The Services are intended, in part, to be a vehicle by which an entity founded and operated for the benefit of others, typically a not-for-profit, nonprofit, charitable, or tax-exempt organization (“organization“), could potentially receive or provide funding and donations. Likewise, CyberGrants provides online services using which foundations, corporate contributions departments, and other legal charitable organizations to track and manage such funding and donations.
CyberGrants’ clients who have entered into agreements with CyberGrants for our Services (“Clients”) may designate authorized users from among their employees, contractors, and agents, and invited members of the Client’s local community (“Authorized Users”) with the right to access and use our Services. Authorized Users include employees, contractors, staff, and agents of organizations. To access our Services you must be an Authorized User and at least eighteen (18) years old.
Information We Collect
The information that we may collect from or about you when you use our Services broadly falls into the following categories: information that you voluntarily provide to us, for example, your contact information and certain other personal information; information collected through your use of the Service, for example, account activity and data collected by the servers used to operate the Services; location information; data collected by tracking technologies; information collected when you connect with social media platforms using the Services; and data collected by embedded content.
How Personal Information Is Collected
You can visit and use our Sites without submitting personal information, but you will be required to submit personal information to use certain features of our Sites and other Services. We will collect any personal information from or about you that you choose to submit to us. We collect personal information when you register with or use our Services, when you use our Services to communicate via internal messaging with other employees, contractors, or agents of your employer, when you make a charitable donation, when you submit a request for a matching program, when you volunteer for a project that requires submission of contact information, when you participate in a blog, when you post User Content (as defined below) on our Services, when you fill out a form to download a whitepaper or request a demo, in receiving and fulfilling information requests, and when you respond to communications from us. Additionally, if you visit or register on a CyberGrants sponsored site through social media, we may also receive certain personal information from those social media sites, and/or post regarding your charitable activity.
Types of Personal Information Collected
The minimum personal information required to access CyberGrants’ standard Services may include: your name, your email address, payment information, your home and/or business mailing addresses, mail codes, business title, department, employee type or status, hire date, employee ID, and manager/hierarchy information.
Based on a Client’s request for a specialized program, there are exceptions to the minimum personal information collected and stored by CyberGrants. Authorized Users that are part of a Client’s specialized program must first contact the Client’s program manager or Human Resources department to receive the list of personal information collected and stored. If the Client does not respond in a timely manner, then please contact CyberGrants directly at firstname.lastname@example.org or email@example.com.
Donor Portal Account & Donation Information
If you are an Authorized User, you may be required to submit certain information to register for that account, including your name and employee ID.
We will collect all information you choose to provide when logged into your CyberGrants account, including, for example, your organization searches, matching gift and payroll contribution requests and activity, volunteer hours logged, and donation activity.
Donations made by Authorized Users may be made by credit or debit card. All credit and debit card information are provided directly to our PCI-compliant third-party payment processor. CyberGrants does not directly access, handle, or store your credit or debit card information. To make a donation using the Services, you will need to submit your name and your credit or debit card type, number, expiration date, security code, and billing address. Payment by credit or debit card is subject to the approval of the card issuer. We will not be liable in any way if a card issuer refuses to accept a credit or debit card for any reason. We will maintain a record of the donations and other gifts that you make using the Services and we will also collect all other information you and the Client choose to provide when making a donation or otherwise completing a transaction using the Services.
If you choose to make a donation through the Services, your contact information may be shared with the organization(s) which are receiving the donation. This information may include your full name, email address, telephone, and mailing address (including street, city, state, country, and ZIP/postal code). You may be given the ability to select, change, or anonymize this information before it is shared with the applicable organization(s) if your employer elects to activate that capability.
You are responsible for any comments, data, text, images, video, audio, and other content and material that you create, post, transmit, upload, publish, distribute, broadcast, submit, or otherwise provide using the Services (collectively, “User-Generated Content”). User-Generated Content that you provide is posted on or otherwise made available through the Services at your own risk. We cannot guarantee that User-Generated Content you provide will not be viewed by unauthorized persons or entities. You understand that, even after removal, copies of User Content that you have provide may remain viewable in cached and archived pages and may have been copied or stored by Internet archives and other users of the Services.
IP Addresses and Related Information
The servers used to operate and provide the Services may collect data pertaining to you and the equipment, software, and communication methods you use to access the Internet and the Services, including TCP/IP addresses assigned to the computers and other devices from where you access the Internet, your Internet Service Provider (ISP), your device ID, your approximate geographic location, your browser type, language preferences, referring and exit pages, URLs, date and time stamps, amount of time spent on particular pages, sections of the sites visited, clickstream data, search terms, operating systems, website traffic, and keywords. CyberGrants may use this information to administer the Services, the site and its servers, to generate statistical information, to monitor and analyze site traffic and usage patterns, to monitor and prevent fraud, to investigate complaints and violations of our policies, and to improve the site’s content and the products, services, materials, and other content that we describe or make available through the site and Services. We may combine this information with personal information, and information obtained from third parties for the purposes discussed herein. The service providers that we use to provide the site may collect information about your visits to the site and other websites.
