
We do not sell or rent Personal Information to marketers or unaffiliated third parties. We do have trusted third parties and we may share your Personal and Non-Personal Information (“Collected Information”) with the following entities:
- Corporate Affiliates, including corporate parents, subsidiaries, other affiliated entities, and associated entities for the purposes described in this Policy;
- Service Providers that perform certain functions or services on our behalf, such as to host or assist with the Services, manage databases, process payments or donations, host a store or other e-commerce platform, perform analyses, or send communications for us. We require these service providers to comply with all applicable data privacy laws and regulations;
- Business Partners that assist in the delivery of the Services (e.g., merchant service providers, organizations holding fundraising events, vendors who have provided bidding items);
- Customers, as necessary to provide the Services;
- Authorized third parties, who are parties directly authorized by you to receive the applicable Collected Information, such as when a you authorizes a third-party application provider to access your account. The use of your Collected Information by an authorized third party is subject to the third party’s privacy policy; and
- Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- We may use and disclose Collected Information as we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
- Your Choice. We give you an opportunity to opt out where personal information we control about you is to be disclosed to an independent third party, or is to be used for a purpose that is materially different from those set out in our privacy policies.
- Other Services and Platforms. We work with third parties with whom we have a contractual relationship. For example, we use other third parties for in technical, payment, and delivery services, analytics providers, and search information providers. For example, when you submit credit card or debit card information, that Personal Information is provided directly to our third-party payment processor. In some instances, you may have a choice as to which third-party credit card processor you would like to use. Please refer to the privacy policy on any third party website.
As part of our fundraising platform, you may choose to link our Services to a third party account or platform. For purposes of this Privacy Policy, if you authorize or otherwise enable an account or platform operated by a third party, then you will control that connection (“Connection”). For example, you may create a Connection to a social media account, in which case, we will receive Personal Information from the social media provider through the Connection. All information we receive through a Connection will be subject to this Privacy Policy.
Please review the Privacy Policy of any and all third parties. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services.
- Security. Although we use security measures designed to protect your Personal Information, no data security measures are guaranteed to be completely effective. Transmission of information via the internet is not wholly secure, and we cannot guarantee the security of your Personal Information transmitted to or through the website or any of our Services. For example, please do not include credit card or other sensitive data (e.g., racial or ethnic origin, health, etc.) in your e-mails to us. Any transmission of such Personal Information is at your own risk. By using the Services, you acknowledge and accept these risks.
Please notify us immediately at privacy@FrontStream.com if you become aware of any unauthorized use of your password or account or any other breach of Service security or of this Policy. If our security system is breached, we will notify you of the breach as required by applicable law.
- Advertising. We use other third-party services to obtain, track, and store user information. For example, we use a customer relations management (CRM) software to manage data and information. We also use a third-party software to collect information from your browser and computer device in order to capture and analyze user behavior on our website. From time to time, we will use additional content or applications in the Services that is served by third parties, including advertisers, ad networks and servers, social media websites, content providers, and application providers. These third parties may use cookies alone or in conjunction with other Internet tracking technologies to collect information about you when you use our Services. We do not control these third parties’ tracking technologies or how they may be used. Note that if any of these third parties are members of the Network Advertising Initiative, you can visit the website to opt-out of unwanted online advertisements by clicking here.
- Access and Options. You have choices regarding our use and disclosure of Your Personal Data:
If you change your mind after opting to receive electronic communications, you may opt out of receiving such communications from us by communicating your preferences to us by e-mailing privacy@FrontStream.com, or by following the unsubscribe link contained in the applicable e-mail. We will comply with your request as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
In certain circumstances, you may also request that we delete your Personal Information, for example if our retention of your Personal Information is no longer necessary as part of the Services.
If you would like to review, correct, or update Personal Information that you have previously disclosed, you may do so by signing into your account or by contacting us. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Unless otherwise prohibited by law, we may charge you a fee for providing you with a copy of your data.
- Retention. We will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
- Use of Services and Privacy of Minors. We do not provide the Services to anyone under the age of 13. In accordance with the Children’s Online Privacy Protection Act (COPPA), we will never knowingly request or solicit Personal Information from anyone under the age of 13. Please notify us if we receive such Personal Information of anyone under the age of 13, and we will delete that information from our database as soon as is reasonably practical.
