Privacy and Security Policy

Last Updated: [7/23/2024]

The following Privacy and Security Policy sets forth the OneCause privacy and security practices and the possible uses of the information that OneCause gathers as part of its business, including the Personal Information (as defined below) that is collected via the OneCause Items (including, without limitation, the web applications made available by OneCause (the “Web applications”)).   Unless defined herein, capitalized terms have the meanings set forth in the OneCause, Inc. Terms of Use (the “Terms”).  “OneCause”, “we” and “our” means OneCause, Inc.

the nonprofits may, from time to time, ask you to submit information to them. OneCause is not responsible for the information practices of THE NONPROFITS. THE NONPROFITS may collect information from or about supporters, including Personal Information. The collection, use, and disclosure of information by a NONPROFIT are subject to the NONPROFITS’ privacy policy OR STATEMENT, which may differ from this Privacy and Security Policy. OneCause encourages you to review each NONPROFIT’S privacy policy before providing such information to IT.

For purposes of this Privacy and Security Policy, the term “Personal Information” means any information or data that alone, or in conjunction with other information or data, can be used to identify a particular individual and that is subject to, or otherwise afforded protection under, a data protection law, statute, or regulations applicable to OneCause.

To request a copy of OneCause’s PCI Attestation of Compliance please visit: https://www.onecause.com/general/pci-attestation-of-compliance/pci-attestation-download/

Security

OneCause follows international PCI (payment card industry) standards for data security. All OneCause applications, network components, critical servers, and wireless access points are consistent with industry-accepted hardening standards. OneCause uses 256 bit AES encryption when storing sensitive Personal Information. All pages that capture sensitive card data on-site or through Mobile Application use a secure iFrame provided by our card payment processors using the TLS 1.2 or above protocol (256 bit encryption). In addition, the OneCause mobile devices connect to wireless networks with WPA2 security, which encrypts all the packets that are sent via the air or connect to the cellular network.

OneCause’s primary payment processor is First American Payment Systems (https://www.first-american.net) (“First American”). During the card authorization process, a 16 character token is generated by First American and passed back to OneCause. OneCause stores the token in place of the Primary Account Number (PAN), while First American stores the PAN.  First American has been certified as a Level 1 Service Provider of Payment Card Industry (PCI) Data Security Standards (DSS), which is the highest possible level. For verification, please see Visa’s Global Registry of PCI Validated Service Providers: https://www.visa.com/splisting/searchGrsp.do. Service providers on this list were validated as PCI DSS compliant by a QSA and are required to re-validate their compliance on an annual basis.  OneCause reserves the right to change its primary payment processor from time to time.

While we employ commercially reasonable standards and exercise great care in collecting and protecting your information, no safeguards or processes can be guaranteed to be 100% secure. We cannot ensure or warrant the security of any of such information, and you provide such information at your own risk.

Please review our Terms here: https://www.onecause.com/general/user-terms/

Whose Information Do We Collect

OneCause collects Personal Information from a broad range of individuals in the context of its business activities, including from the following: customers; individuals that use, or otherwise access, our websites; individuals who visit our premises or facilities; job applicants, representatives of our suppliers, customers and other business contacts; contractors and similar types of workers; individuals related to, or otherwise affiliated with, our employees; and, individuals who contact us by any means.

What Information We Collect

The type of Personal Information that OneCause collects depends on our relationship with the particular individual. We will not collect any Personal Information about you unless you provide us that information voluntarily. If you do not provide the Personal Information that OneCause requests, we may not be able to provide you with certain services or complete a transaction, and you agree that OneCause will not be liable or otherwise responsible for any damages or loss arising from such circumstances. Generally, we collect the following types and categories of Personal Information:

Identity Data: This is information that can include, as applicable, name, billing, shipping and residential address, e-mail address, telephone number, professional title, and your employer’s name.

Registration Data: OneCause collects Personal Information provided by you when you register for an account to use the OneCause Items, including any Mobile Application, including usernames and passwords.

Business Contact Data: This is information related to employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, partnership, sole proprietorship, nonprofit, or government agency) with whom OneCause may conduct, or possibly conduct, business activities.

Recruitment Data: Information derived from employment applications or submitted in connection with a job posting or inquiry, such as a resume/curriculum vitae, professional references, information about education and employment experience, and information about professional training and certifications.

