Revised: July 2021
Collection of Information.
Legacy Connect® Processes two different types of information through the Services: Personal Data and De-Identified Information.
“Personal Data” is information that itself identifies an individual, such as Personally Identifiable Information, or information that can be connected to an individual indirectly by linking it to Personally Identifiable Information. “Personally Identifiable Information” includes information we collect (such as a first and last name, and email address) when you engage in certain activities through the Services, including but not limited to, registering as a user, joining an online event, organizing an event on behalf of a nonprofit or cause, volunteering for an event sponsored by a nonprofit, cause or organization, submitting content, helps, opportunities and comments through our ThatHelps application, conducting search queries on or through our Services, filling out a survey, signing a petition, or sending us feedback. If you do not want us to collect this information, please do not provide the information. We may also collect information on how you use our Services, such as the types of content you view or engage with or the frequency and duration of your activities. Depending upon the activity, some of the information we ask you to provide is identified as mandatory and some is voluntary. We may also collect information about the Causes you are connected to as well as your interactions with them, such as with whom you communicate and share Causes. We may also collect contact information you provide if you upload, sync or import this information (i.e., any address book) from a device. We may also collect content and information that other people provide when they use our services including information about you, such as when they share a photo of you, send a message to you, or upload, sync or import your contact information.
“Process” or “Processing” means any operation or set of operations performed upon Personal Data, whether or not by automatic means, such as creation, collection, procuration, obtaining, accession, recording, organization, storage, adaption or alteration, retrieval, consultation, dissemination or otherwise making available, use, disclosure by transmission, restriction, erasure or destruction.
De-Identified Information Automatically Collected from Use of the Services. We automatically track and aggregate certain “De-Identified Information” about your use of the Services. This information includes:
- The URL that you just came from (whether this URL is on our site or not) and which URL you go to next (whether this URL is on our site or not);
- Your IP address;
- Specific devise geographic locations, such as through GPS, Bluetooth, or WiFi signals;
- Time stamps of when users log in to the services and upload content;
- Aspects such as the operating system, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers;
- Connection information such as the name of your mobile operator of ISP, browser type, language and time zone, mobile phone number and IP address; and
- Other information from or about the computers, phones or other devices.
We may provide this De-Identified Information in aggregate form to other parties or use it for our own promotions. Our use of this De-Identified Information or aggregate information is not restricted in any way, so long as it remains in a form that is not linked to any Personal Data and does not identify any particular person.
The information we collect automatically is statistical data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It may help to improve our Services and deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns;
- Store information about your preferences, allowing us to customize our Services according to your individual interests;
- Speed up your searches; and
- Recognize you when you return to our Services.
Sensitive Personal Information
We do not record and/or collect or otherwise process Personal Data regarding race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexuality, any actual or alleged criminal offenses or penalties, or any other information that may be deemed under the EU General Data Protection Regulation (“GDPR”) (“Sensitive Personal Information”) in the ordinary course of our business. Where it becomes necessary to process Sensitive Personal Information, we may rely on one of the following legal bases:
- Compliance with applicable law: Where the Processing is required or permitted by applicable law;
- Detection and prevention of crime: Where Processing is necessary for the detection or prevention of crime including fraud;
- Establishment, exercise or defense of legal rights: Where Processing is necessary for the establishment, exercise or defense of a legal right;
- Consent: Where we have obtained in accordance with applicable law, your prior express consent to Process your Sensitive Personal Information.
How We Use Information.
How We Disclose Information to Third Parties.
Service Partners. Only with your express consent, we may share certain user Personal Data with our corporate partners including information about how you interact with the Services, and contact information. Legacy Connect® occasionally hires other companies (“Service Partners”) to provide limited services on our behalf. Service Partners that process Personal Data will be subject to binding contractual obligations to (1) only Process Personal Data in accordance with prior written instructions, and (2) use commercially reasonable measures consistent with industry standards to protect the confidentiality and security of Personal Data, in accordance with any additional requirements under applicable law.
De-Identified Information. We may share aggregate De-Identified Information with our Service Partners and other persons with whom we conduct business. We share this type of statistical data so that our Service Partners can understand who and how often people use the Site and their services, which facilitates improving both their services and how the Site interface with them. In addition, these third parties may share with us non-private, aggregated or otherwise non-personally identifiable information that they have independently developed or acquired.
