The purpose of this policy is to detail how we collect, use, and protect donor’s personal information.
Publication Date: January 2020
The Information We Collect:
Information We Collect Directly:
Through You: You may choose to provide personal information by phone, mail, or on our website when you participate in activities such as setting up an account in the Donor Portal, sponsoring a child, making a donation, submitting a form, or joining an email list. The personal information we collect may include your name, postal address, zip code, telephone number, organization name, email address, credit card number, bank information, or billing information.
Information We Collect Automatically:
Through Google Analytics:
Though Social Media Sites:
When you access a social media site where Plan has a presence, we may obtain your personal data depending on your settings or the privacy policies of those sites. To change your settings on these services, please refer to their privacy notices which will tell you how to do this.
Information from Children:
Plan does not knowingly solicit data from children under the age of 13 and does not knowingly market to children under the age of 13 without parental consent. You can find more information about our Child Protection Standards here.
How We Use Your Personal Information:
We will never:
- Share your information with a third party to use for their own marketing purposes
- Rent or sell personal information to any other business or organization
- Send out donor mailings on anyone else’s behalf.
Administrative Purposes: The information you provide us is shared with staff and service providers that process transactions and provide services on our behalf – for example, vendors who process your credit card information, send communications or perform site optimization services. These service providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements.
Facebook Lookalikes: If you live in the United States, we may participate in Facebook’s Custom Audience Lookalike program, which enables us to display personalized ads to persons not on our email lists when they visit Facebook; these individuals have browsing behavior similar to you. Facebook does not share this information in any way, and deletes the information as soon as the match process is complete. If you would like to opt-out of this program, send an email from the email address you are opting out of to the email address provided in our contact information below. Place the following text in the subject line of the email - "Opting Out of Facebook.com Website Custom Audience Ads," and include your name and email address in the body of the email.
Analysis & Market Research: We may analyze information we’ve received to improve the content offered on Plan's website and create a more user-friendly experience. Your information may also be used in the aggregate (pooled and anonymized) for marketing and strategic development purposes.
Legal Purposes: We may disclose information about you (i) if we are required to do so by law or (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to try to direct the transferee to use personal information you have provided in a manner that is consistent with this Privacy Notice.
HOW WE CONTACT YOU:
The personal information you provide will be used to contact you with information directly related to your donation. For example, you will receive a payment confirmation email, end-of-year tax receipt, and be notified about any account issues.
If you have opted into our email/mailing list, we will also contact you – by mail, electronically, or by telephone – with information about our mission, ways that you can help, updates about your sponsored child, or about how your support is helping children in need. Even if you opted in, you can always opt-out of our email/mailing list at any time by sending an email to DonorRelations@planusa.org or by updating your user preferences within the Donor Portal.
If you opt in to receiving text messages from Plan via your mobile phone, we will occasionally contact you. For full terms and conditions from our text messaging vendor, click here.
How We Protect Your Personal And Payment Information:
Plan takes information security seriously. We regularly review our information security procedures to ensure that your information is transferred, used, and stored responsibly. We securely store donor information in our internal donor database. Our security measures include, but are not limited to: annual staff training on data handling; limiting the number of staff with access to your personal information; and electronic and physical security measures, including protection against malicious web activity, 24/7 security software monitoring of staff computers, and SIEM monitoring of all network activity.
We accept donations for sponsorship, projects, and other activities via phone, mail and online through a secure site. When you donate to Plan online, your credit card information is processed by a third party payment processor and secured by a third party security company. Your ACH and credit card contributions are processed in compliance with laws and rigorous prevailing industry standards (i.e., PCIDSS, NACHA). To ensure PCIDSS compliance, Plan utilizes a secure VLAN subnet and specialized monitoring hardware and software. Your payment information is not stored electronically at Plan and therefore cannot be released by Plan for any purpose. Plan’s website utilizes 2048-bit SHA-256 RSA encryption to protect all data in transit.
YOUR RIGHTS AS A LEGAL RESIDENT OF THE EUROPEAN UNION
Under European data protection law, in certain circumstances, you have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be relayed to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
Protection Against Fraud:
Plan will never ask you to:
- supply bank details via email;
- send money to support an individual child;
- enter into direct personal correspondence with a child without oversight by Plan.
Links to Other Websites:
The Plan website contains links to other websites. We do our best to carefully choose those sites with which we link but cannot take responsibility for the practices or content of these sites. We encourage you to review the privacy policies posted on any sites you may visit before providing personal information.
Contacting Us About Your Privacy Preferences:
If you have any questions or concerns about this policy, or would like to review and/or update the information we have collected about you, please contact us:
Plan International USA
155 Plan Way
Warwick, RI 02886