Marketing and Communications Data: Your marketing preferences and your subscriptions to our publications or marketing materials.

Transaction Data: This data related to your donations and purchases and the details of payments to and from you, including purchase and donation history and preferences.

Feedback and Comments: Your comments or any statements you provide to us through the OneCause Items.

Giving History: OneCause keeps a record of each user’s transaction history. This information is kept on file for individuals to reference for personal record keeping and/or tax return purposes. The history is also used by OneCause to analyze overall giving patterns in order to produce benchmark data.

Financial Information: If you register for the OneCause Items or any service under which OneCause will request the processing of payments made by you, then the processor may require certain financial information, like the name on a credit card, the credit card number, and the credit card expiration date (collectively, “Financial Information”).

Usage Data: When you access and use the Web applications, we may automatically collect information about your device and internet connection, including the device’s unique device identifier (e.g., device type, IMEI, Wi-Fi MAC, IP address), operating system, browser type, and mobile network information. The Web applications may collect “diagnostic” data related to your use of the Web applications, such as crash data and logs, performance data (e.g., launch time, hang rate, or energy use), and any other data collected for the purposes of measuring technical diagnostics.

Metadata and Device Data: The Web applications may access metadata and other information associated with files stored on your device, such as photographs, audio and video clips, personal contacts, and address book information.

User-Generated Content: Forums, live chat, and other features of the OneCause Items may allow you to submit user-generated content (collectively, the “User Forums”). User-generated content submitted by you through the User Forums may be stored in our system’s databases encrypted at rest and in transit.

Cookies: OneCause may collect information through the use of common locally stored tracking objects such as cookies. Cookies are small strings of text placed onto your computer by a website to improve your visit to the website by tracking which parts of the website you visit most often. You have the option to delete or decline cookies by changing your browser’s settings. OneCause may place cookies onto your computer to track your experience on the OneCause Items. You may disable the use of cookies through your web browser. However, disabling cookies through your web browser may cause certain parts of the OneCause Items to become inoperable.

Server Logging: Our server logs may store information you provide to us through your web browser when you visit the website or Web applications, like your IP address, web browser type, referring URL, and other HTTP Header information. We use this information to troubleshoot issues with the OneCause Items and in an aggregated form for statistical purposes. We also may, from time to time, attempt to personally identify individuals using this information who may be maliciously using the OneCause Items, threatening our users, or violating applicable laws.

GPS Information: When browsing the website through a mobile phone or accessing the Web applications, we will attempt to collect your location through GPS for social activities and giving opportunities near you. You may remove this location sharing authorization in your mobile device.

Google Analytics: OneCause has implemented the event tracking feature of Google Analytics Advertising offering, including Remarketing with Google Analytics, Google Display Network Impression Reporting, DoubleClick Platform integrations and Google Analytics Demographics and Interest Reporting. You have the ability to opt out by visiting: https://tools.google.com/dlpage/gaoptout/

Google reCAPTCHA v3: This site is protected by reCAPTCHA. OneCause has implemented the feature of Google reCAPTCHA v3 for credit card transaction security. By utilizing credit card and ACH transactions with our site services, you grant consent to collect data about your transaction. To opt out, do not utilize credit card or ACH transactions with our site services.  For more information please visit https://policies.google.com/privacy and https://policies.google.com/terms.

Sources of Data

Third Party Data: Most often, OneCause obtains Personal Information directly from individuals themselves, such as when they use or access the OneCause Items. However, we may collect Personal Information about you from third parties, such as former employers, references, or social media.  In the event you provide Personal Information about a third party, you expressly represent and warrant to OneCause that you have the full right and lawful authority to provide OneCause with the Personal Information and you hereby agree to fully reimburse OneCause for any damages, losses, or expenses that arise based on your violation of your representations and warranties set forth herein.

How We Use Information

Improving Your Experience: We use both Personal Information and non-identifiable, aggregated information to improve the products and services we offer, to conduct market research, to generate profiles and reports, and to improve your overall experience of the website or Web applications. We also may share this anonymous, aggregated information with partners, advertisers or other third parties.

