Privacy Policy

 

Thank you for your interest in Public Good Software, Inc. (“Company”) and our Services. Data protection and data security are very important to us with regard to the use of our Website and Services. We would therefore like to take this opportunity to inform you about the personal data we collect when you use our Services or visit our Website and what we use this data for.

We kindly ask you to routinely read this Privacy Policy as changes to legislation or our internal corporate processes can necessitate an adaptation of its content. You can call up, save, and print out this Privacy Policy at any time by clicking on the “Privacy Policy” link on our Website.

§ 1 Controller and Scope

The controller in the meaning of the EU General Data Protection Regulation (hereinafter: “GDPR”), other national data protection laws of member states, and additional data protection regulations, is:

Public Good Software, Inc.
1 E Erie St, Ste 525
PMB 298
Chicago, IL 60611
Tel.: 877-941-2747
Email: [email protected]
Website: publicgood.com

UK Representative:
GDPR Local Ltd
1st Floor Front
Suite 27-29 North St.
Brighton, England BN1 1EB
attn: Adam Brogden
Tel: + 441 772 217 800
Email: [email protected]
Website: https://publicgoodinc.gdprlocal.com/uk

EU/Ireland Representative:
Instant EU GDPR Representative Limited
Office 2 12A Lower Main Street
Lucan Co. Dublin K78 X5P8 Ireland
attn: Adam Brogden
Tel: + 353 15 549 700
Email: [email protected]
Website: https://publicgoodinc.gdprlocal.com/eu

 This Privacy Policy applies to the website(s) of Public Good Software, Inc. (hereinafter: “Public Good”) that is/are accessible via the domains publicgood.com, pgs.io, and various subdomains and connected domains (hereinafter: “our Website”), the Impact Units embedded in media and news websites with whom we have partnered (“Media Partners”), and the services, features, content, plug-ins, or applications we offer (collectively with our Website, the “Services”).

§ 2 Definitions

“Brand Partner” means a third-party company that sponsors a Campaign. If a Campaign is sponsored, the Impact Unit you engage with through a Media Partner’s site will set forth the entity that is sponsoring the Campaign.

“Campaign” means the coordination by Public Good of Media Partners, Charity Partners, and/or Brand Partners in order to connect people with actions they can take to impact a particular cause.

“Charity Partner” means a charitable organization that has partnered with Public Good on a Campaign.

“Impact Unit” means a tool or widget embedded in a Media Partner’s website that you can interact with to participate in a Campaign.

§ 3 Principles of Data Processing

The term “personal data” refers to all information that relates to an identified or identifiable natural person. It includes, for instance, information such as your name, age, address, telephone number, date of birth, email address, IP address, and user behavior. Information that does not allow us to establish a connection to you as a person (or would only allow such a connection with an unreasonable amount of effort), for instance anonymized information, is not classed as personal data. Processing personal data (for instance collecting, querying, using, storing, and transferring personal data) always requires a legal basis or your consent. Processed personal data is deleted as soon as the purpose for which it was collected is fulfilled and applicable statutory retention periods no longer apply.

Insofar as we process your personal data in order to provide specific services to you, the following serves to inform you of the concrete processes, the scope and the purpose of data processing, the legislation on which it is based, and the duration of storage in each case.

§ 4 Individual Processing Activities

1. Website Provision and Use

a. Type and Scope of Data Processing
When you access our Services, we collect personal data that your browser automatically sends to our server. This information is stored temporarily in a so-called log file. When you use our Website, we collect the following data needed for technical reasons to display the Website and guarantee its security and stability:

• IP address of the requesting computer
• Date and time of access
• Name of the URL and the requested file
• The website from which access was made (referrer URL)
• Your browser and possibly your computer’s operating system

b. Legal Basis
Art. 6 Para. 1 (f) GDPR serves as the legal basis for data processing activities detailed in the preceding. Processing the specified data is an essential part of making the Services accessible and therefore serves a legitimate interest of the Company.

c. Duration of Storage
The specified data will be deleted 30 days after it is no longer needed to display the Services for audit and security reasons. Collecting the data is essential to making the Services available; storing the data in log files is essential to operating and securing the Website. The user therefore has no option to object to collection and storage. In some cases data may be stored for other purposes if required by law.

d. Disclosure to Third Parties 

Our servers are backed up on AWS. The specified data will not be shared with any other third party.

