Raise a Data Privacy Framework complaint with PrivacyTrust
- Data We Collect
When you use the Site, we collect and process the following types of information:
a. Information You Provide
You may register to use our Services, set up an account, make a donation, or respond to communications (e.g., surveys, polls, requests for feedback), we will collect the information you provide to us. This may include your IP address, first and last name(s), demographic information, mailing address, e-mail address, phone number, and credit card number. In the use of Services, you may also choose to disclose or provide your communication preferences, your physical location, and your demographic information (e.g., your age, marital status, ethnicity/race, and gender). All of this is “Personal Information,” because it can be used to identify you.
b. Information We Collect about You
We collect information about your use of our Services, including but not limited to: your Internet connections, computer equipment, web browsers, websites visited before using or accessing the Services, websites visited after leaving the Services, and other similar information about traffic and usage, as you navigate to, through, and away from our website. This is “Non-Personal Information,” because it does not identify you, but provides insights to us regarding the uses of our Services. For example, we use this information to generate statistical information, monitor and analyze traffic and usage patterns in connection with our Services, monitor and prevent fraud, investigate complaints and potential violations of our policies, and to improve the our content and the products, services, materials, and other content that we describe or make available through the Services.
c. Geolocation Information
You may choose to allow us to access your location by granting the Services access to your location when prompted or through your device’s location services settings. You may change these settings on your device.
- How We Use Data.
FrontStream uses Personal information and Non-Personal Information for the following purposes:
- As necessary to perform the Services on your behalf or on behalf of our Customers with whom you may have an account and for other legitimate and lawful business purposes. This may include:
- Establishing accounts to use the Services
- Communicating with you in connection with Services or as a result of a request
- Communicating promotional materials, such as surveys, event notifications, newsletters, and other information
- Notifying you of changes made to the Services
- Maintaining a record of the donations and related activities in connection with your use of the Services
- Sharing with the recipient non-profit organization if agreed to by you when making a donation;
- Evaluating and improving the Services;
- To comply with a legal obligation, a court order, or in order to exercise our legal claims, or to defend against legal claims;
- To prevent or investigate fraud (or for risk management purposes);
- To describe our Services to current and prospective business partners and to other third parties for other lawful purposes; and
- To conduct aggregate analysis and develop business intelligence that helps us to enhance; operate, protect, make informed decisions, and report on the performance of our Services. FrontStream may share this aggregate data with its customers, affiliates, agents and business partners. This aggregated data will not identify an end user as an individual. FrontStream may also disclose aggregated statistics prepared using Collected Information in order to describe our Services to current and prospective business partners and to other third parties for other lawful purposes.
- How We Disclose Data.
We do not sell or rent Personal Information to marketers or unaffiliated third parties. We do have trusted third parties and we may share your Personal and Non-Personal Information (“Collected Information”) with the following entities:
- Corporate Affiliates, including corporate parents, subsidiaries, other affiliated entities, and associated entities for the purposes described in this Policy;
- Service Providers that perform certain functions or services on our behalf, such as to host or assist with the Services, manage databases, process payments or donations, host a store or other e-commerce platform, perform analyses, or send communications for us. We require these service providers to comply with all applicable data privacy laws and regulations;
- Business Partners that assist in the delivery of the Services (e.g., merchant service providers, organizations holding fundraising events, vendors who have provided bidding items);
- Customers, as necessary to provide the Services;
- Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- We may use and disclose Collected Information as we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
- Your Choice. We give you an opportunity to opt out where personal information we control about you is to be disclosed to an independent third party, or is to be used for a purpose that is materially different from those set out in our privacy policies.
- Security. Although we use security measures designed to protect your Personal Information, no data security measures are guaranteed to be completely effective. Transmission of information via the internet is not wholly secure, and we cannot guarantee the security of your Personal Information transmitted to or through the website or any of our Services. For example, please do not include credit card or other sensitive data (e.g., racial or ethnic origin, health, etc.) in your e-mails to us. Any transmission of such Personal Information is at your own risk. By using the Services, you acknowledge and accept these risks.
