1. The Information We Collect And Store
We may collect and store the following information when running the Services:
Consumer Data. We may collect Consumer Personal Information that may include name, email address, telephone number, occupation, employer, bank account details, taxation details, charitable contribution history, and accounting and financial information. From the foregoing, we may identify causes that Consumers are interested in (for example we may assess that a Consumer who has donated to an environmental non-profit in interested in supporting environmental conservation efforts).
Customer Account Data. When Customers create an account or authorize someone to use the Services on their behalf (a “User”), we may collect some Personal Information, such as your entity’s name, and the User’s name, phone number, a credit card or other billing information, email address and business postal addresses. We may also receive Personal Information through other Customers, for example if they have tried to give you access to a Windfall account or refer Windfall to you.
Social Media Data. When you interact with our pages on social media sites like Twitter and LinkedIn (“Social Media Pages”), we will collect Personal Information that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Sensitive Personal Information. You are prohibited from uploading any Personal Information about yourself or others that relates to health or medical conditions, Protected Health Information (as defined in 45 CFR 160.103), social security numbers or taxpayer identification numbers, driver’s license numbers, information concerning criminal charges or convictions, or racial or ethnic origin.
Log Data. When you use the Services, we may automatically record information from the computer used to access the Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (a “Device”), its software, and your activity using the Services. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you select or search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your files, and other interactions with the Services.
Cookies Data. We also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Services. We may use “session ID cookies” to enable certain features of the Services, to better understand how you interact with the Services and to monitor aggregate usage and web traffic routing on the Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Services.
2. How We Use Personal Information
Personal Information. Personal Information is or may be used: (i) to provide and improve our Services, (ii) to administer your use of the Services, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, and (v) to provide or offer software updates and product announcements. If you no longer wish to receive communications from us, please follow the “unsubscribe” instructions provided in any of those communications, or update your account settings information.
3. Information Sharing and Disclosure
Your Use. Unless you specified otherwise, Customer Data that you provide to us may be shared with your Users. Under no circumstances will we sell your Personal Information to third parties.
Compliance with Laws and Law Enforcement Requests; Protection of Windfall’s Rights. We may disclose to parties outside Windfall information that you provide and that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Windfall or its users; or (d) to protect Windfall’s property rights.
Business Transfers. If we are involved in a merger, acquisition, sale of all or a portion of our assets, or other change in corporate control (collectively a “Transaction”), your information may be transferred as part of that Transaction or during the diligence process related to the Transaction.
Non-Private or Non-Personal Information. We may disclose your non-private, aggregated, or otherwise non-personal information, such as usage statistics of our Services.
4. Changing or Deleting Customer Account Data
It is Customers’ responsibility to ensure that Customer Personal Information is up-to-date. Each Customer may review, update, correct, or delete Customer Account Data. When you choose to close an account, we will remove Customer Account Data from our marketing and billing systems. For questions about your Personal Information on our Services, please contact firstname.lastname@example.org.
5. Data Retention
We will retain your information for as long as your account is active or as needed to provide you the Services. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain all Anonymized Data. Consistent with these requirements, we will try to delete your Personal Information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion.
If you would like your personal information to be expunged from Windfall, please submit a request to email@example.com with your name, current address, and other details that may be able to help us purge the information.
We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org.
7. California Privacy Rights
|California Privacy Rights||Sources of Personal Information||Use of Personal Information||Disclosure of Personal Information|
|Comsumer Data||We collect Consumer Data from publicly available sources (such as government records) and from Customers. We also process Consumer Data collected from the foregoing sources to derive additional Consumer Data.||We use Consumer Data to provide and improve the Services as well as to develop new products and services.||We disclose Customer Account Data to our hosting and communication providers.|
|Customer Account Data||We collect Customer Account Data from Customers and Users.||We use Customer Account Data to authenticate Customers and Users, to grant access to the Services, to communicate with Customers and Users, and for analytics and marketing purposes.||We disclose Customer Account Data to our hosting and communication providers.|
|Social Media Data||We collection Social Media Data from you and from the companies that host our Social Media Pages.||We use Social Media Data to communicate with you and for advertising purposes.||We disclose Social Media Data to our customer relationship management and advertising providers.|
|Log Data||We collect Log Data from you when you interact with the Services.||We use Log Data for analytics purposes.||We disclose Log Data to our analytics and hosting providers.|
|Cookie Data||We Collect Cookie Data from you when you interact with the Services.||We use Cookie Data for analytics and marketing purposes.||We disclose Cookies Data to our analytics, advertising, and hosting providers.|
California Privacy Rights
To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Information we collect:
- The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information;
- The right to request deletion of your Personal Information;
- The right to request the categories of Personal Information we disclosed to third parties for their direct marketing purposes in the year preceding the request, the names and addresses of such third parties, and, in certain circumstances, examples of the products or services marketed by such third parties;
- The right to opt out of sales: we may sell Consumer Data to third parties. To opt out of those sales please click here;
- The right to be free from discrimination relating to the exercise of these privacy rights.
Exercising Your Rights: California residents can exercise the above privacy rights by emailing email@example.com.
Verification: in order to protect your Personal Information from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not provide or delete your Personal Information.
Authorized Agents: you may submit a request to know or a request to delete your Personal Information through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us.
8. Our Policy Toward Children
Our Services are not directed to persons under 18. We do not knowingly collect Personal Information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 18 has provided us with Personal Information, we will take steps to delete such information from our files.
9. Contacting Us