For personal information contained in this policy which is used by CiviCRM, CiviCRM is the data controller under European Union data protection legislation. For personal information contained in this policy which is used by our Partners in connection with CiviCRM.com services, then the relevant partner(s) will be the data controller under European Union data protection legislation.
This policy does not apply to the practices of companies that may be affiliated with CiviCRM but that CiviCRM does not own or control, or to people that CiviCRM does not employ or manage.
Rights & Principles
We strive to be transparent and open in how we collect, use and share your data.
We focus on collecting only the most essential data necessary to facilitate your use of our services.
We offer opportunities for you to provide additional information but we do not require it.
We store data for as long as we have good reason to keep it.
We try to make it easy for you to control your data.
You have the right to access your information that we have collected and store; you have the right to request a copy of the information we have about you;
you have the right to ask us to rectify any inaccuracies in information about you that we have collected and store;
you have the right to ask that we transmit your data that we have collected on you, to another provider (if technically feasible);
you have the right to ask that we restrict processing of your data; you have the right to withdraw consent to the processing of your data; you have the right to request that we remove information about you that we have collected and store;
if, at any time, you have concerns about how we have used your personal information, you have the right to complain to a privacy regulator.
Application & Definitions
This policy applies to any personal information that you enter into your account on the primary website for CiviCRM (https://civicrm.com, “civicrm.com”) as well as information that you enter on related websites that may be directly and indirectly be associated with CiviCRM or services that are provided on behalf of CiviCRM.
Registration at civicrm.org and sites directly related to civicrm.com such as https:/civicrm.org, https://chat.civicrm.org and https://lab.civicrm.org.
Engagement on related services, such as CiviCRM Spark, over which we have direct control.
Registration at CiviCRM-related event websites or attendance at meetups, trainings and/or participation in webinars.
‘Personal information’ (“data”, “information”) is defined as any piece of data that can be used to identify you as an individual and excludes data that may identify you as a representative of a legal entity.
How We Use Information
Monitor and protect the integrity of our websites and services, and to prevent fraudulent or illegal activities.
Analyse and improve the performance and effectiveness of our websites and our services. Personalize your experience on our websites and services, and to directly communicate with you.
Facilitate transactions, be they informational and/or financial, on behalf of users of our websites and/or paid services.
Due to the nature of our services, we do not offer online services to children. Therefore, we do not identify it as relevant to control the age of users signing up for services.
Nonetheless, we honor The Children’s Online Privacy Protection Act (“COPPA”) of April 21, 2000. COPPA applies to any individually identifiable information about a child that is collected online, such as full name, home address, e-mail address, telephone number or any other information that would allow someone to identify or contact the child.
CiviCRM does not knowingly collect information on any person under 18 years of age. We request that children under 18 (years old) do not provide information to us without the consent of a parent or guardian.
Information We Collect
- Directly through transactions, such as website registrations, in which you provide information.
- Automatically through 3rd party services, such as website analytics.
- Automatically through anonymous pingbacks generated through installations of CiviCRM, the software, with which you may be associated.
Information You Provide to Us
basic contact information through website or event registration, such as name, email address, and username;
financial information generated through the processing of financial transactions, such as billing address and transaction identification;
information that expresses your views, opinions or beliefs, such as survey responses or answers to technical questions.
Financial information, such as credit card numbers, is not stored in our systems and is managed by and governed by the data policies of the payment processors we use.
We do not ask for, require, or otherwise track information that is unnecessary to the operation of CiviCRM, such as social security numbers, or equivalent, gender or date of birth.
Information We Collect Automatically
Information We Collect Through Our Services
In addition to data that we explicitly ask for during user interaction, such as name, email, phone, etc., we collect data that browsers, devices, and servers typically make available including IP addresses and language preferences that may be required for the optimal use or general operation of our services. We may approximate device location based on IP addresses.
Information acquired in this manner is not automatically associated with any personally identifiable record or related information. Said information is not anonymised and could be used for the purpose of identification should there be an operational or legal requirement to do so.
Information We Collect Through 3rd Party Services
CiviCRM uses 3rd party software to monitor and deliver our services. We do not own or control these 3rd parties and therefore cannot ensure that their policies of data collection, storage and use are in compliance with CCPA or GDPR. You should review their rules and policies when using third party software not developed by CiviCRM. We can provide a complete and up to date list of 3rd parties we use by request to firstname.lastname@example.org.
We use website analytics software (Google Tag Manager, Google Analytics) to track website user engagement and related behavior for the purpose of improving our services. Data collected includes IP addresses, unique device identifiers, browser types, device types, operating systems, etc. as well as behavioral data such as clicks, page views, durations, visit dates, etc.
Information from Cookies & Other Technologies
Subsidiaries, Employees, and Independent Contractors
Third Party Vendors
As Required by Law
To Protect Rights and Property
With Your Consent
Aggregated and De-Identified Information
We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For example, https://stats.civicrm.org.
Published Support Requests
Information Shared Publicly
We use physical, electronic, and procedural safeguards to protect personal information that you have shared with us.
We use standard methods of authentication to ensure that you may access, control and secure your data.
We use industry-standard SSL-encryption to protect data and data transmissions. Please note that using an SSL is not a guarantee that information may not be accessed, disclosed, altered or destroyed by a breach of firewalls, secure server software, and the like.
All and any information that we gather from you is stored and processed on our secure servers or those of our trusted partners. We implement strict technological and procedural measures to keep your data safe and secure.We only store your data for as long as we need it to provide you with the services that you require, after which they are either deleted or anonymized. We may keep anonymized data regarding financial transactions, such as past invoices and/or contributions made to CiviCRM.
At any point in time you have the right to request that we delete or obfuscate any data that may be used to identify you as an individual. However, please bear in mind that by doing so, you may be required to cancel all or a part of the services that we provide you as we may not be able to provide you with that service without certain data.
Changing Your Preferences and Personal Information
You can edit your account information with CiviCRM at any time. Most personal information you may provide is entirely optional. You can delete your account by visiting the applicable account deletion page; however, please note that some personal information, primarily your contact information, may remain in our records to the extent necessary to protect our legal interests, to maintain a history of past financial transactions or document compliance with regulatory requirements.
You have several choices available when it comes to managing information about you:
Limit the Information that You Provide: If you contact us you can choose not to provide the optional information. Please keep in mind that if you do not provide this information we may not be able to fully respond to you.
Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.
Set Your Browser to Reject Cookies: At this time, CiviCRM does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using CiviCRM’s websites, with the drawback that certain features of CiviCRM’s websites may not function properly without the aid of cookies.
We reply personally to all access requests (positively or negatively) under 1 week (the legal limit from GDPR is 1 month).
If you have a concern regarding any CiviCRM website, product, or service, or if you have specific concerns about this policy, or if you object to any sharing of your personal information that may be permitted under this policy, you may do so by writing to us via email at email@example.com. Alternatively, we can be reached at our postal mail address.
We will take reasonable steps to accommodate your requests as they relate to the operation of CiviCRM. In some instances, it may be that honoring your requests will interfere with or preclude your ability to use our websites, products, or services or may require us to terminate our relationship with you.
Data Protection Officers
Rua das Adelas 17, 1esq
1350 Ortega Street
San Francisco, CA 94122