As required by Legal or Regulatory Authorities. Legacy Connect® will disclose Personal Data when required by legal and regulatory authorities, or if we have good-faith belief that such action is necessary to (a) comply with a current judicial proceeding, a court order or legal process served on us, (b) protect and defend our rights, (c) protect the rights, property, and other interests of our users or others, or (d) to report any actual or suspected breach of applicable law or regulation.
Public Content. Public information is any information you share with a public audience, as well as information in your profile if your setting is not configured to “private” or content you share to another public forum. Public information is available to anyone on or off our Services and can be publicly viewed, such as through online search engines. In some cases, people you share and communicate with may download or re-share this content with others on and off our Services. When you comment on another person’s post or thank or share their content to other social media platforms or email, that person may share your comment. If their audiences are public, your comments will also be public. Other people may use our Services to share content about you with the audience they choose. For instance, people may share a photo of you, mention you in a post or share information about you that you shared with them.
Third-Party Analytics Providers. Only with your express consent, we may also share your Personal Data with third parties who conduct marketing studies and data analytics. These third parties may combine your information with the information of other consumers for purposes of conducting these studies and/or analytics.
We work hard to secure your Personal Data from unauthorized access to or unauthorized Processing by taking commercially reasonable and appropriate technical and organizational security measures, for example, pseudonymization and industry standard encryption of Personal Data. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. The confidentiality of any communication or material transmitted to or from Legacy Connect® via the Services or Legacy Connect® e-mail cannot be guaranteed. As a result, while we strive to protect your Personal Data, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed; and (c) there is a risk that any such information and data may be viewed or tampered with in transit by a third party despite our security efforts. Legacy Connect® has no responsibility or liability for the security of information transmitted via the Internet.
In the event that we are required by law to inform you of any unauthorized access to your Personal Data, we may choose to notify you electronically, in writing, or by telephone. If you have any questions or concerns regarding security using the Site or our Services, please send us a detailed message to firstname.lastname@example.org. We will make every effort to answer your concerns.
California Privacy Rights (for California residents)
Your rights under the General Data Protection Regulation (GDPR) (for European Economic Area [EEA] residents)
Under the General Data Protection Regulation, you have the right to ensure that:
- We process your data fairly and lawfully within the consent you have provided us.
- Your data is accurate.
- Your data is secure.
- Ask confirmation of whether, and where, a Controller is processing Personal Data.
- Ask us to provide details of the Personal Data we hold on you (information about the purposes of the processing, the categories of data being processed, the categories of recipients with whom the data may be shared and obtain a copy of the personal data being processed (see the contact information below).
- Know how long we keep your data.
- Use your rights to erasure, to rectification, to restriction of processing and to object to processing, or to complaint to relevant authorities.
- Obtain information regarding the source of the data if the data were not collected directly from you.
- Obtain information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you or other data subjects.
To exercise any of these rights, please contact us at email@example.com or by mail to Legacy Connect, One Rockefeller Plaza, 25th Fl, New York NY 10020 USA, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
What Happens When There are International Data Transfers?
How do I Review or Change my Personal Data?
If you would like to review or change your Personal Data, we will deal promptly and appropriately with any inquiries unless we must keep that information for legitimate business or legal purposes. However, if your requests are deemed to be excessive or complex, a small fee may be charged, and a time-period extension may apply. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your privacy rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
You can contact us at: firstname.lastname@example.org.
“Do Not Track” Requests.
Your Internet browser and mobile device may allow you to adjust your browser settings so that “do not track” requests are sent to the websites you visit. We do not currently respond to “do not track” signals.
No Use by Children. The Services are not intended for users younger than 13 years of age. We do not knowingly collect contact information from children under the age of 13 without verifiable parental consent. If we become aware that a visitor under the age of 13 has submitted Personal Data without verifiable parental consent, we will remove his or her information from our files.
Changing Your Information and Opting Out. You may have the right to access the Personal Data which Legacy Connect® has collected about you. You may also have the right to modify any errors contained in that information. Please contact us for more details. In addition, you may unsubscribe or opt out of future communications from us.