2. Registration / User Account

a. Type and scope of Data Processing
Public Good offers you an option to register as a user by submitting your personal data.

We use your processed data to create a personalized user account for you. We process your email address so we can send you new login details should you happen to forget them.
You can see in detail which personal data we process during registration from the following overview:

• First name
• Last name
• Email address
• Password (which we encrypt)

b. Legal Basis
Processing the preceding personal data serves the fulfillment of a contract between you and Public Good Software, Inc., or the implementation of pre-contractual activities in accordance with Art. 6 Para. 1 (b) GDPR.

You can withdraw your consent to the use of your personal data at any time with future effect by sending an email to the email address detailed in clause 1 above.

c. Duration of Storage
Processed data will be deleted as soon as the registration is cancelled or changed through our Services. It may also be necessary to keep your personal data on record after the fulfillment of a contract to meet contractual or legal requirements. In some cases, data may be stored for other purposes if required by law.

d. Cancelling Registration
You can cancel your registration as a user at any time. You can also request changes to be made to your personal data on record. To do so, please contact [email protected]. However, if the processed data is required for the purpose of contract performance or pre-contractual activities, it can only be deleted prematurely if contractual or legal obligations allow.

e. Disclosure to Third Parties 

Our servers are backed up on AWS. The specified data will not be shared with any other third party.

3. Email List

a. Type and scope of data processing
We may process your email address when you enter it into a form through the Services. You may also subscribe to an email list through our Services. We require the following details from you if you wish to subscribe:

• Email address

b. Legal Basis
Art. 6 Para. 1 (f) GDPR serves as the legal basis for Public Good processing your email address in order to send you transactional emails. Processing your email address is necessary for Public Good to send you documents such as receipts for transactions made through the Services and therefore serves a legitimate interest of our company. Processing your email address in order for our Media Partners, our Brand Partners, and our Charity Partners to send you emails is based on the following voluntary declaration of consent pursuant to Art. 6 Para. 1 (a) GDPR:

Declaration of consent:

Our partners at Public Good will send an email on our behalf but will not retain or share your information with any other party. Please review the Public Good privacy policy and terms of service for additional details.

–or–

I consent to having my email address processed for the purpose of receiving emails from [Brand Partner/Charity Partner/Media Partner] and accept their privacy policy and terms of service. 

You can withdraw your consent to the use of your personal data at any time with future effect by sending an email to the email address detailed in clause 1 above.

c. Duration of Storage
Your email address will be stored by Public Good for as long as the Campaign for which you submitted your email address is active. For the data retention policies of the third parties receiving your email address, please refer to their respective privacy policies. If your email address was collected based on your consent, you may withdraw your consent at any time and Public Good will instruct any entity for which you have revoked consent to delete your email address. You may also unsubscribe from our partners’ email lists by following the unsubscribe directions contained in the emails you receive. In some cases data may be kept on record for other purposes if required by law.

d. Disclosure to Third Parties 

With your consent, your email address may be shared with our Media Partners, our Brand Partners, and our Charity Partners. We use customer.io as our email provider and our servers are backed up on AWS. The specified data will not be shared with any other third party.

4. Contact Form

a. Type and Scope of Data Processing
You can get in touch with us via a contact form made available to you on our Website. You will be informed of this Privacy Policy when you submit your inquiry via the contact form in order to obtain your consent. When you make use of the contact form, the following personal data will be collected and processed via the form:

• Name
• Email address
• Message content

We require your email address in order to allocate your inquiry and send you a response. Your personal data will not be disclosed to any third party when you use the contact form.

b. Legal Basis
The lawfulness of data collection is based on Art. 6 Para. 1 (f) GDPR as both you and we have an interest in contacting and communicating with one another, and we as a Company have a legitimate interest in processing the data detailed in the preceding in order to respond to your inquiry.

c. Duration of Storage
We will delete the personal data collected from you via the contact form as soon as we have dealt with your inquiry and brought the subject matter to a close. In some cases data may be kept on record for other purposes if required by law.

d. Disclosure to Third Parties 

Our servers are backed up on AWS. The data in the form you submit may be shared with our payments providers, Braintree and DonateWell, or with one or more of our Brand Partners, Charity Partners, or Media Partners if necessary to resolve your request. The specified data will not be shared with any other third party.