- Access from Outside the United States. If you are visiting the Services from outside the United States, please be aware that Collected Information may be transferred to, stored in, and processed in the United States, which is our suppliers’ servers and databases are located and operated.
- FrontStream as a Data Processor. We may collect, use, and disclose certain Personal Information about you when acting as service provider to a Customer. Customers are responsible for ensuring that your privacy rights are respected, and should include information to help you understand how third parties collect and use your data. To the extent that we are acting as a Customer’s data processor, we will process your Personal Information according to the terms of our agreement with our Customer and its lawful instructions.
- Filing a Complaint. If you are not satisfied with how we manage your Personal Information, you have the right to make a complaint to a data protection regulator.
- Updates to Privacy Policy. We may change this Privacy Policy from time to time. Any changes are effective when we post the revised Privacy Policy on or through the Services. Disclosures and notices in relation to this Privacy Policy or your Personal Information shall be considered to be received by you within twenty-four (24) hours after the time they are posted to our website or otherwise through the Services.
- Your California Privacy Rights. California Civil Code Section 1798.83 permits users of the Services who are California residents to request and obtain a list of what Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to webmaster@FrontStream.com.
- Australian Compliance
a. Access and Collection. Collected Information may be transferred to, stored in, and processed in the United States, and FrontStream will comply with the requirements of the Privacy Act that apply to cross-border disclosures of Collected Information.
b. Corporate Parents, Affiliates, and Subsidiaries, or Associated Entities. We may share Collected Information with our corporate parents, subsidiaries, other affiliated entities, and associated entities (as that term is defined under Australian law) for the purposes described in this Policy.
c. Privacy Complaints for Australian Users. If you have a complaint about how we collected or handled Collected Information, please contact us. We will endeavor in the first instance to deal with your complaint and take action to resolve the matter. If your complaint cannot be resolved at the first instance, we will ask you to lodge a formal complaint in writing, explaining the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved. We will acknowledge receipt of your formal complaint and indicate the timeframe that you can expect a response. We will endeavor to resolve the complaint as quickly as possible, but if the matter is complex and our investigation may take longer, we will let you know when we expect to provide our response.
If you are unhappy with our response, you may refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner or the Australian Communications and Media Authority.
- EU-U.S. Data Privacy Framework Principles and Swiss-U.S. Data Privacy Framework Principles. In addition to compliance with the General Data Protection Regulation 2016/679, Frontstream, dba FastTransact Merchant Services, FirstGiving, Inc., FrontStream DTI, LLC, FrontStream Fast Transact, LLC, FrontStream Holdings, LLC, FrontStream Panorama Workplace, Inc, FrontStream SaleSynergy, LLC, Frontstream, Inc., Innesfarm, Inc. d/b/a GiftWorks), SaleSynergy, LLC, BiddingForGood, Inc. d/b/a FrontStream, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Frontstream has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPFFrontstream has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit dataprivacyframework.gov.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, FrontStream commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact FrontStream at: privacy@FrontStream.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Frontstream commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Privacy Trust, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit privacytrust.com/cert/411716.html for more information or to file a complaint. The services of Privacy Trust are provided at no cost to you.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, FrontStream is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission(FTC).
In accordance with the DPF, FrontStream is also liable for onward transfers to third parties that process personal information in a way that does not follow the DPF unless FrontStream was not responsible for the event giving rise to any alleged damage.
Under specific circumstances, the DPF gives you the right to pursue binding arbitration, if you believe your privacy rights have been violated. You can do this to resolve complaints not resolved by FrontStream or its third-party dispute resolution provider, as described in Annex I to the DPF Framework.
This Privacy Policy may be updated to reflect changes in our practices or legal requirements. Please review this policy periodically for updates.
- Contact Us. Our Data Protection Officer can be reached by email at privacy@FrontStream.com.
If you have any questions or concerns about this Policy, please contact us by email at:
privacy@FrontStream.com, or in writing to:
FrontStream Payments Inc.
Attn: Privacy Team
2093 Philadelphia Pike #1677
Claymont, DE 19703
USA