LEGACY CONNECT dba ThatHelps Privacy Policy

Revised:  July 2021

This Privacy Policy ( “Privacy Policy”) describes the type of information that Legacy Connect, Inc. (“Legacy Connect®”, “we”, “us”, or “our”) dba ThatHelps collects through your use of our websites and mobile apps, including, www.thathelps.com, and our ThatHelps app (together, the “Services”). This Privacy Policy describes the policies and procedures of Legacy Connect on the collection, use and disclosure of your information, and what choices you have with respect to the information across our Services. We receive information about you from various sources, including: (i) information that you provide to us when you make an inquiry on the website, and (ii) your use of the Services generally.

This Privacy Policy does not apply to any third-party website or service linked from our Services or recommended or referred by our Services or staff. Further, it does not apply to any other website or service operated by Legacy Connect®, or to any of our offline activities.

Collection of Information.

Legacy Connect® Processes two different types of information through the Services:  Personal Data and De-Identified Information.

Personal Data” is information that itself identifies an individual, such as Personally Identifiable Information, or information that can be connected to an individual indirectly by linking it to Personally Identifiable Information. “Personally Identifiable Information” includes information we collect (such as a first and last name, and email address) when you engage in certain activities through the Services, including but not limited to, registering as a user, joining an online event, organizing an event on behalf of a nonprofit or cause, volunteering for an event sponsored by a nonprofit, cause or organization, submitting content, helps, opportunities and comments through our ThatHelps application, conducting search queries on or through our Services, filling out a survey, signing a petition, or sending us feedback.  If you do not want us to collect this information, please do not provide the information. We may also collect information on how you use our Services, such as the types of content you view or engage with or the frequency and duration of your activities. Depending upon the activity, some of the information we ask you to provide is identified as mandatory and some is voluntary. We may also collect information about the Causes you are connected to as well as your interactions with them, such as with whom you communicate and share Causes. We may also collect contact information you provide if you upload, sync or import this information (i.e., any address book) from a device. We may also collect content and information that other people provide when they use our services including information about you, such as when they share a photo of you, send a message to you, or upload, sync or import your contact information.

Process” or “Processing” means any operation or set of operations performed upon Personal Data, whether or not by automatic means, such as creation, collection, procuration, obtaining, accession, recording, organization, storage, adaption or alteration, retrieval, consultation, dissemination or otherwise making available, use, disclosure by transmission, restriction, erasure or destruction.

De-Identified Information Automatically Collected from Use of the Services.  We automatically track and aggregate certain “De-Identified Information” about your use of the Services. This information includes:

  • The URL that you just came from (whether this URL is on our site or not) and which URL you go to next (whether this URL is on our site or not);
  • Your IP address;
  • Specific devise geographic locations, such as through GPS, Bluetooth, or WiFi signals;
  • Time stamps of when users log in to the services and upload content;
  • Aspects such as the operating system, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers;
  • Connection information such as the name of your mobile operator of ISP, browser type, language and time zone, mobile phone number and IP address; and
  • Other information from or about the computers, phones or other devices.

We may provide this De-Identified Information in aggregate form to other parties or use it for our own promotions. Our use of this De-Identified Information or aggregate information is not restricted in any way, so long as it remains in a form that is not linked to any Personal Data and does not identify any particular person.

The information we collect automatically is statistical data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It may help to improve our Services and deliver a better and more personalized service, including by enabling us to:

  • Estimate our audience size and usage patterns;
  • Store information about your preferences, allowing us to customize our Services according to your individual interests;
  • Speed up your searches; and
  • Recognize you when you return to our Services.

The technologies we use for this automatic data collection may include the use of “cookies” or “web beacons.” A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website. Web beacons are web page elements that can recognize certain types of information on your computer or mobile device, such as the time and date you viewed a page, which emails are opened, which links are clicked, and similar information.

Sensitive Personal Information

We do not record and/or collect or otherwise process Personal Data regarding race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexuality, any actual or alleged criminal offenses or penalties, or any other information that may be deemed under the EU General Data Protection Regulation (“GDPR”) (“Sensitive Personal Information”) in the ordinary course of our business. Where it becomes necessary to process Sensitive Personal Information, we may rely on one of the following legal bases:

  • Compliance with applicable law: Where the Processing is required or permitted by applicable law;
  • Detection and prevention of crime: Where Processing is necessary for the detection or prevention of crime including fraud;
  • Establishment, exercise or defense of legal rights: Where Processing is necessary for the establishment, exercise or defense of a legal right;
  • Consent: Where we have obtained in accordance with applicable law, your prior express consent to Process your Sensitive Personal Information.