5. Donation/Pledge Forms

a. Type and Scope of Data Processing
The donation and pledge forms consist of data fields you can fill in through the Services. The information collected will depend on the specific Campaign you engage with, but this section lays out each type of data that may be collected from you when you fill out a donation or pledge form. This information is processed and stored by our third party payment processors, Donate Well (a donor advised fund) and Braintree. This information is transmitted directly to Donate Well and Braintree, and the only information received by Public Good from the purchase form is your name, email address, donation amount, and intended recipients. Users filling in the donation form will enter the following personal data to make donations:

• First name
• Last name
• Billing address
• Email address
• Donation amount
• Donation recipients
• Payment information

Users making a pledge instead of a donation will submit the information above excluding the billing address and payment information.

b. Legal Basis
Processing the preceding personal data serves the fulfillment of a contract between you and Public Good or the implementation of pre-contractual activities in accordance with Art. 6 Para. 1 (b) GDPR.

You can withdraw your consent to the use of your personal data at any time with future effect by sending an email to the email address detailed in clause 1 above. You can also withdraw consent to the use of your personal data by third parties by following the procedures laid out in the third party’s terms of use and privacy policy.

c. Duration of Storage
The duration of storage with regard to the preceding personal data processed by Donate Well is governed by Donate Well’s privacy policy and terms of use (http://donatewell.org/daf-terms.html).

The duration of storage with regard to the preceding personal data processed by Braintree is governed by Braintree’s terms of use (https://www.braintreepayments.com/legal) and privacy policy (https://www.braintreepayments.com/legal/braintree-privacy-policy).

The IRS requires that information about donations to US-based nonprofits be retained for at least five years.

Your name and email address will be stored by Public Good for as long as the Campaign for which you submitted your name and email address is active, or for the five years required by the IRS, whichever is longer. For the data retention policies of the third parties receiving your data, please refer to their respective privacy policies. If your name and email address were collected based on your consent, you may withdraw your consent at any time. In some cases data may be kept on record for other purposes if required by law.

d. Disclosure to Third Parties 

Donate Well will share your donation amount with any charity to which you choose to make a donation. Donate Well may also share your name and email address with a charity to which you make a donation. These charities will only send you emails if you provide your consent for them to do so.

We may also share your name, email address and donation amount with our Media Partners and Brand Partners with your consent. We also use third-party payment processors, Donate Well and Braintree, to process donation payments. All of our data is backed up on AWS.

6. Chat Bots

a. Type and Scope of Data Processing
Users may engage with a chat bot through our widget on our Media Partners’ sites. The only information received by Public Good from your engagement with a chat bot is the content of your messages to the chat bot for the purpose of allowing the chat bot to respond to you.

b. Legal Basis
Art. 6 Para. 1 (f) GDPR serves as the legal basis for data processing activities detailed in the preceding. Processing the specified data is an essential part of the function of the chat bot and therefore serves a legitimate interest of our Company.

c. Duration of Storage
The preceding personal data will be kept for only as long as it is necessary for the chat bot to respond to you. Your data will be routinely deleted insofar as it is no longer necessary to enable the chat bot to engage with you.

d. Disclosure to Third Parties 

Our servers are backed up on AWS. The specified data may also be shared with our Media Partners, Brand Partners, and Charity Partners.

7. Contact Options on our Website

Our Website offers you various options to contact us by email:

• General Inquiries: [email protected]
• Contact for brands interested in running a campaign: [email protected]
• Contact for media companies: media@publicgood.com

a. Type and Scope of Data Processing
Every user of our Website can send inquiries to these email addresses. Email inquiries are processed by the appropriate department. The data we collect in this case is limited to the email address of the email account you used to contact us and any other personal data you disclose to us within the scope of your inquiry.

b. Legal Basis
The lawfulness of data collection is based on Art. 6 Para. 1 (f) GDPR as both you and we have an interest in contacting and communicating with one another, and we as a Company have a legitimate interest in processing the data detailed in the preceding in order to respond to your inquiry.

c. Duration of Storage
The duration of storage with regard to the preceding personal data depends on the nature of your inquiry. Your data will be routinely deleted insofar as the purpose of your communication no longer applies and data storage is no longer necessary (or once we have finished handling your inquiry).

d. Disclosure to Third Parties 

We use ZenDesk for our issue management software. Our servers are backed up on AWS. The specified data may also be shared with our Media Partners, Brand Partners, and Charity Partners.

