idonate Ltd is registered in Ireland with the company number 533426. Our business office is at Unit 28B, N17 Business Park, Galway Road, Tuam, Co. Galway.

This is the Privacy Notice of idonate Ltd trading as idonate, iFundraise and CharityTaxBack, [the Organisatiion]. In this document, “the Organisation”, “we”, “our”, or “us” refer to idonate Ltd.

idonate Limited provides an Online Fundraising Platform to meet the needs of Charitable and Nonprofit organisations. CharityTaxBack.ie is a service provided by idonate Limited to allow charities to claim tax relief from donations they receive.

Under this policy, and unless the circumstances otherwise require, idonate Limited is the controller of that information and responsible for its use and protection. As we operate a platform that allows our members to run fundraising projects and reach out to others for funding, those members may also be separately legally responsible for the use of your information in connection with those projects.

An example of such other circumstances would be where you enter into a contract with us to register a Cause, in which case we would normally be the processor and you would be the controller within the meaning of the GDPR and this would be set out in more detail in the Terms of Service or other relevant contracts between us.

Contact: [email protected]

As the Organisation is established in the Republic of Ireland, this document is written in the vein of Irish Data Protection Law, and we fall under the jurisdiction of the Irish Data Protection Commission. This Data Protection and Privacy Policy and Notice sets out what Personal Data we collect and process about you in connection with the services and functions of the Organisation. We are not responsible for the content or the privacy notices for any websites to which we provide external links.

 

Laws that apply to us:

• General Data Protection Regulation (EU Regulation 679/2016)
• Irish Data Protection Acts 1988 to 2018
• Regulations flowing from DPA 2018
• ePrivacy Regulations 2011 implementing EU Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications, otherwise known as ePrivacy Directive (ePD)

This Privacy Policy and Notice explains why and how we will use the personal information that we have obtained from you or others, with whom we share it and the rights you have in connection with the information we use.

This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us as a business, including when you visit our social media pages or websites currently located at www.idonate.ie, www.ifundraise.ie and www.charitytaxtback.ie (Site/s) or when you contact us.

We, idonate Limited, are the controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed.

Our Fundraisers and Causes run fundraising campaigns from our Site and in doing so may collect personal information from you if you pledge funds to their projects. Their use of that information during and after their campaign (e.g. to keep in contact with you about progress of their project and their achievements) are uses of your information for which those members determine, independently of us. As a result, those members will be separate controllers of your personal information.

We refer to ‘causes’, ‘donors’ and ‘donations’ throughout this document. For more information regarding these, please see our Terms.

This policy was last updated on the date that appears at the top of this page.

We receive personal information about you that you give to us to, and that we collect from your use of our Site and social media pages. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.

When you register a Cause (charity, school, non-profit) : We will collect basic contact information about you to set up your account so you can raise funds. This will include your name, address and email address. We will also ask you to register a username and password so you can gain secure access to your account in the future.

When you make a donation: To enable us to process donations, we will collect basic payment information as well as your name, home address and email address. Your name and the amount you’ve donated will display on the public page, unless you select the “Hide my name and photo from public view” option when you donate. As well as hiding your details from the public when you donate, you can also change the display name to something else, such as a nickname or your initials.

When you create a Fundraising or Crowdfunding Page: We will collect basic contact information about you to set up your account so you can raise funds. This will include your name, address and email address. We will also ask you to register a username and password so you can gain secure access to your account in the future. We will also collect details of the charity or not-for-profit that you are supporting. Where applicable, we will ask you to provide details of how and when you are intending to fundraise and/or the occasion you are recognising by carrying out the fundraising. We will use your details to carry out bank account verification and identity checking, including with a credit reference agency.

When you submit a CHY3 or CHY4 form: The information provided on these forms allows the Charity you made a donation to claim the tax back from Revenue. If you make use of the postal service we will forward your form onto the relevant charity. If you use the online service to eSign your form, the relevant charity will be notified the form is ready to download. Both the CHY3 and CHY4 forms are duly sent to revenue.ie for processing by the relevant charity.

When you give us information about others: You may decide to provide us with information about others (or authorise us to collect this information on your behalf from your social networks or your email contacts list) for example:

• so we can help you tell your friends and family about a Fundraising Page you are running or charity fundraising you are carrying out; or
• if you start fundraising in the memory or in celebration of, another person

You must ensure that they have agreed to you providing us with their information. Where required by local laws, we would advise you to keep a record of their agreement and provide them with a copy of, or link to, this Policy. This is especially the case if you provide us with sensitive information about them (e.g. a reference to an illness or health condition).

