Privacy Notice | Benevity

Introduction

This Privacy Notice and the supplemental notice links below which are incorporated by reference, is provided by Benevity International, Inc., (a U.S. subsidiary of our parent company Benevity, Inc.) together with our affiliates, subsidiaries and parent company (“Benevity”, “us”, “we”, “our”) and describes our practices concerning the processing of Personal Information collected and/or processed as applicable via this website and other websites and applications that may link to this Privacy Notice and/or otherwise utilize Benevity’s platform or services. Such other websites and web applications may include internal human resources software, on-demand web applications such as our corporate grantmaking and workplace giving, volunteering and pro-social activity measurement solutions, or any of our other products (collectively, the “Benevity Sites”*). These various applications and services in connection with the Benevity Sites and/or Benevity’s platform are collectively referred to as the "Services".

The supplemental notice links below will connect you to the privacy information specific to your unique engagement with our Services.

In this Privacy Notice, “Personal Information” means information about a natural person (a “Data Subject”) which can reasonably be linked to or identify the individual, either directly or indirectly. Personal Information does not include information of an aggregate or anonymous nature where a specific individual or individuals cannot be identified.

^{*Note: Benevity Sites may be accessed via or contain links to other websites or applications including without limitation a Benevity client’s intranet and/or external website, a nonprofit’s website, informational links that are embedded within content and the like. Benevity is not responsible for the information practices or content of such other websites, applications or providers and we encourage you to review the privacy statements of such other websites, applications or providers to understand their information practices.}

Application of this Privacy Notice

Our Privacy Notice, applies to:

members of the public accessing our clients’ or other public-facing Benevity Services and subscribers to our web-based informational materials;
users of our Services; and
charities and other nonprofit organizations (“Causes”) and their respective employees.

Controllers and Processors

This Privacy Notice applies where Benevity processes personal data as a data controller, in connection with our Services. As a data controller, we determine the purpose (why) and means (how) of personal data processing and are ultimately responsible for the correct handling of your data, in accordance with applicable law.

Your acceptance

We provide you access to and use of the Benevity Sites and Services on the condition that you accept the terms of this Privacy Notice and any other relevant site documents. By ticking the appropriate acknowledgement box and proceeding to access or use the relevant Benevity Sites, you have expressly agreed to these terms. If you do not agree with and accept this Privacy Notice, you should not access or use any Benevity Sites nor utilize the Services.

Your consent to collection of Personal Information

We only collect your Personal Information after you have provided us with your consent. By expressly providing your agreement to be bound by the terms of this Privacy Notice, you are consenting to the collection, use and disclosure of your Personal Information in accordance with its terms.

The terms of this Privacy Notice apply to all Personal Information collected by us on any of the Benevity Sites. We have created this Privacy Notice pursuant to the Personal Information Protection and Electronic Documents Act (Canada) and various other applicable laws. However, your home jurisdiction may have privacy laws that are more or less protective than Canadian legislation and we encourage you to understand these laws as they apply to you. For ease of reference, please find information for residents of the European Economic Area, California and the United Kingdom below.

Legal bases

The legal bases upon which we collect and process your Personal Information include:

legitimate interest (e.g., to answer your questions, marketing, etc.);
consent;
performance of a contract (to which you, the Data Subject is party or to take steps at your request prior to entering a contract);
compliance with a legal obligation (e.g. tax laws, bookkeeping laws, any FINTRAC requirements, sanctions laws, etc.).

Cookies and other technologies

What are cookies and how do we use them?

Cookies are small text files that are placed on your computer by the websites that you visit; they are widely used to make websites work more efficiently, facilitate user authentication for services, provide analytical information to assess site performance and availability, as well as support personalizing your online experience.

We use cookies for the following purposes:

to facilitate secure online access so you do not need to enter your user ID and password again when you access applications;
to record your preferences;
to ease navigation and increase the user-friendliness of the application; and
to analyze the usage of the application and/or to identify the most popular sections.

Benevity cookies collect information that includes the date and time of your visit, authentication identifiers and session identifiers to store information about your preferences or your past actions on the site.

For further information including how to apply cookie preferences, please review our Cookie Policy.

