HelloEarth takes seriously your interest in how your information is collected and used. Please read the following to understand about our privacy practices.
This Privacy Notice discloses the privacy practices of our website, mobile site or app (the "Site"). Specifically, it outlines the types of information that we gather about you while you are using the Site, and the ways in which we use and share this information. This Privacy Notice does not apply to any information you may provide to us, or that we may collect, offline and/or through other means (for example, at a live event, via telephone, or through the mail).
Please read this Privacy Notice carefully. By visiting and using the Site, you agree that your use of our Site, and any dispute over our online privacy practices, is governed by this Privacy Notice and our Terms of Service. Because the Web is an evolving medium, we may need to change our Privacy Notice at some point in the future, in which case we'll post the revised Privacy Notice on this website and update the "Last Updated" date to reflect the date of the changes. By continuing to use the Site after we post any such changes, you accept the Privacy Notice as modified. Your access of the Site for the limited and exclusive purpose of reviewing this Privacy Notice does not constitute your acceptance of this Notice unless you make any further access or use of our Site.
How We Collect Information
The Information you provide, we may collect and store information that you voluntarily supply to us while on our Site. This may include information that can be used to contact or identify you, such as your name, email address, or postal address. Some examples of this type of information include information that you electronically submit when you contact us with questions or participate in contests, surveys or sweepstakes, information that you post on blogs, discussion forums or other community posting and social networking areas on our Site, and information that you electronically submit when you complete an online registration form to access and use certain features of our Site. We also may ask for information (including a credit card number and other financial information) from those users who make purchases or have payment transactions on our Site.
Location Information. We may collect location information (e.g., city and state and/or zip code) that you provide. Certain devices and browsers contain unique identifiers that can be used to identify the geographical location of the device. When you use such a device or browser to access our Site, your device and/or browser may automatically collect and/or transmit your location information. We also may collect GPS information from the device if the device transmits it. Additionally, if you download our app, we may collect your location information in order to deliver our app services. If you choose to enable certain features in our apps that require your geographic location, then we will collect and store that information.
Other Information Automatically Collected to Improve the Site and Deliver Targeted Advertising. We also collect and store information through a variety of automatic technologies, such as browser and flash cookies, pixels and web beacons about your use of our Site, including device identifying information such as IP addresses, MAC address or other device-specific alphanumerical ID numbers, the make and model of your device, the wireless provider associated with your device, whether you downloaded the app, the source of the download of the App (for example, whether via a particular advertisement for the App), when the App is launched, how many times a particular page within the Site is visited, which features the users interact with, and your device or computer's connection to the Internet. If you choose to connect to our Site through a social network such as Facebook, we may automatically collect your profile information. These things allow us, among other things, to improve the delivery of our web pages to you and to measure traffic on the Site.
The information we collect may be collected directly by us, or it may be collected by a third-party website hosting provider, or another third-party service provider, on our behalf.
We also may use "cookies" and other similar technologies on the Site. Cookies are small files that are placed on your hard drive for record-keeping purposes and to enhance your experience with the Site. By showing how and when visitors use the Site, cookies help us deliver advertisements, identify how many unique users visit us, and track user trends and patterns. They also prevent you from having to re-enter your preferences on certain areas of the Site where you may have entered preference information before. This Site also may use web beacons (single-pixel graphic files also known as "transparent GIFs") to access cookies and to count users who visit the Site or open HTML-formatted email messages.
How Information is Used
We use the information we collect from you while you are using the Site in a variety of ways, including, for example, for the purpose for which the information was submitted, to process your registration request, to provide you with services and communications that you have requested, to send you email updates and other communications, customize features and advertising that appear on the Site, to deliver our Site content to you, to measure Site traffic, measure user interests and traffic patterns, and to improve the Site and the services and features offered via the Site.
We may use location information, either information you provided by you or information automatically collected, in order to provide you with content, services and advertising that is relevant to your geographic area. We may combine information we collect from you while you are using our Site with information that we collect from other sources to customize features, content and advertising that appear on our Site.
In addition, we may use any information submitted by or collected from you via the Site for any purpose related to the Site, including to contact you for customer service purposes, to inform you of important changes or additions to our Site or the services offered over our Site, and to send you administrative notices and any other communications that we believe may be of interest to you.