Direct Marketing: By providing Personal Information on the website or Web applications you consent to OneCause’s use to contact you via Email or Mobile Application Notifications. If you do not wish to receive marketing communications from OneCause, you may unsubscribe by following instructions provided within or disable notifications in the Mobile Application settings.

Purchases: When you make donations or purchases or otherwise pay for items on the OneCause Items, we will share your Personal Information and Financial Information with our third-party payment processors. We will only share the information necessary to complete the transaction.

“Contact Us” or Troubleshooting: Information provided by you as part of a request that we follow up or contact you as part of the “Contact Us” feature on the OneCause Items will be used by us to contact you and discuss your concerns or interest in the OneCause Items. We may use your information to provide customer support or troubleshooting in the connection with your use of the OneCause Items.

Talent Management: OneCause may use information in connection with a job application for the purpose of employment consideration, background checks and employment eligibility, and as otherwise set forth in any separate privacy statement or other notice made available to in connection with your application. We may use a third party (e.g., job recruiter) or social media platform to solicit, collect, and retain employment applications and inquiries.

Combination: We may, on occasion, combine information we collect through the OneCause Items with information that we collect from other sources for business development purposes .

Other: We use Personal Information for such purposes for which OneCause may obtain consent from time to time and for such other uses as may be permitted or required by applicable law.

How We Share Your Information

We will never sell, lease, or share your information to third parties for profit or monetary or other valuable consideration. However, we may disclose your information to our affiliates, as well as third party partners as follows below, as well as otherwise permitted or required by law:

Service Providers: Your Personal Information may be shared with third party service providers that assist OneCause in fulfilling orders from users, delivering packages, sending mail, providing search results and links, or similar customer services.

Law Enforcement: Your Personal Information (including your Financial Information) may, to the extent permitted by law, be shared with law enforcement officials if it relates to a criminal investigation or alleged illegal activity or we believe it is in our legitimate interest to share such Personal Information to law enforcement.

Necessary or for Safety Reasons: We may disclose your Personal Information (including your Financial Information) if required or permitted to do so by law, for fraud protection and credit risk reduction purposes, or in the good-faith belief that such action is necessary to protect and defend the rights or property of OneCause or the users of the OneCause Items, to act under urgent circumstances to protect the safety of OneCause or its employees or a member of the public, or to comply with a judicial proceeding, court order, or legal process.

Sale or Acquisition of Assets: If OneCause becomes involved in a transaction involving the sale of its assets, such as a merger or acquisition, or if OneCause is transferred to another company, OneCause may disclose and/or transfer your Personal Information (including your Financial Information) as part of the transaction. If the surviving entity in that transaction is not OneCause, the surviving entity may use your information pursuant to their own privacy policies, and those policies may be different from this Privacy and Security Policy. OneCause will make reasonable efforts to notify you in the event of such transaction.

Messaging: We will not share any SMS opt-in data that could personally identify you.  We may share anonymous, aggregated information with partners, advertisers, or other third parties.

Verifying Your Account Information

You may check your account to verify, update or correct certain Personal Information, and to have any information removed.  More specifically, if you created an account, you can access and change your profile yourself or email us at support@onecause.com.

Spam

OneCause does not participate in bulk email solicitations that you have not consented to receiving. We do not sell or disclose client lists or email address lists to unrelated third parties. If you no longer wish to receive email communications from OneCause, you may email us at support@onecause.com or click on the “unsubscribe” link at the bottom of any email sent to you by OneCause.

California Privacy Rights

Data Privacy Rights. Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), California residents have additional data privacy rights, including (i) the right to be notified about what Personal Information is collected about you, and our intended use and purpose for collecting your Personal Information, (ii) the right to know and access Personal Information we have collected, used, disclosed, or sold about you over the past twelve (12) months, including the categories of Personal Information we have collected, used, disclosed, or sold about you, the categories of sources from which the Personal Information is collected, the business or commercial purpose for which your Personal Information was collected, used, disclosed, or sold, and the categories of third parties with whom we have shared your Personal Information, (iii) the right to request OneCause to transfer, to the extent feasible, Personal Information in certain forms and formats, (iv) the right to request that we delete/erase your Personal Information under certain circumstances, and (v) the right not to be subject to discrimination for asserting your rights under the CCPA. The Personal Information we collect from you, the purposes for which it is used, the source of such Personal Information, and the parties to whom we share your Personal Information is set forth in this Privacy and Security Policy. To exercise any of the CCPA’s data privacy rights set forth herein, please contact us in accordance with the “Contact Us” section listed below. If you would prefer, you may designate an authorized agent to submit a CCPA privacy request on your behalf.  An authorized agent must be registered with the California Secretary of State to conduct business in California.