Retention and destruction/anonymization of Personal Information

We retain Personal Information collected from you in accordance with applicable law and where we have an ongoing legitimate business need to do so. Upon expiry of an appropriate retention period, bearing in mind reasonable legal and business requirements, Personal Information will either be destroyed in a secure manner or made anonymous. Please see our Information Security Addendum for further information.

Exercising your rights and preferences

You may have rights under your local law in relation to the Personal Information we hold about you. You may have a legal right to:

confirm whether we’re processing your Personal Information and to receive a copy of your Personal Information;
request that your Personal Information be deleted, updated, completed or corrected;
request restricted access to your Personal Information;
object to the processing of your Personal Information;
opt-out to the processing of your Personal Information;
data portability (where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means);
withdraw consent for continued processing of your Personal Information;
lodge a complaint with the data protection regulatory authority responsible for enforcement of data protection law in the country where you normally reside or work, or in the place where the alleged infringement occurred.

You can exercise these rights by contacting us at privacy@benevity.com. We will respond to requests to access, change or delete such information within 30 days (please note that we may be under an obligation to share such requests with the corporate host of the Benevity Site).

You may manage your receipt of non-transactional communications by making the applicable selection in your user profile (or the donation forms that are part of the relevant Benevity Site as applicable). Additionally, you may send a request specifying your communications preferences to help@benevity.com.

Data security

Protecting your Personal Information is important to us. We do this by having in place a range of appropriate technological, physical, contractual and organizational measures to protect your Personal Information from loss, theft or unauthorized access, disclosure or use. The only employees who are granted access to your Personal Information are those whose duties reasonably require such access. For further, more technical information on how we achieve this, please consider our Information Security Addendum.

Use of anonymized & aggregated data

Anonymizing data means processing it with the aim of irreversibly preventing the identification of the individual to whom it relates. Aggregating data is the process of combining or summarizing from multiple records, transactions or sources to provide a broader overview or higher-level perspective. Both of these processes are carried out with utmost care to protect your privacy and confidentiality and, for clarity, data that is anonymized & aggregated is not considered to be Personal Information.

At Benevity, we aim to improve the social impact landscape to enhance the efficacy of our clients’ corporate purpose programs. Benevity may aggregate and anonymize data we receive to conduct analysis and gain insights into general trends, usage patterns and preferences of our user base without compromising individual privacy. Some examples of this may include (but are not limited to):

performing research and analysis aimed at improving our Services and the Benevity Platform;
understanding user behavior and preferences to enhance user experience;
conducting research and providing insights to improve the overall corporate purpose landscape, which can be shared with our corporate clients, partners and the philanthropic community at large; and
enhancing our overall business and marketing programs.

Use of AI

At Benevity, while we recognize the benefits of utilizing Artificial Intelligence to improve our Services, the protection of your Personal Information remains a top priority.

We may use AI tools to:

converse with you via our chatbots;
manage and prioritize issues;
personalize service recommendations; and
analyze content for service improvements.

Benevity does not make automated decisions with legal or similarly significant effects as defined by Article 22 GDPR.

Disclosure of your information

We do not sell your Personal Information to any third party but only transfer Personal Information to subprocessors as necessary to provide our Services. Benevity remains responsible to you for any of your Personal Information that is shared with third-party subprocessors.

We reserve the right to disclose your Personal Information when we believe that disclosure is necessary to: protect our rights or comply with a judicial proceeding, court order, law (including any applicable FINTRAC reporting requirements), or legal process in respect of the Services or a Benevity Site; enforce or apply this Privacy Notice, the terms of use or other agreements; or to protect the rights, property or safety of a Benevity Site, its users, corporate host or others.

Rights of European Economic Area (“EEA”), United Kingdom and California residents

If you are a resident of the EEA, the United Kingdom or California, you have the following data protection rights, as applicable under relevant data protection laws.

If you wish to access, correct, update or request deletion (including in the form of anonymization) of your Personal Information, you can do so at any time by contacting us using the contact details provided below.
You may choose (by opting out or in as appropriate or by contacting us using the contact details provided below) whether your Personal Information is: (i) disclosed to a third party; or (ii) used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized.
You can object to the processing (including subprocessing and/or data sharing) of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us using the contact details below.
You can withdraw your consent (by opting out or in as appropriate or by contacting us using the contact details provided below) for us to process your Personal Information at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to the relevant regulator about our collection and use of your Personal Information. For more information, please contact your relevant regulator.
You may receive your Personal Information in an interoperable format or request to have it transmitted to another organization.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. For California residents, pursuant to the California Consumer Privacy Act (“CCPA”), the above applies to the Personal Information collected during the 12-month period prior to the date of the request.