Your Choices. When we request information from you on the Site, you may always choose not to provide us with that information. But if you decline to supply or provide us with certain information while using the Site, you may not be able to use or participate in some or all of the features offered through the Site.
If you want to limit the information that is automatically collected while you use our Site, most Web browsers allow you to disable certain functionality or set certain privacy setting. If you choose to disable cookies or turn off other functionality, you may not be able to use or participate in some or all of the features offered through the Site. If you would like more information on how to opt out of information collection practices by many third parties, visit the Digital Advertising Alliance's website at www.aboutads.info.
How Information is Shared
Sharing with Affiliates, Partners and Third Party Service Providers. We may provide your information to our affiliates or to third parties, including our third party service providers and contractors, for purposes related to Site administration and other services. For example, if you use a credit or debit card to complete a transaction on our Site, we may share your personal information and credit card number with a credit card processing and/or a fulfillment company in order to complete your transaction, or such service provider(s) may collect that information from you directly, on our behalf.
If you do not wish certain information to be shared for these purposes, send a letter to the Online Privacy Coordinator whose contact information is listed at the end of this Privacy Notice.
We also make some content, products and services available through our Site through cooperative relationships with third-party providers, where the brands of our provider partner appear on the Site in connection with such content, products and/or services. We may share with our provider partner any information you provide, or that is collected, in the course of visiting any pages that are made available in cooperation with our provider partner. In some cases, the provider partner may collect information from you directly, in which cases the Privacy Notice of our provider partner may apply to the provider partner's use of your information. The Privacy Notice of our provider partners may differ from ours. If you have any questions regarding the Privacy Notice of one of our provider partners, you should contact the provider partner directly for more information.
Sharing Information with Third Parties for Advertising and Other Promotional Purposes. We may use third-party service providers to target and serve some of the advertisements you see on the Site. We may share technical or aggregate information, such as type of pages viewed and categories of interest, from our Site with these service providers and advertisers for their use in displaying ads on our Site. These third party providers and advertisers may use their own browser or flash cookies, web beacons and similar technologies to collect technical information (such as device unique identifier, IP address, MAC address, browser type, pages visited, and location information) from users of the Site that is generated automatically as a user views or interacts with an ad. These service providers may use that information, sometimes in conjunction with similar information gathered through other websites and other sources, to deliver advertisements on this Site, and on other websites.
Sharing with Third Parties for Other Purposes. Please be aware that we may occasionally release information about our visitors if required to do so by law or if, in our business judgment, such disclosure is reasonably necessary: (a) to comply with legal process; (b) to enforce our Terms of Service; or (c) to protect the rights, property, or personal safety of our Site, us, our affiliates, our officers, directors, employees, representatives, our licensors, other users, and/or the public.
Please also note that as our business grows, we may buy or sell various assets. In the unlikely event that we sell some or all of our assets, or our Site is acquired by another company, information about our Site users may be among the transferred assets.
Data Collected in Connection with Ad Serving and Targeting
We operate in compliance with the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising, www.aboutads.info.
We also may use third-party service providers, to target and serve some of the advertisements you see on the pages of our Site. We may share technical or aggregate information about your interaction with our Site, such as type of pages viewed and categories of interest, from our Site with these service providers for their use in displaying ads on our Site. These providers may use their own cookies, web beacons and similar technologies to collect similar information from our Site. These service providers may use that information, sometimes in conjunction with similar information gathered through other websites, to deliver advertisements on this Site, and on other websites that participate in our service providers' advertising networks, that are tailored to match the perceived interests of consumers. The information obtained by our third-party service providers also may be used to help measure and research an advertisement's effectiveness, or for other purposes.
Unless you affirmatively provide information, the data collected in connection with the ad serving and ad targeting on our Site does not identify you personally and does not include your name, address, email address or telephone number, but it may include device identifying information such as the IP address, MAC address, cookie or other device-specific unique alphanumerical ID of your computer.
Information You Post to Blogs, Discussion Forums and Other Community Posting or Social Networking Areas
Please keep in mind that whenever you voluntarily make your personal information or other private information available for viewing by third parties online - for example on blogs, discussion forums, or other community posting or social networking areas of our Site - that information can be seen, collected and used by others besides us. We cannot be responsible for any unauthorized third-party use of such information.