When you visit our social media pages we collect:

• the information you post on those pages;
• information regarding your interactions with the content we post; and
• statistical information regarding all our followers’ activities (but from which we cannot identify you as we only have access to this information in aggregated form).

Children’s Personal Data

If you would like to make use of our services and you are not yet 16 years old, we require that an adult is present when you register, if registration is required. Where consent is required to process your Personal Data as a child, we will obtain that consent from the adult who is authorised to give the consent on your behalf.  If we are notified or learn that a child has submitted Personal Data to us through our digital or social media without the correct permissions or consents, we will delete such Personal Data.

Special Category Personal Data

We will not collect special category data from you.

Categories of personal information we use about you

We process different types of personal information about you. To make it easier to understand the information that we use about you, we have categorised this information in the table below and provided a short explanation of the type of information each category covers.

We process the following categories of personal information about you:

Biographical

your life experiences

Contact

information which can be used to address, send or otherwise communicate a message to you

Banking/Billing

information used to send/receive funds to/from you

Identity

information that verifies your identity including formal identification documents or unique identification numbers linked to you

Fundraising

information relating to your donations and fundraising

Marketing Preferences

your preferences in respect of any marketing communications form us from time to time in relation to products or services which we believe may be of interest to you

Correspondence

information contained in our correspondence or other communications with you about projects and other activities on our Site, our services or our business

We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited marketing communications from us if you have consented and can opt-out of receiving them at any time. We use your personal information in the following ways:

1. Where you have provided CONSENT

We may use and process your personal information for the following purposes where you have consented for us to do so:

• to contact you via email with marketing information about our business (see ‘Marketing’ for further details);

You may withdraw your consent for us to use your information by contacting us using the email address provided here or ‘unsubscribing’ using the link provided on our marketing emails. If you have a registered account on our Site, this can be done by changing your Profile settings from within your account.

2. Where necessary for us to carry out PRE-CONTRACT STEPS you have requested or for the performance of our CONTRACT

We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:

• to register and set you up as a Fundraiser or Cause on our Site;
• to publish details of your pledges (unless you choose to pledge anonymously), your projects and the rewards you wish to offer;
• to process your donations and share your details with our payment processors so that payments can be made from you;

3. Where necessary to comply with our LEGAL OBLIGATIONS

We will use your personal information to comply with our legal obligations:

• to keep a record relating to the exercise of any of your rights relating to our processing of your personal information;
• to perform anti-money laundering and related checks where the law requires these;
• to anonymise, pseudonymise and destroy your personal information in accordance with our retention policies and data protection law;
• to handle and resolve any complaints we receive relating to the services we provide.

4. Where necessary for us to pursue a LEGITIMATE INTEREST

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:

Processing necessary for us to promote our business, brand and activities and measure the reach and effectiveness of our campaigns

• for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
• to tailor and personalise our marketing communications based on your attributes;
• Processing necessary for us to support our Causes , Donors and Fundraisers with their enquiries
• to respond to correspondence you send to us and fulfil the requests you make to us.

Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors

• to analyse, evaluate and improve our Site and other services so that your visit and use of our Site, fundraising support and other services and social media pages, are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);

Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively

• to administer our Site and our social media pages and for internal operations, including troubleshooting, testing, statistical purposes;
• to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
• for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access, including to archive, destroy, pseudonymise or anonymise your personal information;
• to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
• for the purposes of corporate restructure or reorganisation or sale of our business or assets;
• for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
• to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
• to inform you of updates to our terms and conditions and policies; and
• for other general administration including managing your queries, complaints, or claims, and to send service messages to you.

Marketing

Causes may send marketing communications to Fundraisers and Donors where the user has provided consent. Any communications they send using these details will be sent solely based on their decisions and for which they will be acting as the controller of your personal information. See ‘How do Causes (Charities and Non-Profits) use your data?’ below for further information.

If you selected to sign up to the idonate.ie Newsletter we will use your personal information when sending newsletters. You may opt out at any time by clicking the “Unsubscribe” link at the bottom of any newsletter email or by contacting us directly using the email provided in this Notice.

We only disclose and share your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.