For clarity, Benevity does not sell Personal Information, nor do we share Personal Information with any third party (except those as necessary to provide our Services).

International data transfers

Personal Information collected by us may be stored and processed in Canada, the United States, the European Union (EU) or any other country in which we or our agents maintain facilities and, by providing us with your Personal Information and using any of the Benevity Sites or Services, you consent to any such transfer of information outside of your country. As a result, this Personal Information may be subject to access requests from the corporate employer, governments, courts or law enforcement officials in those jurisdictions according to laws in those jurisdictions. Subject to applicable laws in such other jurisdictions, we will ensure that appropriate protections are in place regarding all Personal Information.

Data is accessible in the United States by our affiliates and data is stored in the United States with our data hosting service provider with whom we have applicable Standard Contractual Clauses and the UK Addendum in place (as updated from time to time) to cover data subjects in both the EEA and the United Kingdom. See also our affiliation with the EU-US Data Privacy Framework, UK Extension, and Swiss-US Data Privacy Framework described below.

EU-US Data Privacy Framework, UK Extension, and Swiss-US Data Privacy Framework

^{*(with application to Benevity International, Inc., only)}

Benevity International, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States.

Benevity International, Inc., has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such data. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. Benevity International, Inc., is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) in relation to its compliance with the Data Privacy Framework.

To learn more about the DPF program and to view our certification, please visit: https://www.dataprivacyframework.gov.

Complaints handling and arbitration

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Benevity International, Inc., commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

For all other personal data received under the DPF not collected in the context of the employment relationship, Benevity International, Inc., has selected JAMS as its independent recourse mechanism. If you have a complaint, you may contact us at privacy@benevity.com, and if unresolved, you may submit your complaint to JAMS via: https://www.jamsadr.com/dpf-dispute-resolution. This service is provided at no cost to you.

If you have any inquiries or complaints about our handling of your personal information under the EU-US DPF, UK Extension to the EU-US DPF, and the Swiss-US DPF, or about our privacy practices generally, please contact us at: privacy@benevity.com where we will respond to your inquiry promptly.

Binding arbitration

If your concern still isn’t addressed by JAMS, you may also be entitled to binding arbitration as set forth in Annex I of the DPF Principles. See: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Supplemental Notices

Please click on the supplemental notice tabs below for further information on:

the Personal Information we collect; and
our use of your Personal Information, in relation to the following categories that may apply to you‍

Changes to this Privacy Notice

This Privacy Notice may be updated from time to time. When we do this, we will alert you by posting an amended version on our website. The amended version will be effective as of the date it is published. When we make material changes to this Privacy Notice, we will provide you with notice as appropriate, for example by posting an alert the next time you visit our website or by emailing you. If you do not agree with the changes to the Privacy Notice, you should not continue to access or use any Benevity Sites, nor utilize the Services.

Governing language

This Privacy Notice may be translated from English into one or more language(s). In the event of any conflict between the English language version of this Privacy Notice and any subsequent translation into any other language, the English version is the official version and will govern.

Contacting us

Whether you are a new or loyal user of our Services, a cause, a Benevity employee, or another user of a Benevity Site, we would like to stay connected and want to hear from you! We are constantly striving to improve the Services and Make Goodness Better. Let us know if you have any ideas, suggestions or issues.

Benevity, International, Inc.

Care of: Benevity, Inc.

700, 611 Meredith Road NE

Calgary, AB T2E 2W5

Email: privacy@benevity.com

‍

In Europe, you can contact our EEA representatives:

Att: General Counsel

Benevity Spain

Carrer de Provenca, 339,

Barcelona, Spain

Email: privacy@benevity.com

Supplemental Notices

Benevity.com website and Benevity community

Personal Information we collect

When you browse or use our Benevity.com and other publicly available websites:

IP address, pages clicked, browser information, and device information.