Children's Privacy Statement
This site is not intended for children under the age of 13. We do not knowingly collect any Personal Information from a child under 13. If we become aware that we have inadvertently received personally identifiable information from a user under the age of 13 as part of the Site, we will delete such information from our records.
How To Make Changes to Your Information
If you are a registered user of our Site, you can make changes to your account information by logging in to the Site and using the tools available via the Site. If you have subscribed to one or more of our email newsletters, you also may change your subscriber information, modify your subscriptions, and/or unsubscribe from these newsletters at any time by logging in to your account. If you have any questions about modifying your account or preference information, please visit the "Customer Service" pages of our Site.
All information we gather on our Site is stored within databases to which only we and services providers are provided access. However, as effective as the reasonable security measures implemented by us may be, no physical or electronic security system is impenetrable. We cannot guarantee the security of our Site's servers or databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
Links to Other Sites
Our Site also includes links to other websites and provides access to products and services offered by third parties, whose privacy policies we do not control. When you access another website or purchase products or services from a third-party, use of any information you provide is governed by the Privacy Notice of the operator of the site you are visiting or the provider of such products or services.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) broadly covers information relating to an identified or identifiable natural person of the European Union. As a result of the broadly written language of the GDPR, the implications of the GDPR are far reaching.
Hello Earth LLC supports your needs to track and manage the GDPR requirements for donor data and communication preferences. Features within Hello Earth LLC can be used with your own internal processes and other 3rd party tools to create a GDPR compliant solution for your organization. You should contact your legal counsel to see how GDPR affects you and your constituents. We will continue to monitor developments related to GDPR and make continued changes to the product suite as necessary.
Understanding Controller Vs. Processor
An organization's obligations under the GDPR depend on whether the company is a "controller" or "processor". A controller is a company that determines the purposes and means of processing personal data, while a processor is a company that processes personal data on behalf of a controller. In some instances, a company may act as both a controller and a processor with respect to different aspects of the same transaction. Hello Earth LLC is considered a processor, and organizations who use Hello Earth LLC are considered a controller.
Data Subject Rights
The major data subject rights of EU individuals that are protected under the GDPR are:
- Breach Notification
- Right to Access
- Right To Be Forgotten and Rectification
- Data Portability
- Privacy By Design
Breach Notification – A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or processed. Generally, a controller must notify the relevant supervisory authority of any data breach that is likely to result in a risk to any EU individual's privacy rights within 72 hours of becoming aware of such a data breach. Additionally, any processor which experiences or is aware of any such data breach must notify the controller of the data breach without undue delay.
If the data breach has a high risk to an EU individual's privacy rights, the controller must also notify the affected individual, unless : (i) the relevant data that is the subject of the breach is adequately protected, (ii) following the breach the controller has taken adequate measures to ensure that the resulting high risk is no longer likely to be a concern, or (iii) notification of the individual data subjects would be disproportionately prohibitive (in which case a public notification would be required)
How Hello Earth LLC Is Handling This – Hello Earth LLC will alert you, our customer, if a defined breach occurs as outlined in the regulation. Furthermore, if the data breach has a high risk to an EU individual's privacy rights, we will notify the individual unless one of the three exceptions occur as outlined in the regulation.
Right to Access – EU individuals have the right to request a controller to confirm whether the individual's personal data is processed, including where and for what purpose it is being processed. They also have the right to receive, free of charge, a copy of the personal data from the controller in an electronic format.
How Hello Earth LLC Is Handling This – As a controller, you can easily copy personal data from within Hello Earth LLC and send it to the individual electronically through our export file functionality and standard reports.
Right to be Forgotten (Data Erasure) and Rectification – EU individuals have the right to require a controller to erase his or her personal data, cease further dissemination of the personal data and potentially restrict the ability of third parties to process the personal data. This also includes the right for the individual to correct inaccurate personal data.
How Hello Earth LLC Is Handling This – Hello Earth LLC allows the deletion of records from our software, and as a controller you can delete records on your own within the Hello Earth LLC software from the search screen. These records are physically deleted from the underlying database. However, it is still up to you to ensure that other copies of the individual's record are deleted, and this includes user-initiated backups of your data. Controllers should ensure that all previous backups that have been created are overwritten to make sure the individual's record is truly erased.