Privacy Request Verification Process. If you (or your authorized agent) makes any request related to your Personal Information under the CCPA, OneCause will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. OneCause will, to the extent required or permitted by law, require you (or your authorized agent) to verify your request via email or other means and match at least two or three pieces of Personal Information we have previously collected from you before granting you access to, or erasing, specific pieces or categories of Personal Information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein, unless you have provided the authorized agent with power of attorney pursuant to California Probate Code §§ 4121 to 4130. None of the CCPA’s rights are absolute and are subject to legal and regulatory exceptions and exemptions. For more information about the CCPA, please see: https://oag.ca.gov/privacy/ccpa.

Opt-Out Rights / Do Not Sell My Personal Information. California residents have the right to opt-out of the sale of their Personal Information. OneCause does not sell your Personal Information to third parties for profit or other valuable consideration. Our services are not directed at, and should not be used by, minors under the age of sixteen (16), and therefore OneCause does not knowingly collect or sell the Personal Information of minors under sixteen (16) years of age.

Nevada Privacy Rights

Although we do not currently conduct sales of Personal Information, Nevada residents may submit a request directing us to not sell Personal Information we maintain about them to third parties who will sell or license their information to others.

Canada Privacy Rights

For residents of Canada: If you make a written request to review any Personal Information about you that we have collected, utilized, or disclosed, we will provide you with any such Personal Information to the extent required by law. We will make such Personal Information available to you in a form that is generally understandable and will explain any abbreviations or codes.

At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.

We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. You have the right to make a complaint to the federal Privacy Commissioner in respect of this time limit.

We will not charge any costs for you to access your Personal Information in our records or to access our Privacy Policy or practices without first providing you with an estimate of the approximate costs, if any.

We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.

Do Not Track Signals

Some web browsers may transmit “Do Not Track” signals to the OneCause Items with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not, unless otherwise required by law, take action in response to these signals.

Persons with Disabilities

OneCause strives to ensure that every person has access to information related to our products and services, including this Privacy and Security Policy. Please contact us if you would like this Privacy and Security Policy provided in an alternative format and we will seek to meet your needs.

We Do Not Sell Personal Information

OneCause does not sell, lease, or rent Personal Information on any individual, including minors, to a third party for profit or other valuable consideration. We do share, however, Personal Information with third parties, as described in this Privacy and Security Policy.

Events and Video Teleconferencing

OneCause hosts, and uses video teleconferencing platforms to facilitate, conferences, meetings, training events, and other programs. We often use online platforms that are owned and administered by a third-party service provider (e.g., Zoom, WebEx, Skype for Business). Please be aware that our video teleconferencing may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third-party service providers. By participating in our events and video teleconferencing, you hereby consent to the collection and retention of any information provided therein, and hereby consent to the recording of such activities.

Chats and Discussion Boards

Please be aware that User Forums are open to the public so others using these areas on the website or Web applications can read information you submit. Any information you submit when participating in the User Forums may be publicly available.

Children

We do not knowingly collect Personal Information from persons under the age of 13. If we learn that we have inadvertently collected Personal Information from a child under 13 years of age, we will promptly take all reasonable measures to delete that information from our systems. Our web site is designed for adults and is not intentionally targeted to children under the age of 13. Children under the age of 13 should not use the OneCause Items without obtaining prior parental consent.

