IMPORTANT: If you wish to access, transfer and/or remove all of your personal data stored with this website as detailed in the EU General Data Protection Regulation legislation (GDPR), please click here.
The What Would Love Do Foundation cares deeply about privacy. We believe in transparency, and we’re committed to being upfront about our privacy practices, including how we treat your personal information. We know you care about your privacy too, so we provide settings that allow you to choose how certain information is used by WWLDF. This policy explains our privacy practices on BetheChangeGrants.org by the What Would Love Do Foundation (we’ll refer to the What Would Love Do Foundation (“WWLDF”) collectively as the “Site”), and our other services provided by the What Would Love Do Foundation, together with “we,” “us,” and “our”). We’ll refer to the Site and our other services as the “Services.”
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you apply for a Be the Change Grant or purchase a product or service from our store, as part of the submission and buying and selling process, we collect the personal information you give us such as your name, address and email address. PayPal.com handles and hosts all our online payment transactions through a secure and encrypted process.
When you browse our site and store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (newsletter): With your permission, we may send you emails about our store, new products, latest blog posts, and other updates.
SECTION 2 – CONSENT
We need to process your personal information to run our business and provide you with the Services. By accepting our Terms and Conditions, you are confirming that you have read and understand this policy including how and why we use your information. If you don’t want us to collect or process your personal information in the ways described in this policy, you shouldn’t use the Services. We are not responsible for the content or the privacy policies or practices of third-party websites, or third-party apps.
By using the Services, you acknowledge that WWLDF will use your information in the United States, and any other country where WWLDF operates. Please be aware that the privacy laws and standards in certain countries, including the rights of authorities to access your personal information, may differ from those that apply in the country in which you reside. We will transfer personal information only to these countries to which we are permitted by law to transfer personal information, and we will take steps to ensure that your personal information continues to enjoy appropriate protections. Please read on to learn more about how we protect personal information that’s transferred outside of Europe.
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like signing up for our newsletter or for a grant application, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in for future product updates after your purchase, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at admin(at)whatwouldlovedo.org. If you need to opt-out from our newsletter, you may do so by the link at the bottom of each email.
SECTION 3 – INFORMATION USES, SHARING, & DISCLOSURE
When you access or use the Services, we collect, use, share, and otherwise process your personal information as described in this policy. We rely on a number of legal bases to use your information in these ways. These legal bases include where:
- you have consented to the processing, which you can revoke at any time;
- necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims;
- necessary for the purposes of our or a third party’s legitimate interests, such as those of visitors, members, or partners;
- you have expressly made the information public;
- necessary in the public interest; and
- occasionally necessary to protect your vital interests, or those of others.
Note that we principally rely on consent (i) to send marketing messages, (ii) for third-party data sharing related to advertising, and, to the extent applicable, (iii) for the use of location data for advertising purposes.
Where we process your information on the basis of legitimate interests, we do so as follows:
Providing and improving our Services: We may use your information to improve and customize our Services, including sharing of your information for such purposes, and we do so as it is necessary to pursue our legitimate interests of improving our Services for our users. This is also necessary to enable us to pursue our legitimate interests in understanding how our Services are being used, and to explore and unlock ways to develop and grow our business. It is also necessary to allow us to pursue our legitimate interests in improving our Services, efficiency, interest in Services for users and obtaining insights into usage patterns of our Services.
Keeping our Services safe and secure: We may also use your information for safety and security purposes, including sharing of your information for such purposes, and we do so because it is necessary to pursue our legitimate interests in ensuring the security of our Services, including enhancing protection of our community against spam, harassment, intellectual property infringement, crime, and security risks of all kind.
We respect your privacy. WWLDF will not disclose your name, email address or other personal information to third parties without your consent, except as specified in this policy.
If WWLDF receives a lawful, verified request for a member’s records or information in one of the limited circumstances described in the previous paragraph, WWLDF may disclose personal information, which may include, but may not be limited to, a member’s name, address, phone number, email address, and company name.
Service Providers: WWLDF also needs to engage third-party companies and individuals (such as payment processors, research companies, and analytics and security providers) to help us operate, provide, and market the Services. These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated to WWLDF not to disclose or use your information for other purposes. Our engagement of service providers is often necessary for us to provide the Services to you, particularly where such companies play important roles like processing payments and shipments and helping us keep our Service operating and secure. In some other cases, these service providers aren’t strictly necessary for us to provide the Services, but help us make it better, like by helping us conduct research into how we could better serve our users. In these latter cases, we have a legitimate interest in working with service providers to make our Services better.