As a processor and global data center provider, Hello Earth LLC has redundant backup systems in place that automatically erase these deleted records after 30 days.
Data Portability – EU individuals have the right to request that a controller transfer their personal data to another controller
How Hello Earth LLC Is Handling This – As a controller, you can easily copy personal data from within Hello Earth LLC and send it to other controllers through our export file functionality and standard reports.
Privacy By Design – While this is a concept that has existed for years in the EU, under GDPR, controllers are now required to (i) implement appropriate technical and organizational measures to implement data protection principles and (ii) integrate necessary safeguards into the processing in order to meet the GDPR requirements. These actions are required both at the time the need of the processing is determined and at the time of the processing itself.
How Hello Earth LLC Is Handling This – Hello Earth LLC and the Hello Earth LLC Online Forms applications allow for donors to opt/in out of communication channels such as phone, post mail and email. This allows your constituents to easily, and explicitly, OPT-IN or OPT-OUT of communications and keeps a running tally of these updates for each constituent. As a controller you will need to make sure you track these interactions correctly in Hello Earth LLC, as well as have policies and procedures in place to ensure that individual's privacy preferences are respected when you conduct marketing and/or communication campaigns.
The GDPR has identified several derogations, or exemptions, where the failure of the controller or processor to comply with GDPR will not result in sanctions or will result in reduced sanctions. These delegations include the following:
- The individual has explicitly consented. However, the GDPR has made consent a very limited exception, and one not to be widely relied upon. Under the GDPR, consent must be clearly and expressly given and must be as easy for the individual to withdraw as it was to give. As noted above, Hello Earth LLC allows for this consent to be made and stored within Hello Earth LLC. Should the individual wish to alter communication references, this can be transmitted via the completion of a second online form to denote this change, and as a controller, you should make the this form readily available.
- The information is necessary for the performance of a contract, a) between the individual and the organization, or b) made in the interests of the individual between the controller and another person.
- The information is necessary for important reasons of public interest or to establish, exercise, or defend legal claims.
- A controller's legitimate interest. In applying this exception, importance of the controller's legitimate interest is weighed against the individual's privacy right in the personal data
Organization's will need to put in place data breach incident management plans, develop plans for how to respond to requests from EU individuals respecting the data subject rights granted under GDPR and update their controller/processor contracts to comply with the requirements of GDPR. It is important to put these plans in place well in advance of a data breach or a data access, data erasure, or other similar request permitted under the GDPR. Also, it will be helpful to make a record of any internal determinations that are made with respect to GDPR (i.e whether the company determines it is acting as a controller or processor)
Hello Earth LLC as a Controller for our EU and UK Prospects/Customers
For our EU and UK clients, Hello Earth LLC also acts as a controller of your information. We have established policies and procedures to address the GDPR requirements as they relate to your interactions with us.
The major data subject rights of EU individuals that are protected under the GDPR are:
- Breach Notification
- Right to Access
- Right To Be Forgotten and Rectification
- Data Portability
- Privacy By Design
Below is more detail and how Hello Earth LLC is handling each element
If the data breach has a high risk to an EU individual's privacy rights,the controller must also notify the affected individual, unless : (i) the relevant data that is the subject of the breach is adequately protected, (ii) following the breach the controller has taken adequate measures to ensure that the resulting high risk is no longer likely to be a concern, or (iii) notification of the individual data subjects would be disproportionately prohibitive (in which case a public notification would be required)
How Hello Earth LLC Is Handling This – Hello Earth LLC will alert you, our customer, if a defined breach occurs of your personal information as outlined in the regulation.
How Hello Earth LLC Is Handling This – Please see our Terms of Service for additional information on how we handle your data. If you would like to learn more how your data is being used, or would like a copy of your personal data free of charge, please send your request firstname.lastname@example.org .
How Hello Earth LLC Is Handling This – If you would like to be removed from our internal marketing and sales databases or correct any inaccurate personal data, simply send a request to email@example.com and we will honor your request.
How Hello Earth LLC Is Handling This – If you would like your information transferred to another controller, simply send a request with the details to firstname.lastname@example.org.