Information Security

We are committed to protecting the security of your Personal Information. We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. HOWEVER, NO INFORMATION SYSTEM CAN BE FULLY SECURE, SO WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR PERSONAL INFORMATION. MOREOVER, WE ARE NOT RESPONSIBLE FOR THE SECURITY OF INFORMATION YOU TRANSMIT TO THE ONECAUSE ITEMS OVER NETWORKS THAT WE DO NOT CONTROL, INCLUDING THE INTERNET AND WIRELESS NETWORKS, AND YOU PROVIDE US WITH ANY INFORMATION AND DATA AT YOUR OWN RISK. TO THE EXTENT PERMITTED BY LAW, ONECAUSE SHALL NOT BE LIABLE OR OTHERWISE RESPONSIBLE FOR ANY DATA INCIDENTS THAT MAY COMPROMISE THE CONFIDENTIALITY, INTEGRITY, OR SECURITY OF YOUR PERSONAL INFORMATION. The safety and security of your Personal Information also depends on you. Where we have given you (or where you have chosen) a username and password to access the OneCause Items, you are responsible for maintaining the security and confidentiality of those credentials. You must contact us immediately if you have reason to believe that your username or password to the OneCause Items have been compromised. You acknowledge and agree that we may contact you via email or other electronic communications in the event we are legally required to notify you of a data security incident or event related to your Personal Information.

Data Retention and Localization

The period during which OneCause retains your Personal Information varies depending on the purpose for the data processing and we will utilize, disclose or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law. For example, we retain Personal Information needed to provide you with products and services, to facilitate transactions you have requested, or to engage in marketing activities, and for so long as necessary to defend our legal or business interests. We may keep a record of your Personal Information, correspondence or comments, in a file specific to you.

OneCause is based in the United States and the Personal Information that we collect and process is retained and stored in the United States. Please be aware that the United States may not provide the same level of protection of Personal Information as in other countries or jurisdictions, and when transferred to the United States, your Personal Information may be accessible by, or otherwise made available to, government authorities and officials pursuant to judicial and/or administrative orders, decrees, and demands, and/or other domestic laws, statutes, and regulations, applicable in the United States. By continuing to provide us such Personal Information you hereby consent to your Personal Information being transferred to, and stored in, the United States.

Collection of Information by Third-Party Websites

OneCause may, from time to time, link to third-party websites whose information practices may be different from the practices described in this Privacy and Security Policy. OneCause does not endorse or make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available on such third-party websites, even if one or more pages of such third-party website is framed within a page of the OneCause Items. Your use of such third-party websites is governed by and subject to the terms and guidelines of those website(s). As such, you should consult the privacy policies of such third-party websites.

Your Responsibilities

You are permitted, and hereby agree, to only provide Personal Information to OneCause if such Personal Information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon any individual’s data privacy rights or privileges. IF YOU PROVIDE ONECAUSE WITH ANY PERSONAL INFORMATION ABOUT YOURSELF OR A THIRD PARTY, YOU EXPRESSLY REPRESENT AND WARRANT TO ONECAUSE THAT YOU HAVE THE FULL RIGHT AND AUTHORITY TO DISCLOSE SUCH PERSONAL INFORMATION TO ONECAUSE, ONECAUSE CAN USE SUCH PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY AND SECURITY POLICY, AND YOU ARE IN COMPLIANCE WITH THE REQUIREMENTS SET FORTH HEREIN. You also agree to fully reimburse OneCause for any damages, losses, or expenses that arise based on your violation of your representations, warranties and responsibilities set forth in this Privacy and Security Policy.

Deidentified and Aggregated Data

For purposes of this Privacy Policy, the term “Personal Information” does not include anonymized or de-identified data that is not attributable to a particular individual or that is not otherwise subject to a data protection law, statute, or regulation. OneCause may anonymize or de-identify personal information, and such data is not subject to this Privacy Policy, and OneCause may use such data for any lawful purpose.

Modifications

This Privacy and Security Policy was last modified at the date first printed above. OneCause reserves the right to update this Privacy and Security Policy from time to time, and you should check this page periodically for changes. OneCause will not reduce your rights under this Privacy and Security Policy without your explicit consent. OneCause will provide notification of material changes to this Privacy and Security Policy by posting an updated version on the Website or the Mobile Application and such updates will be reflected in the “Last Updated” date set forth above.  By continuing to use of the OneCause Items, including our Website and Mobile Application after such changes to the Privacy and Security Policy, you hereby acknowledge and agree to such changes.

Contact Us

If there are any questions regarding this Privacy and Security Policy, you may contact us using the information below.

OneCause, Inc
ATTN: Privacy and Security
PO Box 80548
Indianapolis, IN 46280
tel: 888.729.0399
fax: 888.265.4495
email: 
support@onecause.com