§ 5 Disclosing Data

We will only disclose your data to third parties if:

• You have explicitly granted your consent in accordance with Art. 6 Para. 1 p. 1 (a) GDPR.
• To do so is lawful and necessary to fulfill our contractual obligations towards you in accordance with Art. 6 Para. 1 p. 1 (b) GDPR.
• We are obligated to do so by law in accordance with Art. 6 Para. 1 p. 1 (c) GDPR.
• Disclosure is necessary to protect our legitimate interest or to assert, exercise or defend legal claims in accordance with Art. 6 Para. 1 p. 1 (f) GDPR, and there is no reason to assume that you have an overriding interest in non-disclosure worthy of protection.
• All or substantially all of Public Good’s assets are acquired by a third party through sale, merger, or otherwise, Information will be transferred to that third party, subject to the same terms and conditions of the then-existing Privacy Policy for the Service.

§ 6 Use of Cookies

a. Type and Scope of Data Processing
Our Website uses cookies. Cookies are small files that are sent to and stored by your browser when you visit our Website. Certain technical cookies are essential as some of our Website’s functions will not work without them. Other cookies enable us to carry out a range of analyses. Cookies can, for instance, recognize your browser and send certain information to us when you return to our Website. Cookies enable us to make our Website more effective and user-friendly for you, as they can help us to understand how you use our Website and your preferred settings (for instance country and language settings). If third parties use cookies to process information, this information will be collected directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs and do not contain viruses.
Our Website uses different kinds of cookies whose type and function are explained in the following.

Transient cookies	Our Website uses transient cookies, which are automatically deleted when you close your browser. This type of cookies enables capturing your session-ID. It enables us to assign different requests from your browser in one session and makes it possible for us to recognize your device on later visits.
Persistent cookies	Our Services use persistent cookies. Persistent cookies are cookies that are stored in your browser for a longer time period and send information to us. The storage duration depends on the type of cookie. You can delete persistent cookies yourself using your browser settings.
Function 1:	Required cookies   These cookies are required for technical reasons as they enable you to visit our Website and use the functions we provide. These cookies also contribute towards making the use of our Website secure and in compliance with regulations.
Function 2:	Performance-related cookies   These cookies enable us to analyze the use of our Website and to improve its performance and functionality. They are used to collect information on how visitors use our Website, which pages are most frequently visited, and whether error messages appear on certain pages.
Function 3:	Cookies for marketing and social media   Advertising cookies (third-party providers) make it possible to show you various offers that correspond to your interests. These cookies collect data on user web activity over extended periods of time. The cookies may recognize you on various of your end devices. The following third parties receive personal data from cookies incorporated in our Services: Sizmek Nielsen MOAT Double Verify Millward Brown Furthermore, certain cookies allow us to create a connection to your social networks and to share the content of our website with your networks.

b. Legal Basis 
The legal basis for processing personal data using cookies is Art. 6 Para. 1 (f) GDPR on account of the purposes described in the preceding (cf. clause 6. a.). If you have granted your consent to the use of cookies in response to a notice (“cookie banner”) on the Website, then lawfulness is also based on Art. 6 Para. 1 p. 1 (a) GDPR.

c. Duration of Storage
As soon as the data transmitted via the cookies to us are no longer necessary for the achievement of the purposes described above, this information will be deleted. Further storage may be made in individual cases if required by law.

d. Configuration of Browser Settings
Most browser are set to accept cookies by default. You can configure your browser so that it only accepts certain cookies, or none at all. Please note, however, that you may not be able to use all the functions of our Website if its cookies are deactivated in your browser settings. You can also use your browser settings to delete cookies already stored in your browser. In addition, you can set your browser to inform you whenever a cookie is about to be stored. As browsers differ in regards to their functionality, please refer to your browser’s help menu for information on adjusting configuration options.

We recommend installing specific plug-ins if you want to see a comprehensive overview of all third parties with access to your web browser.

§ 7 Tracking and Analysis Tools

We use tracking and analysis tools to ensure that our Website is continuously optimized and that its design is suitable for its purpose. Tracking measures also enable us to collect statistical data with regard to user behavior on our Website and to use the insights gained to further improve our online offering for you. These interests justify the use of tracking and analysis tools described below in accordance with Art. 6 Para. 1 p. 1 (f) GDPR. If you have granted your consent to the use of cookies in response to a cookie banner on the Website, then lawfulness is also based on Art. 6 Para. 1 p. 1 (a) GDPR. The purpose of tracking and analysis tools and the data they process can also be referenced from the following descriptions.

1. Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”). Google Analytics uses so-called cookies. Cookies are small text files that are stored on your computer and enable an analysis of your use of the website.

The information generated by the cookies about your use of the Website, for instance the time, location and frequency of your visits, is usually transmitted to and stored on a Google server in the United States. The collection of other personal data in addition to your IP address by the cookies set by Google Analytics cannot be ruled out when Google Analytics is used. Please note that Google may disclose this information to third parties if required to do so by law or if a third party processes the information on behalf of Google.

Google will use this information on behalf of the Website operator for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services relating to Website and internet usage to the Website operator. According to Google, Google will not associate the IP address transferred by your browser within the context of Google Analytics with any other data held by Google.

You can prevent the storage of cookies on your computer by adjusting the corresponding settings in your browser. Please note, however, that you may not be able to use all the functions of the Website in full if you do so.

The collection of other personal data in addition to your IP address by the cookies set by Google Analytics cannot be ruled out. In addition to deactivating tracking cookies as described in the preceding, you can also prevent Google Analytics from collecting information about your use of the website and transferring it to Google Analytics by downloading and installing the browser plug-in available under: http://tools.google.com/dlpage/gaoptout?hl=en.

This plug-in prevents information about your visit to the website from being sent to Google Analytics. The plug-in does not prevent any other form of analysis.

§ 8 Hyperlinks

Our Website contains so-called hyperlinks to websites operated by other providers. Activating a hyperlink will transfer you directly to the website of the corresponding provider. You can recognize the transfer by the change of URL, for example. We cannot accept any liability for the confidential use of your data on these websites as we have no influence on the compliance of these companies with data protection regulations. Please refer directly to the website concerned to obtain information on how your personal data is handled.

§ 9 Right of Access

The GDPR stipulates that you as a data subject whose data is processed have the following rights:

• Pursuant to Art. 15 GDPR, you can request information with regard to your personal data processed by us. In particular, you can request information in relation to the purposes of the processing; the categories of personal data concerned; the categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organizations; the envisaged period for which the personal data will be stored; the existence of the right to request from us the rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing; the existence of the right to lodge a complaint; the source of your personal data to the extent that it was not collected by us; and the existence of automated decision-making, including profiling and any meaningful information about the particulars thereof.
• Pursuant to Art. 16 GDPR, you can demand the immediate correction of incorrect or incomplete personal data stored by us.
• Pursuant to Art. 17 GDPR, you have a right to request the erasure of your personal data stored by us insofar as processing is not required for the purpose of exercising the right of freedom of expression and information; for compliance with a legal obligation; for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or for the establishment, exercise or defense of legal claims.
• Pursuant to Art. 18 GDPR, you have a right to restrict our use of your personal data if you contest the accuracy of the data; the processing is unlawful; we no longer need the personal data, but it is required by you for the establishment, exercise or defense of legal claims. Your right pursuant to Art. 18 GDPR remains unaffected if you have lodged an objection to data processing in accordance with Art. 21 GDPR.
• Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format; you also have the right to have your data transmitted to another controller.
• Pursuant to Art. 7 Para. 3 GDPR, you have the right to withdraw previously granted consent at any time. Consequentially, we will not be permitted to continue processing your data on the basis of your consent in the future.
• Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority of the Member State of your habitual residence, place of work or place of the alleged infringement.

§ 10 Right to Object

In relation to the processing of your personal data on the basis of legitimate interests in accordance with Art. 6 Para. 1 p. 1 (f) GDPR, you have the right pursuant to Art. 21 GDPR to object to your data being processed on grounds relating to your particular situation or if your objection concerns direct marketing. With regard to direct marketing, you have a general right to object without providing a specific reason, and we are required to take appropriate action.

§ 11 Data Safety and Security Measures

We undertake to protect your privacy and to treat your personal data confidentially. We have implemented extensive technological and organizational measures to prevent the manipulation, loss or misuse of your personal data stored on our servers. These measures are routinely reviewed and adapted to reflect technological developments. They include the use of acknowledged encryption methods (e.g. SSH, AES, and TLS).

Please note, however, that the structure of the internet makes it possible for persons and institutions outside of our sphere of control to disregard data protection regulations and the security measures detailed in the preceding. In particular, data that is transmitted without prior encryption – for instance by email – can be read by third parties. We have no technological influence in this regard. It is the user’s responsibility to protect the data provided by them from misuse by way of encryption or other suitable means.