Use of your Personal Information

To enhance the operation of the Benevity Site, and tailor your experience. Where applicable we may collect and use your Personal Information to:

operate interactive areas of the relevant Benevity Site;
if you are a contributor to a news or information forum feature or a user-generated or team fundraising or volunteering event within one of the Benevity Sites, to identify your uploaded content as your content;
communicate with you about your use of the Services and new products and services; and
carry out other purposes which are disclosed to you and to which you consent or as otherwise permitted or required by applicable law.

Personal Information we collect

When you subscribe for our blog or newsletter, status page or to receive updates to our sub-processor list:

name, email address, any other Personal Information that you decide to provide us with (including company or job title).

Use of your Personal Information

To send you:

communications for which you have subscribed to and other marketing communications;
transaction-related communications such as welcome letters, reminders, donation confirmations, thank-you letters, impact statements and the like;
to send you surveys or marketing communications (if you are an administrator of a client program) to inform you of new products or services or other information or offers that may be of interest to you/your company.

If you do not wish to receive surveys or marketing communications, you may opt-out by following the “unsubscribe” instructions included within each email communication. Please note that if you choose not to receive marketing or survey communications, you will continue to receive transactional and account communications (e.g. confirmation emails, account balance statements, etc.). If you wish to receive communications from us, you have the right to opt-in at the time of signing up for Services.

Personal Information we collect

When you contact us via email, chatbot, help center or support:

name, email address, company, job title, work telephone number, country, message (to the extent it includes Personal Information) and any other Personal Information that you decide to provide us with.

Use of your Personal Information

to answer your questions;
to send you marketing communications.

Personal Information we collect

When you apply for a job with us:

name, email address, any other Personal Information contained in your resume (CV), your responses to any assessment, background check results (in accordance with applicable law), any other Personal Information that you consent to provide us with including your agreement to be recorded during an interview or assessment. Please note that, in most cases, we receive the information directly from you, but we may also receive information from recruitment companies, references or background check companies.

Use of your Personal Information

To assess you as a candidate, review and examine your job application and communicate with you regarding your application.

Employee Giving, Volunteering, and Employee Groups

Personal Information we collect

First and last name, preferred email address, IP address browser information and access times.

Use of your Personal Information

Where applicable based upon your usage of a particular Benevity Site, we may collect and use your Personal Information to:

track your review and acceptance of the End User Terms of Use;
record acceptance for enforcement purposes;
analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, potentially fraudulent activity;
to improve the Services;
to comply with applicable laws.

Benevity’s activities and you

Most of the activities completed by Benevity are conducted by us in our role as a data processor (in which case this Privacy Notice does not apply). As a data processor, we process Personal Information related to our clients’ employees and end users further to the instructions received by our clients in our master services agreements and data protection addendums. A copy of our standard Data Protection Addendum is available here. When you make a donation through the platform, payment providers/processors and Third Party Foundations are also controllers of your Personal Information. For information about how your Personal Information is collected and processed by these organizations (and for information around how to exercise your rights), you should contact these organizations directly.

Community Giving Portal (CI Portal)

Personal Information we collect

First and last name, preferred email address, IP address browser information and access times

Use of your Personal Information

Where applicable based upon your usage of a particular Benevity Site, we may collect and use your Personal Information to:

track your review and acceptance of the End User Terms of Use and Privacy Notice;
acceptance for enforcement purposes;
analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, potentially fraudulent activity;
to improve the Services;
to comply with applicable laws.

Benevity’s activities and you

Most of the activities completed by Benevity are conducted by us in our role as a data processor (in which case this Privacy Notice does not apply). As a data processor, we process Personal Information related to end users further to the instructions received by our clients in our master services agreements and data protection addendums. A copy of our standard Data Protection Addendum is available here. When you make a donation through the platform, payment providers/processors and Third Party Foundations are also controllers of your Personal Information. For information about how your Personal Information is collected and processed by these organizations (and for information around how to exercise your rights), you should contact these organizations directly.

API Users

Personal Information we collect

First and last name, preferred email address, IP address browser information and access times.

Use of your Personal Information

Where applicable based upon your usage of a particular Benevity Site, we may collect and use your Personal Information to:

track your review and acceptance of the End User Terms of Use;
acceptance for enforcement purposes;
analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, potentially fraudulent activity;
to improve the Services;
to comply with applicable laws.