Please notify us immediately at privacy@FrontStream.com if you become aware of any unauthorized use of your password or account or any other breach of Service security or of this Policy. If our security system is breached, we will notify you of the breach as required by applicable law.
- Access and Options. You have choices regarding our use and disclosure of Your Personal Data:
If you change your mind after opting to receive electronic communications, you may opt out of receiving such communications from us by communicating your preferences to us by e-mailing privacy@FrontStream.com, or by following the unsubscribe link contained in the applicable e-mail. We will comply with your request as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
In certain circumstances, you may also request that we delete your Personal Information, for example if our retention of your Personal Information is no longer necessary as part of the Services.
If you would like to review, correct, or update Personal Information that you have previously disclosed, you may do so by signing into your account or by contacting us. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Unless otherwise prohibited by law, we may charge you a fee for providing you with a copy of your data.
- Use of Services and Privacy of Minors. We do not provide the Services to anyone under the age of 13. In accordance with the Children’s Online Privacy Protection Act (COPPA), we will never knowingly request or solicit Personal Information from anyone under the age of 13. Please notify us if we receive such Personal Information of anyone under the age of 13, and we will delete that information from our database as soon as is reasonably practical.
- Access from Outside the United States. If you are visiting the Services from outside the United States, please be aware that Collected Information may be transferred to, stored in, and processed in the United States, which is our suppliers’ servers and databases are located and operated.
- FrontStream as a Data Processor. We may collect, use, and disclose certain Personal Information about you when acting as service provider to a Customer. Customers are responsible for ensuring that your privacy rights are respected, and should include information to help you understand how third parties collect and use your data. To the extent that we are acting as a Customer’s data processor, we will process your Personal Information according to the terms of our agreement with our Customer and its lawful instructions.
- Filing a Complaint. If you are not satisfied with how we manage your Personal Information, you have the right to make a complaint to a data protection regulator.
- Your California Privacy Rights. California Civil Code Section 1798.83 permits users of the Services who are California residents to request and obtain a list of what Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to webmaster@FrontStream.com.
- Australian Compliance
a. Access and Collection. Collected Information may be transferred to, stored in, and processed in the United States, and FrontStream will comply with the requirements of the Privacy Act that apply to cross-border disclosures of Collected Information.
b. Corporate Parents, Affiliates, and Subsidiaries, or Associated Entities. We may share Collected Information with our corporate parents, subsidiaries, other affiliated entities, and associated entities (as that term is defined under Australian law) for the purposes described in this Policy.
c. Privacy Complaints for Australian Users. If you have a complaint about how we collected or handled Collected Information, please contact us. We will endeavor in the first instance to deal with your complaint and take action to resolve the matter. If your complaint cannot be resolved at the first instance, we will ask you to lodge a formal complaint in writing, explaining the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved. We will acknowledge receipt of your formal complaint and indicate the timeframe that you can expect a response. We will endeavor to resolve the complaint as quickly as possible, but if the matter is complex and our investigation may take longer, we will let you know when we expect to provide our response.
If you are unhappy with our response, you may refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner or the Australian Communications and Media Authority.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, FrontStream commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact FrontStream at: privacy@FrontStream.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Frontstream commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Privacy Trust, an alternative dispute resolution provider based in [INSERT the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable)]. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit privacytrust.com/cert/411716.html for more information or to file a complaint. The services of Privacy Trust are provided at no cost to you.
- Contact Us. Our Data Protection Officer can be reached by email at privacy@FrontStream.com.
If you have any questions or concerns about this Policy, please contact us by email at:
privacy@FrontStream.com, or in writing to:
FrontStream Payments Inc.
Attn: Privacy Team
2093 Philadelphia Pike #1677
Claymont, DE 19703