We at Deed understand that your privacy is extremely important to you. To ensure that we comply with all necessary controls, we have implemented measures which ensure that any personal data we obtain from you is processed and maintained in accordance with accepted principles of good information handling and in accordance with the applicable laws and regulations such as the Federal Trade Commission Act (FTC Act), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation ("GDPR").
This policy provides you with details of the type of information we may hold about you, how we may obtain and use information and how we protect your privacy.
1.1. Scope and Application
2. Collection of Information
2.1. Information You Provide to Us
We collect information you provide directly to us, such as when you create or modify your account, request a volunteer opportunity or receive a volunteer request, as applicable, add photos, comments, or other media regarding your volunteer opportunities, contact customer support, or otherwise communicate with us. This information may include: name, email, phone number, postal address, profile picture, gender, date of birth, IP address and other information you choose to provide.
2.2. Information We Collect Through Your Use of Our Services
When you use our Services, we collect information about you in the following general categories:
Location Information: When you use the Services, we collect precise location data about your location from the Deed app. If you permit the Deed app to access location services through the permission system used by your mobile operating system (“platform”), we may collect the precise location of your device when the app is running in the foreground or background. We may also derive your approximate location from your IP address.
Device Information: We may collect information about your mobile device, including, for example, the hardware model, operating system and version, software and file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, device motion information, and mobile network information.
Log Information: When you interact with the Services, we collect server logs, which may include information like device IP address, access dates and times, app features or pages viewed, app crashes and other system activity, type of browser, and the third-party site or service you were using before interacting with our Services.
2.3. Important Information About Platform Permissions
Most mobile platforms (e.g., iOS) have defined certain types of device data that apps cannot access without your consent. These platforms have different permission systems for obtaining your consent. The Deed platform will alert you the first time the Deed app wants permission to access certain types of data and will let you consent (or not consent) to that request.
2.4. Information We Collect From Other Sources
We may also receive information from other sources and combine that with information we collect through our Services. For example:
If you choose to link, create, or log in to your Deed account with a social media service (e.g., Facebook), or if you engage with a separate app or website that uses our API (or whose API we use), we may receive information about you from that site or app.
When you provide volunteer services or are provided with volunteer services, each party is able to provide commentary, ratings, and other media regarding the event.
3. Use of Information
We may use the information we collect about you to:
Provide, maintain, and improve our Services, including, for example, to provide products and services you request (and send related information), develop new features, provide customer support to Users, authenticate users, and send product updates and administrative messages;
Perform internal operations, including, for example, to prevent fraud and abuse of our Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends;
Send or facilitate communications (between volunteers and organizations;
Send you communications we think will be of interest to you, including information about products, services, promotions, news, and events of Deed and other companies or organizations, where permissible and according to local applicable laws; and
Personalize and improve the Services, including to provide or recommend features, content, social connections, referrals, and advertisements.
Information we collect and described in this policy is stored and processed in the United States. Our data centers are managed by AWS which ensures all appropriate safeguards are in place.
4. Sharing of Information
We may share the information we collect about you as described in this Policy or as described at the time of collection or sharing, including as follows:Through Our ServicesWe may share your information:
Between volunteers and organizations to enable each to efficiently connect through the Services. For example, we share your name, photo (if you provide one), rating, and any other information you have submitted to the Services;
With other Users; and with other people, as directed by you, such as when you want to share your volunteering experiences with a friend or on a social network;
With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
With the general public if you submit content in a public forum, such as blog comments, social media posts, or other features of our Services that are viewable by the general public;
With third parties with whom you choose to let us share information, for example other apps or websites that integrate with our API or Services, or those with an API or Service with which we integrate;
With Deed subsidiaries and affiliated entities that provide services or conduct data processing on our behalf, or for data centralization and/or logistics purposes;
With vendors, consultants, marketing partners, and other service providers who need access to such information to carry out work on our behalf;
In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process;
In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
If we otherwise notify you and you consent to the sharing; and
In an aggregated and/or anonymized form which cannot reasonably be used to identify you.
5. Social Sharing Features
The Services may integrate with social sharing features and other related tools which let you share actions you take on our Services with other apps, sites, or media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them.
6. Your Rights
You may correct your account information at any time by logging into your online or in-app account. If you wish to cancel your account, please email us at firstname.lastname@example.org.
Deed will comply with individual’s requests regarding access, correction, and/or deletion of the personal data it stores in accordance with applicable law.
We request permission for our app’s collection of precise location from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, you can later disable it by changing the location settings on your mobile device. However, this will limit your ability to use certain features of our Services. Additionally, disabling our app’s collection of precise location from your device will not limit our ability to determine your approximate location from your IP address.