Causes (Charities, Not for Profits):

• When making a donation – we will provide your personal information to the cause you have donated to and the creator of any fundraising page involved in your donation. The cause may not use your personal information to contact you for purposes of marketing their services unless you have opted into receiving further communications from the cause.
• When creating a fundraising page – we will provide your personal information to the cause you are fundraising for. The cause may not use your personal information to contact you for purposes of marketing their services unless you have opted into receiving further communications from the cause.
• our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site and social media pages. A list of third party providers is available on request.

Suppliers, Service Providers and Third Parties

When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information safe and secure.

 

We may disclose the personal information to other third parties as follows:

• any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and
• if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, courts, tribunals or regulators.

When we pass your information to charities, they also become a controller with respect to such personal data. This means that they’re responsible for their own compliance with data protection laws when they use your personal data, and all such use is subject to the charity’s own privacy notice. idonate is not responsible for charities’ use of your personal data or the charities’ compliance with applicable laws.

When you donate to or create a Fundraising Page, idonate will ask whether or not you consent to receiving email from the Cause about the impact of your donation and other ways to support them including future events, campaigns and appeals. We will pass your consent preference on to the charity. Note that the Cause will need to receive your personal data to send you emails you consent to receive.

If you want to change your preferences for a Cause to use your data (to contact you or otherwise), please contact the charity directly.

Note that charities receive information about supporters from lots of different sources. We’re not the system of record for our Causes, so we can only collect and evidence your consent to receive email fundraising appeals from our Cause Partners as you elect on our platform. We cannot reflect any changes in your consent preferences that you make directly with the cause. For example, if you opt in to receive emails from a charity when you make a donation through idonate, but then you subsequently opt out by telling the charity, idonate won’t have a record that you opted out of receiving email from that charity.

Except in a limited number of cases, we do not transfer your personal information outside of Europe. Where we do, we take measures to protect your personal information.

If you make use of PayPal, your data is transferred under the PayPal Binding Corporate Rules available at https://www.paypal.com/uk/webapps/mpp/ua/bcr.

If we transfer your Personal Data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.

In all other cases we will seek your explicit consent for transfers outside of the EEA.

We follow strict security procedures in the storage and disclosure of your Personal Data, and to protect it against accidental loss, destruction or damage. We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques as appropriate and required. We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:

Confidentiality means that only people who are authorised to use the data can access it.

Integrity means that Personal Data should be accurate and suitable for the purpose for which it is processed.

Availability means that authorised users should be able to access the data if they need it for authorised purposes.

Our Site and social media pages may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites‚ so we encourage you to read their privacy policies. We are not responsible for the privacy policies and practices of other websites (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.

In addition, if you linked to our Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

We have a documented data retention schedule. Generally, we will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for and for up to seven (7) years afterwards (for purposes related to Revenue requirements) or otherwise permitted by applicable laws. We may also retain your information during the period of time needed to complete our legitimate business operations, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Data provided when donating to a Fundraising Page

If you provide idonate with an email address, postal address or contact telephone number, this data will be retained for 3 months following the closure of the fundraising page.

Data provided when donating directly to a Cause

When you provide idonate with an email address, postal address or contact telephone number, this data will be retained for 6 months following the date of donation.

Under certain circumstances, and dependent on legal basis under which your personal data is processed, by law you have the right to:

• Request information about whether we hold Personal Data about you, and, if so, what that Personal Data is and why we are holding/using it.
• Request access to your Personal Data (commonly known as a “Data Subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
• Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
• Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
• Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
• Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.

If you have an account on www.idonate.ie , please use the Close Account option in your account.

This may limit the service we can provide to you.

Situations may arise where it is necessary to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our organisation provided that the third party agrees to adhere to the terms of the Data Protection and Privacy Policy and Notice and provided that the third party only uses your Personal Data for the purposes that you provided it to us. The Personal Data transferred will be limited to that which is absolutely necessary. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.

Please check this page regularly for changes to this policy. We will email you with changes if we hold a valid email address for you.

We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and, where appropriate, by contacting you by email. Any changes will take effect 7 days after we post the modified terms on our Site or after the date we notify you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.

COOKIES – Include or publish as separate document

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. By clicking Agree, you are only agreeing to the Necessary cookies.

You can at any time change or withdraw your consent from the Cookie Declaration on our website using the “Cookies” link at the bottom of every page.

Learn more about who we are, how you can contact us and how we process personal data in our Data Protection and Privacy Notice.

Your consent applies to the following domains: www.idonate.ie, giv.i.ng and www.charitytaxback.ie