Location Information, Cookies, and Other Tracking Technologies
“Session” cookies are temporary cookies used for various reasons, such as managing page views. Typically, your browser will erase session cookies once you exit the browser. “Persistent” cookies are more permanent cookies that are stored on your computer or mobile device after you exit the browser. Persistent cookies allow us to retrieve certain information that you have previously provided to us (e.g., your user ID if you asked for it to be remembered). Our Services may use both session and persistent cookies.
How We Use and Disclose Collected Information
If you submit a resume or other job application materials to us, we may use those materials to evaluate your qualifications and to otherwise consider or respond to your application for employment. Your submission of a resume or other job application materials does not in any way require CyberGrants to review that application or consider you for employment.
By virtue of applying for a grant with a CyberGrants’ client, grantseekers or organizations, as applicable, are consenting (opting-in) to CyberGrants’ use of the organizational information they provide in connection with that grant application. We communicate with organizations on a periodic basis via email or phone to resolve or investigate customer service issues. We may also use grantseeker and organization email addresses to notify you of updates to philanthropic activity and to send notices and other disclosures as required by law.
We will make User-Generated Content available to other users of the Services as applicable. For example, if you are an Authorized User and you create a volunteer event through the Services, other Authorized Users at the applicable Client will be able to view, copy, and use that information.
We may aggregate and anonymize personal information and other Collected Information to create anonymous aggregate data on Service users, which describes users as a group but does not reveal the identity of individual users. We may provide that data in response to a government request or to other third parties for lawful purposes and we may use that data to understand Service users’ needs, to determine Service user demographics and usage patterns, to determine what kinds of products and services we can provide, and to improve and enrich our products and services.
We do not share Collected Information with third parties for marketing purposes and we never sell your personal information to anyone or any organization. We may, however, share Collected Information with third parties without notice to you under the following certain circumstances:
- Service Providers – When we engage a service provider to perform certain business-related functions or provide services to us in connection with the Services, we only provide them with the information that they need to perform their specific function and as may be otherwise permitted by applicable law. These service providers include our Services management and hosting suppliers, payment processors, and public relations service providers. Our suppliers are authorized to and may use and disclose Collected Information as necessary for them to provide the applicable services to us. We may also share your information with any of our parent companies, subsidiaries, or other companies under common control with us.
- Legal Requirements – We may use and disclose Collected Information if required to do so by law or in the good faith belief that such action or disclosure is necessary or appropriate to (i) comply with any legal obligation, report unlawful activity, cooperate with law enforcement, protect against legal liability, or bring legal action in the event of a violation of our contracts, terms, or policies, (iii) protect and defend our rights, property, personnel, suppliers, sponsors, agents or licensors, or (iv) protect the personal safety or rights of users of our Services or the public. We may use and share personal and other Collected Information in order to investigate, prevent, and take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of CyberGrants’ terms, and as otherwise required by law.
- Business Transfers – Circumstances may arise where CyberGrants decides to sell, buy, merge, or otherwise reorganize our company. Collected Information may be transferred or otherwise disclosed to the successor of the transaction in the event of a corporate sale, merger, reorganization, dissolution, change of control, or similar event, or if assets sold include our agreements with our customers.
Third-Party Websites, Social Media, and Outside Services
We are not responsible for protecting any User-Generated Content you post on our Services or on social media web pages associated with CyberGrants. Any User-Generated Content you post on our Services or associated social media pages is unprotected and may be viewed by anyone with access to the applicable website or service, including, but not limited to, Client(s), Authorized Users, and other users of our Services.
User-Generated Content published on our Services or associated social media sites may also appear in search engine results (such as Yahoo!, MSN, Google, and other search engines) and in the cache of those search engines, feeds, and third-party websites pursuant to cobranding agreements. We have no control over updating and/or removal of User-Generated Content that appears on websites not controlled by CyberGrants, which is solely the responsibility of the search engines, third-party websites, and RSS web feed resources.
You acknowledge and agree that CyberGrants is not liable for the information published in search results or by any third party website that carries any User-Generated Content or personal information published on our sites or associated social media sites.
We communicate with Authorized Users on a periodic basis via email or phone to resolve or investigate customer service issues. We may also use Authorized User email addresses to confirm your philanthropic activity and to send notices and other disclosures as required by law. Authorized Users can remove himself or herself as a qualified donor by first contacting the applicable Client’s program manager or Human Resources department.
If you subscribe to our blog or otherwise opt in to receive promotions or communications from us, you will need to submit your email address. We will use this information to send you blog posts and other electronic communications. We may use third-party email providers to deliver these communications to you. CyberGrants offers you control over your privacy preferences regarding promotional e-mail. You may update these preferences at any time. Please allow sufficient time for your preferences to be processed.
You may opt out of receiving promotional e-mails from us when registering for an account by unchecking the box that asks whether you would like to receive e-mail updates about new features, products, and services.
You may unsubscribe from receiving promotional e-mails of certain types (or a companywide unsubscribe) at any time by following the unsubscribe instructions contained in the applicable email. When you receive a promotional e-mail from CyberGrants, it will contain a link that allows you to unsubscribe, however, you will continue to receive non-promotional e-mails from us, such as communications regarding the Services.
