idonate Ltd is registered in Ireland with the company number 533426. Our business office is at Unit 28B, N17 Business Park, Galway Road, Tuam, Co. Galway.
This is the Privacy Notice of idonate Ltd trading as idonate, iFundraise and CharityTaxBack, [the Organisatiion]. In this document, “the Organisation”, “we”, “our”, or “us” refer to idonate Ltd.
idonate Limited provides an Online Fundraising Platform to meet the needs of Charitable and Nonprofit organisations. CharityTaxBack.ie is a service provided by idonate Limited to allow charities to claim tax relief from donations they receive.
Under this policy, and unless the circumstances otherwise require, idonate Limited is the controller of that information and responsible for its use and protection. As we operate a platform that allows our members to run fundraising projects and reach out to others for funding, those members may also be separately legally responsible for the use of your information in connection with those projects.
An example of such other circumstances would be where you enter into a contract with us to register a Cause, in which case we would normally be the processor and you would be the controller within the meaning of the GDPR and this would be set out in more detail in the Terms of Service or other relevant contracts between us.
Contact: [email protected]
Laws that apply to us:
This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us as a business, including when you visit our social media pages or websites currently located at www.idonate.ie, www.ifundraise.ie and www.charitytaxtback.ie (Site/s) or when you contact us.
We, idonate Limited, are the controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed.
Our Fundraisers and Causes run fundraising campaigns from our Site and in doing so may collect personal information from you if you pledge funds to their projects. Their use of that information during and after their campaign (e.g. to keep in contact with you about progress of their project and their achievements) are uses of your information for which those members determine, independently of us. As a result, those members will be separate controllers of your personal information.
We refer to ‘causes’, ‘donors’ and ‘donations’ throughout this document. For more information regarding these, please see our Terms.
This policy was last updated on the date that appears at the top of this page.
We receive personal information about you that you give to us to, and that we collect from your use of our Site and social media pages. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.
When you register a Cause (charity, school, non-profit) : We will collect basic contact information about you to set up your account so you can raise funds. This will include your name, address and email address. We will also ask you to register a username and password so you can gain secure access to your account in the future.
When you make a donation: To enable us to process donations, we will collect basic payment information as well as your name, home address and email address. Your name and the amount you’ve donated will display on the public page, unless you select the “Hide my name and photo from public view” option when you donate. As well as hiding your details from the public when you donate, you can also change the display name to something else, such as a nickname or your initials.
When you create a Fundraising or Crowdfunding Page: We will collect basic contact information about you to set up your account so you can raise funds. This will include your name, address and email address. We will also ask you to register a username and password so you can gain secure access to your account in the future. We will also collect details of the charity or not-for-profit that you are supporting. Where applicable, we will ask you to provide details of how and when you are intending to fundraise and/or the occasion you are recognising by carrying out the fundraising. We will use your details to carry out bank account verification and identity checking, including with a credit reference agency.
When you submit a CHY3 or CHY4 form: The information provided on these forms allows the Charity you made a donation to claim the tax back from Revenue. If you make use of the postal service we will forward your form onto the relevant charity. If you use the online service to eSign your form, the relevant charity will be notified the form is ready to download. Both the CHY3 and CHY4 forms are duly sent to revenue.ie for processing by the relevant charity.
When you give us information about others: You may decide to provide us with information about others (or authorise us to collect this information on your behalf from your social networks or your email contacts list) for example:
You must ensure that they have agreed to you providing us with their information. Where required by local laws, we would advise you to keep a record of their agreement and provide them with a copy of, or link to, this Policy. This is especially the case if you provide us with sensitive information about them (e.g. a reference to an illness or health condition).
When you visit our social media pages we collect:
Children’s Personal Data
If you would like to make use of our services and you are not yet 16 years old, we require that an adult is present when you register, if registration is required. Where consent is required to process your Personal Data as a child, we will obtain that consent from the adult who is authorised to give the consent on your behalf. If we are notified or learn that a child has submitted Personal Data to us through our digital or social media without the correct permissions or consents, we will delete such Personal Data.
Special Category Personal Data
We will not collect special category data from you.
Categories of personal information we use about you
We process different types of personal information about you. To make it easier to understand the information that we use about you, we have categorised this information in the table below and provided a short explanation of the type of information each category covers.