We may also seek permission for our app’s collection and syncing of contact information from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, iOS users can later disable it by changing the contacts settings on your mobile device. If such permissions are granted, the details of your contacts will never be accessed by Deed.
You may opt out of receiving promotional messages from us by following the instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.
We are not responsible for the practices employed by any websites or services linked to or from our Services, including the information or content contained within them. Please remember that when you use a link to go from our Services to another website or service, our Policy does not apply to those third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link on our Services, are subject to that third party’s own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorize to access your user content. If you are using a third-party website or service and you allow them to access your user content, you do so at your own risk.
7. Data Protection Officer
By email at: email@example.com
8. Data Protection Authority
In the event that you think that there was a breach in the manner in which we use your personal data we encourage you to contact us to allow us to review the situation and address it appropriately. Nevertheless, please be aware that you have also the right to lodge a complaint with the relevant data protection authority based on your location.
9. Security / Data Protection
We have implemented industry standard technological and organisational controls to secure the confidentiality of your personal information.
We will not disclose confidential information about your business to anyone except where:
We are permitted to do so by law; We have a public duty to disclose the information; We need to do so to comply with the requirements, codes or recommendations of any of our regulators;
10. Children’s Privacy
Deed does not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register for the Services. The Services and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
11. Changes to the Policy
We may change this Policy from time to time, at our sole discretion. Changes will be notified and your continued use of the Services after such notice constitutes your consent to the changes. We encourage you to periodically review the Policy for the latest information on our privacy practices.
12. Contact Us
Effective Date: April 1, 2019
13. Special Clauses for Russia
2. Collection of Information. We do not process sensitive or biometrical personal data.
2.4. Information We Collect From Other Sources. When we receive personal data about you from third parties, we will ensure that we have an appropriate lawful basis. We will also notify you of the data processing prior to process your data unless you are already aware of such processing or the applicable law otherwise exempts us from the notification obligation.
We may send you advertisements and communications we think will be of interest to you, including information about products, services, promotions, news, and events of Deed and other companies or organizations only subject to your prior and explicit consent.
We only retain your personal data for as long as needed to fulfill the purposes for which it is collected unless we are required or permitted by law to keep the personal data for longer. We will destroy your personal data within 30 days after we achieve the said purposes or you recall your data processing consent (where applicable) unless we may continue the data processing on the ground of another lawful basis.
Our processing actions may include the following: collection, record, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision and access), depersonalization, blockage, deletion, and destruction of personal data. Our data processing methods may include the processing with the use of automation tools and without the automation tools.
4. Sharing of Information. You hereby give your consent to the disclosure of your personal data to the persons and entities specified in Section 4 above. Paragraphs 5, 10, 11, and 13 of Section 4 above do not apply. You hereby consent that we may transfer your personal data to Deed’s subsidiaries, affiliated entities, vendors, consultants, marketing partners, and other service providers if they act as Deed’s data processors and on Deed’s behalf. We may disclose your personal data to the competent law-enforcement agencies, courts, other entities, and state bodies in cases prescribed by the applicable law.
You hereby consent that we may share your personal data with your employer if your use of the Services is based on a corporate subscription.
6. Your rights. You, as a data subject, has the following rights:
– Right to receive information about the processing of your personal data;
– Right to demand for clarifying, blocking, or destroying your personal data in cases where such data is incomplete, outdated, incorrect, illegally received, or such data is unnecessary for the declared processing purpose;
– Right to lodge complaints about actions (omission) of the data operator to competent authorities and bring a legal action;
– Right to defend your rights and legitimate interests, including the compensation of damages and/or moral damage, in court or according to other procedures established by the applicable law; and
– Other rights established by the applicable law.
Paragraph “Contact Information” of Section 6 above does not apply.
9. Security. We take all necessary administrative, legal, and technical measures to protect your personal data against unlawful or accidental access, destruction, change, blockage, copy, provision, and distribution as well as against other unlawful actions in respect of personal data. We fulfill the following data security requirements to the protection of personal data processed via information systems depending on the security level of information systems chosen by us: ensure security of premises accommodating the personal data information systems equipment in a way preventing any person without appropriate access rights from uncontrolled intrusion or stay in these premises; ensure safety of all personal data media; adopt by the general manager’s decision a document determining list of employees whose work duties require access to the personal data processed in the information system; use information security tools, of which compliance with the requirements of the information
security laws is duly assessed and confirmed, when such tools are necessary for the neutralization of actual risks; appoint an employee responsible for the security of the personal data in the information system or impose this responsibility on an appropriate division; ensure that all changes of access rights with regard to the personal data in the information system are automatically recorded in the electronic messages log; and provide access to the electronic messages log only to those employees or other authorized persons who need this access for the discharge of their work duties.