How We Use Information.

We may use Personal Data to deliver information to you and to contact you regarding administrative notices. We may also use Personal Data to resolve disputes, troubleshoot problems and enforce our agreements, including our Terms of Use and this Privacy Policy.

Legacy Connect® may need to contact you for purposes other than the marketing or delivery of services, for example to provide notice about the status of the Services. We also use this information as needed to enforce our Terms of Use and to prevent imminent harm to persons or property, as well as to restore accidental or unauthorized deletions within 90 days of your request to delete your account. You may not opt out of these kinds of non-commercial communications. We will post any updates or notices about material changes in our policies on collection and use of your Personal Data to this Privacy Policy page, our website’s homepage, our app’s settings page, and other places we deem appropriate for notifying our visitors and users of the changes.

How We Disclose Information to Third Parties.

Service Partners. Only with your express consent, we may share certain user Personal Data with our corporate partners including information about how you interact with the Services, and contact information. Legacy Connect® occasionally hires other companies (“Service Partners”) to provide limited services on our behalf. Service Partners that process Personal Data will be subject to binding contractual obligations to (1) only Process Personal Data in accordance with prior written instructions, and (2) use commercially reasonable measures consistent with industry standards to protect the confidentiality and security of Personal Data, in accordance with any additional requirements under applicable law.

De-Identified Information. We may share aggregate De-Identified Information with our Service Partners and other persons with whom we conduct business. We share this type of statistical data so that our Service Partners can understand who and how often people use the Site and their services, which facilitates improving both their services and how the Site interface with them. In addition, these third parties may share with us non-private, aggregated or otherwise non-personally identifiable information that they have independently developed or acquired.

As required by Legal or Regulatory Authorities.  Legacy Connect® will disclose Personal Data when required by legal and regulatory authorities, or if we have good-faith belief that such action is necessary to (a) comply with a current judicial proceeding, a court order or legal process served on us, (b) protect and defend our rights, (c) protect the rights, property, and other interests of our users or others, or (d) to report any actual or suspected breach of applicable law or regulation.

Public ContentPublic information is any information you share with a public audience, as well as information in your profile if your setting is not configured to “private” or content you share to another public forum. Public information is available to anyone on or off our Services and can be publicly viewed, such as through online search engines. In some cases, people you share and communicate with may download or re-share this content with others on and off our Services. When you comment on another person’s post or thank or share their content to other social media platforms or email, that person may share your comment. If their audiences are public, your comments will also be public. Other people may use our Services to share content about you with the audience they choose. For instance, people may share a photo of you, mention you in a post or share information about you that you shared with them.

 Third-Party Analytics Providers. Only with your express consent, we may also share your Personal Data with third parties who conduct marketing studies and data analytics. These third parties may combine your information with the information of other consumers for purposes of conducting these studies and/or analytics.

Transfer or Assignment in Connection with Business Transfers or Bankruptcy. In the event of a merger, acquisition, reorganization, bankruptcy or other sale of all or a portion of our assets, any user information owned or controlled by us may be one of the assets transferred to third parties. We reserve the right, as part of this type of transaction, to transfer or assign your Personal Data and other information we have collected from users of the Services to third parties. Other than to the extent ordered by a bankruptcy or other court, or as otherwise agreed to by you, the use and disclosure of all transferred user information will be subject to this Privacy Policy. However, any information you submit or that is collected after this type of transfer may be subject to a new privacy policy adopted by the successor entity.

Categories, Sources, Purposes, and Recipients of the Data We Collect. We have collected the categories of Personal Data described in “Collection of Information” section of this Privacy Policy. The sources from which we collect Personal Data, and the purposes for which we collect and process it, are described in the sections “How We Use Information” and “How We Disclose Information to Third Parties.” We have disclosed for business purposes each of the categories of Personal Data with the categories of third parties as described in the section “How We Disclose Information to Third Parties.”

Security.

We work hard to secure your Personal Data from unauthorized access to or unauthorized Processing by taking commercially reasonable and appropriate technical and organizational security measures, for example, pseudonymization and industry standard encryption of Personal Data. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. The confidentiality of any communication or material transmitted to or from Legacy Connect® via the Services or Legacy Connect® e-mail cannot be guaranteed. As a result, while we strive to protect your Personal Data, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed; and (c) there is a risk that any such information and data may be viewed or tampered with in transit by a third party despite our security efforts. Legacy Connect® has no responsibility or liability for the security of information transmitted via the Internet.