We process the following categories of personal information about you:
your life experiences
information which can be used to address, send or otherwise communicate a message to you
information used to send/receive funds to/from you
information that verifies your identity including formal identification documents or unique identification numbers linked to you
information relating to your donations and fundraising
your preferences in respect of any marketing communications form us from time to time in relation to products or services which we believe may be of interest to you
information contained in our correspondence or other communications with you about projects and other activities on our Site, our services or our business
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited marketing communications from us if you have consented and can opt-out of receiving them at any time. We use your personal information in the following ways:
We may use and process your personal information for the following purposes where you have consented for us to do so:
You may withdraw your consent for us to use your information by contacting us using the email address provided here or ‘unsubscribing’ using the link provided on our marketing emails. If you have a registered account on our Site, this can be done by changing your Profile settings from within your account.
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:
We will use your personal information to comply with our legal obligations:
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business, brand and activities and measure the reach and effectiveness of our campaigns
Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
Causes may send marketing communications to Fundraisers and Donors where the user has provided consent. Any communications they send using these details will be sent solely based on their decisions and for which they will be acting as the controller of your personal information. See ‘How do Causes (Charities and Non-Profits) use your data?’ below for further information.
If you selected to sign up to the idonate.ie Newsletter we will use your personal information when sending newsletters. You may opt out at any time by clicking the “Unsubscribe” link at the bottom of any newsletter email or by contacting us directly using the email provided in this Notice.
We only disclose and share your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.
Causes (Charities, Not for Profits):
Suppliers, Service Providers and Third Parties
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information safe and secure.
We may disclose the personal information to other third parties as follows:
When we pass your information to charities, they also become a controller with respect to such personal data. This means that they’re responsible for their own compliance with data protection laws when they use your personal data, and all such use is subject to the charity’s own privacy notice. idonate is not responsible for charities’ use of your personal data or the charities’ compliance with applicable laws.
When you donate to or create a Fundraising Page, idonate will ask whether or not you consent to receiving email from the Cause about the impact of your donation and other ways to support them including future events, campaigns and appeals. We will pass your consent preference on to the charity. Note that the Cause will need to receive your personal data to send you emails you consent to receive.
If you want to change your preferences for a Cause to use your data (to contact you or otherwise), please contact the charity directly.
Note that charities receive information about supporters from lots of different sources. We’re not the system of record for our Causes, so we can only collect and evidence your consent to receive email fundraising appeals from our Cause Partners as you elect on our platform. We cannot reflect any changes in your consent preferences that you make directly with the cause. For example, if you opt in to receive emails from a charity when you make a donation through idonate, but then you subsequently opt out by telling the charity, idonate won’t have a record that you opted out of receiving email from that charity.
Except in a limited number of cases, we do not transfer your personal information outside of Europe. Where we do, we take measures to protect your personal information.
If you make use of PayPal, your data is transferred under the PayPal Binding Corporate Rules available at https://www.paypal.com/uk/webapps/mpp/ua/bcr.
If we transfer your Personal Data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
In all other cases we will seek your explicit consent for transfers outside of the EEA.
We follow strict security procedures in the storage and disclosure of your Personal Data, and to protect it against accidental loss, destruction or damage. We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques as appropriate and required. We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:
Confidentiality means that only people who are authorised to use the data can access it.
Integrity means that Personal Data should be accurate and suitable for the purpose for which it is processed.
Availability means that authorised users should be able to access the data if they need it for authorised purposes.
In addition, if you linked to our Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We have a documented data retention schedule. Generally, we will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for and for up to seven (7) years afterwards (for purposes related to Revenue requirements) or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data provided when donating to a Fundraising Page
If you provide idonate with an email address, postal address or contact telephone number, this data will be retained for 3 months following the closure of the fundraising page.
Data provided when donating directly to a Cause
When you provide idonate with an email address, postal address or contact telephone number, this data will be retained for 6 months following the date of donation.
Under certain circumstances, and dependent on legal basis under which your personal data is processed, by law you have the right to:
If you have an account on www.idonate.ie , please use the Close Account option in your account.
This may limit the service we can provide to you.
Please check this page regularly for changes to this policy. We will email you with changes if we hold a valid email address for you.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and, where appropriate, by contacting you by email. Any changes will take effect 7 days after we post the modified terms on our Site or after the date we notify you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.
COOKIES – Include or publish as separate document
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. By clicking Agree, you are only agreeing to the Necessary cookies.
You can at any time change or withdraw your consent from the Cookie Declaration on our website using the “Cookies” link at the bottom of every page.
Learn more about who we are, how you can contact us and how we process personal data in our Data Protection and Privacy Notice.