Accessing and Correcting Personal Information
CyberGrants needs your help in keeping the personal information you have shared with us accurate and up to date. If you have a CyberGrants account, you may, depending on the type of account, be able to make these updates yourself online by logging into your CyberGrants account.
CyberGrants is primarily a data processor and not authorized by our clients (the data controller) to correct, modify, or remove your Personal Information without a client’s consent. If you are an Authorized User, please first contact the applicable Client’s program manager or Human Resource department to request to correct, modify, or remove your personal information from the CyberGrants Services. If the Client is unable to help with your request, please contact us at firstname.lastname@example.org or email@example.com.
Our Sites and other Services are not directed at children under the age of 13. CyberGrants does not knowingly collect or use information from children under the age of 13 through the Services.
Access from Outside the United States
If you are accessing or using our Services from outside the United States, please be aware that Collected Information may be transferred to, stored in, and processed in the United States (where our and our service providers’ servers and databases are located and operated). The data protection and related laws and regulations of the United States might not be as comprehensive as those in the country from which you are accessing the Services.
Important Notices to Non-U.S. Residents/EU-U.S. Privacy Shield Certification/ Swiss-U.S. Privacy Shield Certification
To adhere and comply with Privacy Shield principles and requirements, CyberGrants is providing the following information and notice:
- The types of personal information collected are described above under the section entitled, “Information We Collect.”
- CyberGrants does not disclose personal information to subsidiaries or third parties; however, personal information is backed up and stored at an offsite location with third-party vendors, Navisite, LLC, located in Andover, MA, and Access, located in Peabody, MA, who lawfully cannot access the data, as the data is stored in an obfuscated manner with encryptions and other protections. The third-party vendor has agreed with CyberGrants not to transfer any data to another party, vendor, or organization.
- You have a right to access your personal information. Please first contact the client’s program manager or your employer’s Human Resource Department to inquire about access to your personal information provided to CyberGrants.
- You have the right to opt out of having your personal information collected by CyberGrants. Please follow the instructions under the Accessing and Correcting Personal Information section above.
- You have the right to be notified if the information you disclosed is to be disclosed to a new third party or to be used in a materially different purpose other than originally collected. You will be notified by CyberGrants through your employer or through the Terms and Conditions on the CyberGrants website.
- CyberGrants is subject to the enforcement powers of the Federal Trade Commission.
- CyberGrants is required to disclose personal information in response to lawful requests by public authorities, including, but not limited, to meeting national security or law enforcement requirements.
- CyberGrants is liable in cases of onward transfer to third parties, except for cases of unlawful misconduct by unauthorized users or intentional violation of CyberGrants contractual agreements.
- CyberGrants standard Services does not require the collection of sensitive information, which includes: medical, health conditions, race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, or sex life. Collection of sensitive information is only based on a Client’s request (the Data Controller) for a specialized program. If such sensitive information is ever collected, you must express affirmative consent to opt in for use of that sensitive information if that information is to be disclosed to third parties or used for purposes other than those originally collected.
- CyberGrants takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction by taking into due account the risks involved in the processing and the nature of the personal information.
- CyberGrants only processes personal information that is compatible for CyberGrants’ general purpose for processing.
- You have the right to access your personal information and be able to correct, amend, or delete the information when it is inaccurate or processed in violation of the Principles, except where the burden or expense of providing such access would be disproportionate to the risks of the individual’s privacy or the other person’s rights would be violated. CyberGrants will expeditiously respond to your complaints. First, contact the Client’s program manager or your employers’ Human Resources Department to access, amend, or remove your personal information or any other complaint regarding your personal information. If your employer does not respond within an expedient timeframe, then CyberGrants will respond and attempt to resolve your complaint.
We will investigate your question, respond to your inquiry, and attempt to resolve any concerns regarding your privacy question. Cyber Grants has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
For residual complaints not resolved through these channels, under certain conditions, to invoke binding arbitration before a Privacy Shield Panel, pursuant to Annex I of the Framework.
CyberGrants will expeditiously respond to your complaints regarding human resources data. First contact your employers’ Human Resources Department to access, amend, or remove your personal information or any other complaint regarding your personal information. If your employer does not respond within an expedient timeframe, then CyberGrants will respond and attempt to resolve your complaint. With respect to complaints involving human resources data collected in the context of the employment relationship, CyberGrants commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss FDPIC and to comply with their advice.
Important Notices for EU General Data Protection Regulation (GDPR)
CyberGrants has updated internal policies to align with EU General Data Protection Regulation (GDPR). Please visit our policy statement located here EU General Data Protection Regulation (GDPR).
We use SSL (Secure Sockets Layer). This measure of protection is used by many electronic commerce sites and on-line banks to protect personal and financial information.
CyberGrants will not retain your personal data longer than is necessary to fulfill the purposes for which it was collected or as required or permitted by applicable laws or regulations. For personal information that we process on behalf of our clients, we will retain that personal information in accordance with the terms of our agreement with each client, subject to applicable law.
Contact Us: Inquiries, Access, and Updating Your Personal Data