Benevity’s activities and you

Benevity Grants Users

Personal Information we collect

IP address (generalized location)
name, preferred email address*

Use of your Personal Information

We use your Personal Information to:

analyze and identify potentially suspicious patterns of malicious behavior to prevent, investigate, or notify of threats, potentially fraudulent activity; and
carry out other purposes which are disclosed to you and to which you consent or as otherwise permitted or required by applicable law.

*If you are an administrator of a program, we may also send you surveys or marketing communications to inform you of new products or services or other information or offers that may be of interest to you/your company. If you do not wish to receive surveys or marketing communications, you may opt-out by following the “unsubscribe” instructions included within each email communication. Please note that if you choose not to receive marketing or survey communications, you will continue to receive transactional and account communications (e.g. confirmation emails, account balance statements, etc.). If you wish to receive communications from us, you have the right to opt-in at the time of signing up for Services.

Cause Portal Users

Personal Information we collect

First and last name, email address, driver’s licence, passport or other documents to confirm identity of nonprofit representative; IP address (generalized location).

Use of your Personal Information

We use your Personal Information to:

confirm the identity of cause representative(s) in order to protect against fraud and abuse of the Benevity platform;
to communicate with you to regarding your engagement on the platform;
send you important information as well as notices about the availability of workplace, granting and other applicable solutions which your organization may wish to acquire.

Disclosure of your Information

In addition as stated elsewhere in this Privacy Notice, we may share your Personal Information with our corporate hosts (Clients) and others to support due diligence and investigations to protect the integrity of the Benevity platform.

Employees of Benevity

Personal Information we collect

First and last name, home address, phone number, dependent names and birth dates, personal email address, Social Insurance Number/National Insurance Number/Social Security Number (as applicable) banking information, demographic information including gender, birth date, nationality, marital status, ethnic background, caregiver status, disability status or emergency contact information.

Use of your Personal Information

We use the Personal Information we collect to:

establish, manage or terminate an employment relationship;
provide automatic deposits to your bank account;
manage emergency situations;
fulfill legislative requirements relating to your employment;
process reports on employee progress to determine eligibility for raises or promotions;
create or manage various internal and external accounts needed for employment; and
create or manage various accounts for certain external information technology services.

Disclosure of your Information

In addition as stated elsewhere in this Privacy Notice, we may disclose your Personal Information:

as required by law and when we believe that disclosure is necessary to protect our rights or comply with a judicial proceeding, court order, or legal process;
for other purposes which are disclosed to you and to which you consent, or as permitted or required by applicable law; or
as part of a business transfer.*

We reserve the right to disclose your Personal Information when we believe that disclosure is necessary to: protect our rights or comply with a judicial proceeding, court order, law or legal process in respect of the Services or a Benevity Site; enforce or apply this Privacy Notice, the terms of use or other agreements; or to protect the rights, property or safety of a Benevity Site, its users, corporate host or others.

*As with any other business, we could merge with, or be acquired by another company. If this occurs, the successor company would acquire the information we maintain, including your Personal Information.

EU-US Data Privacy Framework, UK Extension, and Swiss-US Data Privacy Framework

^{*(with application to Benevity International, Inc., only)}

Complaints Handling and Arbitration

HR Data

Binding Arbitration

You may also be entitled to binding arbitration as set forth in Annex I of the DPF Principles. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Non HR Data

For all other personal data received under the DPF not collected in the context of the employment relationship, Benevity International, Inc., has selected JAMS as its independent recourse mechanism. If you have a complaint, you may contact us at privacy@benevity.com, and if unresolved, you may submit your complaint to JAMS via: https://www.jamsadr.com/dpf-dispute-resolution. This service is provided at no cost to you.

If you have any inquiries or complaints about our handling of your personal information under the EU-US DPF, UK Extension to the EU-US DPF, and the Swiss-US DPF, or about our privacy practices generally, please contact us at: privacy@benevity.com where we will respond to your inquiry promptly

Binding Arbitration

If your concern still isn’t addressed by JAMS, you may be entitled to binding arbitration as set forth in Annex I of the DPF Principles. See: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf