Document information and change log

Document Information

Change log

Gender And Entity Neutrality

The masculine form is used solely for the sake of better readability. It always refers to persons of any gender identity (m/f/diverse). This document uses the abbreviation “Give” for all legal entities and subsidiaries.

1.  Give Corporation Privacy Policy - United States        3

Purpose        3

Scope        3

Policy Statement        4

Definitions        4

Information Collected        4

2. California Consumer Privacy Act (“CCPA”)        5

CCPA Key Provisions        5

3. General Data Protection Regulation (“GDPR”)        6

4. Compliance        6

5. Data Handling Guidelines        6

Purpose of Collecting Information        6

Third-Party and Automatically Provided Information        7

"Do Not Track" Disclosure        8

Use of Information Obtained by Give        8

Sharing of Information with Third Parties        8

Security        10

Location        10

Children        10

6. Privacy Choice and Consent Policy        11

Giving Consent        11

Types of Consent        11

Choice Mechanisms        11

Consent Management        12

Data Sharing and Third Parties        12

Right to Access and Modify Consent        12

Accuracy and Completeness of Information        12

Right to Update or Correct Personal Information        13

Procedure for Updating Personal Information        13

Request Response        13

7. Responsibilities        13

Team Member Responsibilities        14

Confidentiality and Privacy Role        14

Contacting Give        15

1.         Give Corporation Privacy Policy - United States

This Privacy policy reflects how GiveCorporation Inc., and all its subsidiaries ("Give" or "we") provide its payment services (the "Services") through third party websites ("Platforms"), such as marketplaces, business tools providers, and crowdfunding sites. As used in this Agreement, "Service" refers to Give Corporation's payment processing services, as well as our website, any software, programs, documentation, tools, hardware, internet-based services, components, and any updates (including software maintenance, service information, help content, bug fixes or maintenance releases) thereto provided to you by Give Corporation, directly or indirectly. Platforms provide Give's Services to their end users ("Users" or "you") by integrating with Give's application programming interface ("API"), which also enables the Platform to provide User information to Give and receive information from Give. This Privacy Policy addresses how Give handles all User information, including User information provided by you, User information provided by the Platform, and User information obtained by Give from third parties. Give's Privacy Policy describes the ways we collect, use, and share User information. We may amend this Privacy Policy at any time by posting a revised version at this link. The revised version will be effective at the time we post it, unless we provide additional notice or an opportunity to "opt-in" because changes are material or retroactive.

By using the Services, you are accepting the practices described in this Privacy Policy. By using a Platform that has integrated with Give's API, you are also accepting the practices described in the Platform's Privacy Policy, which you should review carefully. Any information you enter on the Platform's website or application, or on Give pages, fields, or resources that are integrated with the Platform's website or application, may be shared with the owner of the Platform website or application, subject to the requirements of the Payment Card Industry Data Security Standard (PCI-DSS) and applicable law. Give is not responsible for the content or information practices of Platforms.

Purpose

The purpose of this Privacy Awareness Policy is to ensure that all team members, contractors, vendors and partners of GiveCorporation understand the importance of privacy and data protection. This policy provides guidelines on how to handle, process, and protect personal information responsibly.

Scope

This policy applies to all team members, contractors, and third-party service providers who have access to personal information processed by GiveCorporation or Human Resources records. It covers all forms of data, including digital, paper, and oral communication.

Policy Statement

GiveCorporation is committed to maintaining the privacy and security of personal information of both consumers and team members. We recognize the importance of data protection and are dedicated to upholding all relevant legal requirements, industry standards, and best practices.

 Definitions

• Personal Information (“PI”): Any information that can identify an individual, either directly or indirectly, such as web browsing activity.
• Personal identifiable Information (“PII”): Information that directly identifies an individual.
• Sensitive Personal Information: Sensitive Personal Information is a subset of PI and is data that requires higher levels of protection, such as financial information, health records, or government-issued identification numbers. Sensitive information is more vulnerable to being exploited to cause harm. We do not collect health records.

The following are examples of PII:

• Name
• Address
• Social Security number
• Telephone number
• Email address
• Gender
• Race
• Birth date
• Geographic indicator
• Biometric records, e.g., fingerprints.

Information Collected

Give collects three types of information: information that Users/team members intentionally provide to Give or the Platform, information about Users/team members that third parties provide to Give or the Platform to augment or verify that information, and information automatically provided by Users as they interact with the Give or Platform website. Information that can be used to identify, contact, or locate a User is "personally identifiable information." Automatically provided information that uniquely identifies a device or browser is not personally identifiable information, unless it is linked to a particular User.

2. California Consumer Privacy Act (“CCPA”)

The California Consumer Privacy Act (“CCPA”) allows Users to know how their information is being collected, when and if sold. Users are able to opt-out. We process consumers located in California personal information in accordance with the California Consumer Privacy Act of 2018 (CCPA). This act empowers consumers who are California residents with the right to inquire about personal information collected by businesses covered under the CCPA. As such, California consumers have the right to request access to their personal data, submit requests for deletion, and, if applicable, opt-out of the sale of their personal information. However, it's important to note that these provisions do not extend to personal information that is collected, processed, shared, or disclosed by financial institutions under federal law, such as the Gramm-Leach-Bliley Act.

CCPA Key Provisions

Protection under the CCPA also protects information that can identify a person even without contact information being present. The following are the key provisions of the CCPA:

• Right to Know: Organizations must disclose to California consumers who request to know what personal information is being collected on them and how the organization uses and shares the information.
• Right to Delete: With a few  exceptions, a California consumer can request the organization to delete the personal information that was collected from them and the organization must honor the requests.
• Right to Opt-Out: A California consumer can opt out of the sale or sharing of their personal information, and the organizations must provide a clearly visible link on its website to opt-out of selling personal information.
• Right to Limit Use and Disclosure of Sensitive Personal Information: California consumers have the right to limit the use and disclosure of their sensitive personal information that has been collected on them.
• Private Right of Action: Organizations must protect the personal data of California consumers. Consequently, consumers can sue an organization if it did not protect their personal information adequately by appropriate security measures, such as encryption or redaction.
• Privacy Policy Disclosures: Organizations must provide California consumers with a written statement stating the collection, use, sharing, and sale of consumers’ personal information online and offline. The organizations’ privacy policies must include specific and detailed information.

The consumers’ requests include all data collected and stored on them, the category sources of the information such as medical, financial, etc., the purpose of collecting and selling the information and a list of third parties that have access to the information. GiveCorporation must comply with the California consumer request in accordance with the CCPA. The CCPA also covers collecting employee data, conducting background checks, and monitoring programs.

3. General Data Protection Regulation (“GDPR”)

GiveCorporation only processes minimal personal information for European Union (“EU”) residents.  GiveCorporation is compliant with the General Data Protection Regulation (“GDPR”).  GDPR allows Users to know how their information is being collected, when and if sold. EU residents users agree and clearly consent before having their personal data processed. Unlike the CCPA, the GDPR does not apply to personal information that is used for personal or household activities. Processing “sensitive personal data,” is prohibited unless the specific requirements are met.

4. Compliance

Failure to comply with this policy may result in disciplinary action, including termination of employment or contracts. All team members and third-party service providers must agree to abide by this policy.

5. Data Handling Guidelines

Purpose of Collecting Information

Give collects only the personal information that is necessary for the business, employment or vendor purposes. and uses personal data only for the purposes stated at the time of collection. Explicit consent will be obtained from you if data will be used for additional purposes. The personal data is stored securely, using encryption and other security measures. The information is limited to authorized personnel only. Personal data is shared with third parties only when necessary and with proper safeguards in place. Third parties must comply with privacy laws. Personal information is stored only as long as necessary for the purpose it was collected, or as required by law.