In the event that we are required by law to inform you of any unauthorized access to your Personal Data, we may choose to notify you electronically, in writing, or by telephone. If you have any questions or concerns regarding security using the Site or our Services, please send us a detailed message to support@thathelps.com.  We will make every effort to answer your concerns.

California Privacy Rights (for California residents)

Under the California Consumer Privacy Act (“CCPA”), California residents are entitled to certain privacy rights regarding the Personal Data that we collect. These rights include the right to request disclosure of what Personal Data we collect, use, disclose, and sell, and the right to request the deletion of your Personal Data, although we may decline to delete some information as set forth in this Privacy Policy or as permitted by the CCPA. California residents may also opt out of the sale of their Personal Data. While Legacy Connect® does not sell Personal Data, you have right to receive notice of our practices at or before collection of your Personal Data, and you have the right to not be discriminated against for exercising your rights under the CCPA. If you are a California resident and would like to exercise your rights, please submit a written request to the following address: Legacy Connect, One Rockefeller Plaza, 25th Fl, New York NY 10020 USA Attn: Privacy or email to support@thathelps.com. We will need to verify your identity prior to providing access to, or deleting any Personal Data based on a request received via email.

Your rights under the General Data Protection Regulation (GDPR) (for European Economic Area [EEA] residents)

Under the General Data Protection Regulation, you have the right to ensure that:

  • We process your data fairly and lawfully within the consent you have provided us.
  • Your data is accurate.
  • Your data is secure.

You can:

  • Ask confirmation of whether, and where, a Controller is processing Personal Data.
  • Ask us to provide details of the Personal Data we hold on you (information about the purposes of the processing, the categories of data being processed, the categories of recipients with whom the data may be shared and obtain a copy of the personal data being processed (see the contact information below).
  • Know how long we keep your data.
  • Use your rights to erasure, to rectification, to restriction of processing and to object to processing, or to complaint to relevant authorities.
  • Obtain information regarding the source of the data if the data were not collected directly from you.
  • Obtain information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you or other data subjects.

We will maintain complete and accurate records and information to demonstrate our compliance with our obligations under this Privacy Policy and also for audits conducted by you or on your behalf.

To exercise any of these rights, please contact us at support@thathelps.com or by mail to Legacy Connect, One Rockefeller Plaza, 25th Fl, New York NY 10020 USA, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

What Happens When There are International Data Transfers?

Due to the international nature of Legacy Connect®, we may need to transfer your Personal Data to third parties as noted above, in connection with the purposes set out in this Privacy Policy. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements than those that apply in your country.

How do I Review or Change my Personal Data?

If you would like to review or change your Personal Data, we will deal promptly and appropriately with any inquiries unless we must keep that information for legitimate business or legal purposes. However, if your requests are deemed to be excessive or complex, a small fee may be charged, and a time-period extension may apply. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your privacy rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

You can contact us at: support@thathelps.com.

Do Not Track” Requests.

Your Internet browser and mobile device may allow you to adjust your browser settings so that “do not track” requests are sent to the websites you visit. We do not currently respond to “do not track” signals.

Your Consent and Notification of Changes. By using our Services and providing information to Legacy Connect®, you consent to the collection and use of this information by Legacy Connect®. Legacy Connect® may modify this Privacy Policy from time to time. If we decide to make a material change in our Privacy Policy, we will post that change on this page to alert you about the change. Your continued use of a Service after the posting of changes to these terms will mean you accept these changes. In some cases, we may attempt to contact you through an email or other address you have provided to give you information and choices about our using your Personal Data in a manner different from that stated at the time of collection. In addition, if we make any material changes in our privacy practices that affect your Personal Data that is already stored in our database, we will apply those changes to that older Personal Data only with your consent or as otherwise permitted by law.

No Use by ChildrenThe Services are not intended for users younger than 13 years of age. We do not knowingly collect contact information from children under the age of 13 without verifiable parental consent. If we become aware that a visitor under the age of 13 has submitted Personal Data without verifiable parental consent, we will remove his or her information from our files.

Changing Your Information and Opting Out. You may have the right to access the Personal Data which Legacy Connect® has collected about you. You may also have the right to modify any errors contained in that information. Please contact us for more details. In addition, you may unsubscribe or opt out of future communications from us.

Further Information about Legacy Connect® Privacy Policy and Practices. This Privacy Policy applies to all visitors and users of our Services. We may delete any or all of your information at any time without notice to you for any reason or no reason, unless we are required by law to retain it.

How to Contact Us. Should you have other questions or concerns about this Privacy Policy, please email us at support@thathelps.com.