We can speak only for ourselves; this policy does not apply to the practices of third parties that WWLDF does not own or control or individuals that WWLDF does not employ or manage. If you provide your information to others, different practices may apply to the use or disclosure of the information that you provide to them. WWLDF does not control the privacy policies of third parties, including other members who sell using the Services or API users. WWLDF is not responsible for the privacy or security practices of these sellers, API users, or other websites on the Internet, even those linked to or from the Services. We encourage you to read the privacy policies and ask questions of third parties before you disclose your personal information to them. For the purposes of European law, these sellers and API users are independent controllers of data, which means that they are responsible for providing and complying with their own policies relating to any personal information they obtain in connection with the Services.
SECTION 4 – STORE AND NEWSLETTER
Our store’s payment processor is PayPal. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through PayPal’s data storage and databases. They store your data on a secure server behind a firewall.
Our newsletter mailing system is handled by MailChimp. All your personal information such as your First Name and Email address will be stored here, securely as well.
If you choose a direct payment gateway to complete your purchase, then PayPal stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For Paypal transactions, all transactions will utilize your existing credits or any credit card transaction which you have initially setup within your Paypal account.
SECTION 5 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our website or store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, all PCI-DSS requirements are followed and additional generally accepted industry standards are implemented.
When you use our site, we may store “cookies” which are strings of code, on your computer. Third party service providers such as Paypal (payment processors), MailChimp (newsletter) and our analytics Service Providers (like Google) use those cookies to collect information about your visit and your use of our Website or Services. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block cookies, it may be more difficult (and maybe even impossible) to use some aspects of the Services.
WWLDF does not participate in Privacy Shield at this time. However, WWLDF may rely on the EU-US Privacy Shield to transfer personal information to some of our third party service providers in the United States, where they are certified to receive such information under the Privacy Shield Program.
SECTION 7 – COOKIES
Currently we are using the following persistent cookies (all other cookies are session based and will expire when you exit your browser):
This cookie is associated with sites using CloudFlare, used to speed up page load times. According to CloudFlare it is used to override any security restrictions based on the IP address the visitor is coming from. It does not contain any user identification information. Strictly Necessary (Security, Performance)
SECTION 8 – YOUR RIGHTS
You may benefit from a number of rights in relation to your information that we process. Some rights apply only in certain limited cases, depending on your location. If you would like to manage, change, limit, or delete your personal information, you can do so via your WWLDF account settings or by contacting us. Upon request, WWLDF will provide you with information about whether we hold any of your personal information. By visiting your account settings, you can access, correct, change, and delete certain personal information associated with your account. In certain cases where we process your information, you may also have a right to restrict or limit the ways in which we use your personal information. In certain circumstances, you also have the right to request the deletion of your personal information, and to obtain a copy of your personal information in an easily accessible format. Please ensure you’ve read the options you have under the “Choice & Control” section above. If you need further assistance, you can contact WWLDF through one of the channels listed below under “Contact.” We will respond to your request within a reasonable timeframe.
If we process your information based on our legitimate interests as explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing purposes, you can always object using the unsubscribe link in such communications or changing your account settings.
SECTION 9 – YOUR RESPONSIBILITIES
If you purchase our Services, you may receive and determine what to do with certain personal information, such as when communicating with users and entering into transactions with buyers. This means you process personal information (for example, buyer name, email address, and shipping address) and, to the extent you do so, under EU law, you are an independent controller of data relating to other users that you may have obtained through the Services.
As a data controller, to the extent that you process user personal information outside of the Services, you may be required under applicable data protection and privacy laws to honor requests for data access, portability, correction, deletion, and objections to processing. Also, if you disclose personal information without the buyer’s proper consent, you are responsible for that unauthorized disclosure. This includes, for example, disclosures you make or unintentional data breaches. For example, you may receive a buyer’s email address or other information as a result of entering into a transaction with that buyer. This information may only be used for WWLDF-related communications or for WWLDF-facilitated transactions. You may not use this information for unsolicited commercial messages or unauthorized transactions. Please bear in mind that you’re responsible for knowing the standard of consent required in any given instance.
If WWLDF and you are found to be joint data controllers of personal information, and if WWLDF is sued, fined, or otherwise incurs expenses because of something that you did as a joint data controller of buyer personal information, you agree to indemnify WWLDF for the expenses it occurs in connection with your processing of buyer personal information.
Where you have provided your consent, you have the right to withdraw your consent to our processing of your information and your use of the Services. For example, you can withdraw your consent to email marketing by using the unsubscribe link in such communications or by changing your account settings. You can choose to withdraw your consent to our processing of your information and your use of the Services at any time by closing your account through your account settings and then emailing admin(at)whatwouldlovedo.org to request that your personal information be deleted, except for information that we are required to retain. This deletion is permanent and your account cannot be reinstated.
If our website is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at: admin(at)whatwouldlovedo.org
What Would Love Do Foundation
P.O. Box 752252
Dayton, OH 45475
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact our US-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.