User Provided Information

Users either accept payments as "Merchants" or make payments as "Payers." A Merchant must provide the Merchant's name, identification document, selfie to confirm your ID, email address, a self-selected password, street address, telephone number, tax identification number, merchant category code, date of birth (if a natural person), and bank account information. A Merchant may provide additional information, such as a link to its website or social media account, in order to accelerate account activation and qualify for faster disbursement of funds.

A Payer who is paying with a credit or debit card must provide the Payer's name, card number, expiration date, CVV code, country, and zip code. A Payer who is paying by ACH or EFT must provide the Payer's name and bank account information.

Merchants or Payers may voluntarily provide additional information to Give or the Platform, for example, when seeking customer support or in response to surveys or other inquiries.

Third-Party and Automatically Provided Information

Give or the Platform may obtain information about Users from third parties, such as identity verification services, credit reporting services, and social networks such as Facebook, LinkedIn, Instagram, etc.. The Platform may provide Give with additional information, such as the User's transactional history on the Platform.

Give or the Platform may automatically record certain information about or related to your use of the Services and the Platform that is made available through your computer. Three such technologies are described below.

Log Files - Give or the Platform may collect internet protocol (IP) address, browser type, device ID, internet service provider (ISP), information about your computer and software, links, materials you request, your approximate location, referring/exit pages, date/time stamp, and other metadata. Platforms may embed Javascript code into page loads, which instructs Users' web browsers to make web requests back to our servers to collect information about User page views and other activities.

Cookies - Give or the Platform collects certain information from the User's browser using small data files called "cookies." For example, Give or the Platform may use session cookies to help recognize a User who visits multiple website pages during the same session, so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser. By default, Give or the Platform also uses persistent cookies to collect, store, and track information. For example, Give or the Platform uses persistent cookies to store the User's login ID (but not the User's password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only we can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Services.

Clear GIFs and Web Beacons - Give or the Platform may employ a software technology, called clear gifs or web beacons, that helps us better manage content on the Give or Platform website, and in Give or Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a User's computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

Use of Google reCAPTCHA

To ensure the security of our services and to protect against automated abuse (such as bots or spam), Give Corporation utilizes Google reCAPTCHA on certain parts of our website and services. The use of reCAPTCHA helps us verify that interactions with our services are performed by humans, not automated systems.

By using our services, you acknowledge and agree that:

1. Google Privacy Policy and Terms of Service Apply: The implementation of reCAPTCHA is governed by the Google Privacy Policy and the Google Terms of Service. These policies detail how Google collects, uses, and protects the data it processes through reCAPTCHA.

2. Data Collection by reCAPTCHA: reCAPTCHA may collect certain information about your interaction with our website, such as:

• Your IP address.
• Browser and device information.
• The time and duration of your interaction.
• Other behavioral patterns to determine whether activity is human or automated.

3. Purpose of Use: The information collected via reCAPTCHA is solely used to secure our platform and prevent malicious activity. It is not used for advertising purposes by Give Corporation or shared with third parties beyond Google for the specific purpose of bot prevention.

By continuing to use our website and services, you agree to the processing of your data by Google as described in its Privacy Policy and Terms of Service.

"Do Not Track" Disclosure

Give does not currently respond to web browser "Do Not Track" signals or other mechanisms that provide a method to opt out of the collection of personally identifiable information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy policy. Platforms may collect personally identifiable information about a User's online activities from you or from the Give Services. Please refer to the Platform's Privacy policy for information regarding its own "Do Not Track" policy.

The Gist,

We collect and store certain information about you. This information may be provided directly by you, a platform partner, or Give may collect it based on your use of the website.

Use of Information Obtained by Give

Give uses User information primarily in order to develop, operate, support, maintain, enhance and provide the Services or for employment. Give also uses User information to process payment transactions; to provide receipts and reports; to resolve disputes, collect fees, and troubleshoot problems; to customize, measure, and improve the Services; and to enforce our agreements with Platforms and our Terms of Service and Merchant Agreement with Users.

Give also uses User information to detect and prevent fraud and other potentially illegal activities. Give may combine User information with information from other sources using proprietary algorithms to calculate a measure of the risk that a particular User or transaction is fraudulent ("Risk Score").

Give uses User information for our administrative and operational purposes. Give or the Platform may notify you of changes in the Services, or may solicit your feedback, or may conduct market research, or may send you promotional materials. To unsubscribe from promotional emails, click the "unsubscribe" link in the email.

The Gist,

Give uses information collected about you in order to meet legal obligations and provide a better service.

Sharing of Information with Third Parties

Give may share User information with third-party service providers who help with certain parts of our business operations including settlement, security, validation of user credentials, secure data storage, marketing, customer service, and other services. Give requires that these service providers use personally identifiable User information only in connection with the services they perform for Give. In particular, the Services integrate ACH authorization services.

Give also may share non-personally identifiable User information with third parties that help us better understand how Users use our Service or help us detect and prevent fraud and other unauthorized or suspicious activity. These third parties may use cookies and other technologies to collect non-personally identifiable information about Users and combine it with similar information collected from others. They may use this information to help Give to better understand our Users, and to help their other customers better understand their users.

A Give Risk Score is not personally identifiable information, and Give may share it (and other similar information generated by Give) with Platforms or other third parties. Give claims ownership of Risk Scores and similar analytical results that we generate using User information, whether alone or in combination with other information. Give may use, disclose, or sell Risk Scores in Give's sole discretion.

Give may share User information in the event of a merger, acquisition, debt financing, sale of all or a portion of our assets, or similar transaction, or in the event of insolvency, bankruptcy or receivership in which User information is transferred to one or more third parties as one of our business assets. Should such an event occur, Give will endeavor to assure that the acquirer, successor, or assignee (as the case may be) follows this Privacy policy with respect to User information. If User information could be used contrary to this Privacy policy, Users will receive prior notice as well as the opportunity to opt out.

Give may share User information with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when Give believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect Give's property or legal rights (including, but not limited to, enforcement of Give's Terms of Service, Merchant Agreement, and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.

Except as expressly disclosed in this Privacy policy, Give will not sell or disclose User information to third parties. Give will not sell, rent, share, or trade personally identifiable information to third parties (other than the Platform through which Give collected such information) for their promotional purposes. Give may disclose aggregated or other types of non-personally identifiable information to third parties for various purposes.

The Gist,

We will share personally identifiable information with third parties only to best provide Give's services and in special situations, such as legal investigations and merger. We may also share non-identifiable information with third parties that help us prevent fraud and analyze website activity.

Security

Give has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction. Give uses computer safeguards such as firewalls and data encryption, and authorizes access to personally identifiable information only for those employees, contractors, and agents who require it to fulfill their job responsibilities.

Give takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss. Give encrypts such information and transmits it under Secure Socket Layer (SSL). Furthermore, Give complies with PCI-DSS requirements which ensures that sensitive information is securely stored and transmitted securely using only compliant methods.

The Gist,

Give has taken a number of steps in order to become an extremely secure service.

Location

Give stores and processes User information on dedicated servers located in secure data centers that may be located within the United States or in other jurisdictions. If you use the Services from the European Economic Area or other regions of the world with laws governing data collection and use that differ from laws of the United States, then you understand and consent to the transfer of your User information to the United States or other jurisdictions for the uses identified above in accordance with this Privacy policy. You acknowledge and agree that the privacy and data security laws in place in the United States or other jurisdictions may be different from the privacy and data security laws in force in the country in which you reside. By voluntarily providing User information, you hereby agree that you are consenting to our collection, use, storage, and disclosure of such User information in accordance with this Privacy policy. Give has put in place measures, including standard model clauses, to ensure an adequate level of protection for the rights and freedoms of individuals in relation to the processing of their personal data, as required by European data protection laws.

The Gist,

It's easy to change your user information.

Children

The Services are not intended for children. We ask that minors (persons under the age of 18) do not submit any personal information to us or use the Services. In necessary circumstances, parental or guardian consent must be obtained.

The Gist,

You may only use Give if you are 18 years old or older.

6. Privacy Choice and Consent Policy

The purpose of this Privacy Choice and Consent Policy is to inform the consumer and team member about how GiveCorporation collects, uses, and shares their personal information, and to explain their rights regarding consent. This policy ensures transparency and compliance with applicable data protection laws. This policy applies to all personal information collected, processed, and stored by GiveCorporation including information obtained through websites, mobile applications, offline interactions, and other services.

Giving Consent

GiveCorporation is committed to obtaining explicit, informed, and freely given consent from individuals before collecting their personal information. This includes:

• Clear Language: So the consumer and team member understands what information they are consenting to by providing information in simple and clear language.
• Purpose Specification: Explaining why personal information is being collected and how it will be used.
• Voluntary Consent: Ensuring that consent is given voluntarily, without any form of coercion or undue pressure.

Types of Consent

• Explicit Consent: Required for sensitive personal information, such as financial information. Explicit consent means the consumer has clearly agreed.
• Implied Consent: May be used in situations where consent can be reasonably inferred from the individual’s actions (e.g., providing information during a service request). However, explicit consent is preferred whenever possible.

Choice Mechanisms

GiveCorporation provides individuals with the ability to:

• Opt-In: Consent to the collection and use of your personal information. An opt-in mechanism requires an individual to take a positive action to agree.
• Opt-Out: Decline or withdraw consent for certain uses of your personal information. Opt-out mechanisms are easily accessible and understandable.
• Withdraw Consent: At any time, consumers can withdraw their consent for the collection, use, or sharing of their personal information by contacting GiveCorporation.

Consent Management

• Record Keeping: Maintain records of all consent obtained, including the time, date, and method of consent, as well as the information provided to the individual at the time of consent.
• Updating Consent: In situations where the purpose of data collection changes, GiveCorporation will seek renewed consent from individuals.
• Refreshing Consent: Periodically review and refresh consent to ensure ongoing compliance and that the individual's choices are still accurate.

The opting in and opting out processes are automated. The User can do so on our website or by logging into their portal to choose the desired request. However, our contact information is listed below should you need additional information.

Data Sharing and Third Parties

When personal information is shared with third parties, GiveCorporation will:

• Obtain explicit consent from the individual, specifying who the data will be shared with and for what purpose.
• Ensure third parties comply with privacy laws and handle personal information in line with this policy.

Right to Access and Modify Consent

Individuals have the right to:

• Access Personal Information: Request details about what personal information has been collected.
• Modify Consent Preferences: Update or change their consent preferences at any time.
• Delete Personal Information: Request the deletion of their personal information, subject to certain legal exceptions.

Accuracy and Completeness of Information

GiveCorporation is committed to ensuring that the personal information it holds is accurate, complete, and up-to-date. Individuals have the right to request corrections or updates to their personal information if they believe it is inaccurate or incomplete.

Right to Update or Correct Personal Information

Individuals can request updates or corrections to their personal information at any time. GiveCorporation will take appropriate steps to verify the identity of the individual making the request before proceeding with any changes. Requests can include, but are not limited to:

• Correcting inaccurate or outdated information (e.g., name, address, contact details).
• Updating preferences or account settings.
• Adding missing details that were previously omitted.

Procedure for Updating Personal Information

• Request Submission: Individuals can submit a request to update or correct their personal information by doing so on our website or by logging into their portal. However, our contact information is listed below should you need additional information. Please see the contact information below.
• Verification: GiveCorporation may require individuals to verify their identity to ensure that changes are being made by the rightful owner of the personal information.
• Processing Timeline: All requests  for updates that have to be manually processed will be processed within 30 days. In cases where updates cannot be made within this timeframe, the individual will be informed of the delay and the reasons for it.
• Confirmation: Once the update has been processed, GiveCorporation will confirm the changes to the individual and provide information on how the updated data will be used.
• Denial: If the request to update the personal information, GiveCorporation will notify the user with reason for the denial.

Request Response

The request process is automated. The User can do so on our website or by logging into their portal to choose the desired request. However, our contact information is listed below should you need additional information.

Upon receipt of a request, Give will confirm receipt of the request. Usually Give will send a response within 45 days for CCPA and one month for the GDPR. However, depending on varying factors and the complexity of the request (for example multiple requests) the response will be extended. Give will send a notification within the initial month indicating that the response will take longer than usual and the reason for the extension. Requests are escalated internally, ensure that all requests and responses are documented for audit and compliance purposes

7. Responsibilities

Team members provide information for employment. Give may collect information through third parties, social media or through the verification process. Team members and vendors also provide information for employment. Give uses team members information primarily for employment or standard HR purposes (e.g., payroll, benefits administration, performance reviews). For activities that go beyond routine HR functions or involve sensitive data, a formal consent form needs to be signed. Give does not currently collect health information.

Data Inquiry Flow

User submits inquiry, the inquiry generates a ticket that is submitted to Customer Support. Customer Support escalates the ticket to the Compliance team if necessary. A confirmation receipt is sent to the user, provides a copy or access to the User personal data and states why, how and to whom the information is collected and shared.

Team Member Responsibilities

Management: Management is responsible to ensure resources for training and awareness are provided and the organization is compliant with this Privacy Policy.

Team Members: Team Members are required to follow this policy, complete annual Privacy training, and report data privacy breaches or concerns. Team Members handling personal information must ensure data accuracy by:

• Escalating all personal information data inquiries, or updates to the Compliance team at (800) 913-0163 x 5, loraine@givecorporation.com , or kateryna@givecorporation.com .
• Promptly updating records when notified of changes.
• Verifying the accuracy of personal information when engaging with individuals, such as during service interactions.
• Confirm receipt of the personal data request.
• Each employee is required to report any suspected data breaches immediately to the Incident Response team or the IRT team at irt@givecorporation.com.
• Reporting any discrepancies or errors in personal information to the Compliance team at (800) 913-0163 x 5, loraine@givecorporation.com , or kateryna@givecorporation.com .

Confidentiality and Privacy Role

• The Chief Compliance Officer (CCO) is responsible for the implementation, review, and compliance of privacy policies and practices, ensuring they align with both organizational goals and regulatory requirements.  
• The CCO is accountable for monitoring adherence to confidentiality standards, managing data privacy risks, and guiding in handling personal and sensitive data responsibly.
• The CCO provides leadership on privacy training and awareness initiatives across the organization.
• The Compliance team is responsible to ensure a confirmation receipt has been sent to the User.
• The Compliance team is responsible to provide a copy or access the User personal data.
• The Compliance team is responsible to state the reason for collecting the information, how the information is collected, to whom the information is shared and any exemptions.

Contacting Give

If you have questions or concerns regarding this policy, you may email us at legal@givecorporation.com.

You can also write to us at:

Give Corporation

Privacy Policy

4343 N Scottsdale Road Suite #150

Scottsdale, AZ 85251

The information contained herein is intended to provide a general overview of the Company’s policies and procedures relating to compliance with this Policy and does not constitute legal advice or a complete description of the laws and regulations relating to this Policy. The Company has made every effort to ensure the accuracy and completeness of this Policy.  This document is intended to provide guidance to employees of Company on how to comply with applicable laws and regulations related to this Policy. Employees should consult with the Legal or Compliance Department if they have any questions about the Policy or how to comply with it. Company reserves the right to modify or update this Policy at any time without notice. Employees are responsible for reviewing the Policy on a regular basis to ensure that they are aware of any changes. This Policy applies to all employees of Company, regardless of their position or location unless stated otherwise in the Policy. Employees are responsible for complying with the Policy and for reporting any suspected violations to their respective supervisor, the Legal Department, AMLCO or respective recipient of such violation as outlined in this Policy.