Privacy Policy

Updated and Effective Date: March 2023

This Privacy Policy (this “Policy”) sets forth how Move the Chain, Inc. (“MTC”, “we”, “us”, or “our”) provides you with all the details of the type of information we may hold about you, how we obtain and use it and how we protect your privacy. MTC collects information about you when you access or use our websites, mobile applications, and other online products and services, including but not limited to: https://movethechain.com/ , contact our customer service team; engage with us on social media; or otherwise interact with us (collectively, our “Services”). This Policy does not apply to any third party website to which the Services may link.

Your privacy is extremely important to us. To ensure that we comply with all necessary controls, we have implemented measures which ensure that any personal data we obtain from you is processed and maintained in accordance with accepted principles of good information handling and in accordance with the applicable laws and regulations such as the Federal Trade Commission Act (FTC Act), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (“GDPR”). This policy provides you with details of the type of information we may hold about you, how we may obtain and use information and how we protect your privacy.

Please read this Policy carefully and consult our Terms of Use for more information about the general terms and conditions regarding your use of the Services.

This Policy applies to applies to persons and organizations who use our Services to track their social impact; locate, learn about, and schedule volunteer opportunities with organizations in need of such volunteer services; schedule events internally and/ or to make donations to organizations (“Users”), or manage and operate a MTC account for a corporation, nonprofit organization or individual account. In the interest of clarity, this Policy applies to all individual person and organizational users of the Policy applies to all individual person and organizational users of the Service, including private individuals, employees, nonprofit organizers, company administrators, company organizers, company ambassadors, etc.

• 2.1. The types of information we collect about you

  We collect the following categories of personal information from you in different ways, including from you directly, from you automatically through your use of the Services, and from third parties. The personal information we collect is used and shared as described below.

• 2.2. The information you provide to us

  We collect information you provide directly to us, such as when you create or modify your account; request a volunteer opportunity or receive a volunteer request; make a donation using our services; create a fundraiser, volunteering or cultural event, group or add nonprofit or individual content; and, as applicable, add photos, comments, or other media regarding your volunteer and donation opportunities, contact customer support, or otherwise communicate with us. This information may include personally identifiable information, including your name, company name, gender, date of birth, email, phone number, postal address. We may also collect additional personal information including, but not limited to, your profile picture, your preferred pronouns, causes you care about, nonprofit you support. We may also collect information from you device, including IP address and location.

  If you decide to participate in a volunteering activity, we may collect additional contact information, details requested by a volunteer opportunity organizer, and other information you choose to provide.

  Additionally, if you make a donation using our Services, we may collect limited data related to that financial transaction, including the amount of the transaction, the date of the transaction and the recipient organization. MTC leverages a third party service for donation processing, and do not store any payment information.

• 2.3. The information we collection through your use of our services

  We may also collect information about you through technology. For example, when you visit the Services, we may collect your IP address (an IP address is often associated with the portal through which you enter the Internet, like your ISP (Internet Service Provider), or your company) or other information you choose to explicitly share or submit to us. At times, we use IP addresses to collect information regarding the geolocation and frequency with which visitors browse various parts of our Services and combine this information with other information about you.

  The Services also use Cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. For more information about the processing of information we obtain by automated means and how to change your Cookie settings, please visit our Cookie Policy. To the extent required by applicable law, we will obtain your consent before using Cookies or similar tools.

  Our Services also use other technical methods to track visitor usage, including web beacons (“web beacons” are small pieces of data that are embedded in images on the pages of a website). We use these technical methods to analyze the traffic patterns on our Services, such as the frequency with which our users visit various parts of our Services. These technical methods may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. We also use these technical methods in HTML e-mails that we may send visitors to our Services to determine whether such visitors have opened those e-mails and/or clicked on links in those e-mails. Information we collect using these technologies is never combined with the information you provide (e.g., name, email, etc.).

  We collect this information through your use of the Services and from our service providers.

• 2.4. The information we collect from other sources

  We may also receive information from other sources and combine that with information we collect through our Services. For example:

  If you choose to link, create, or log in to your MTC account with a social media service (e.g., LinkedIn), or if you engage with a separate app or website that uses our API (or whose API we use), we may receive information about you from that site or app.

  If you are a corporate organizational user, your employer may have authorized the integration of employee data with our application, including details such as name, title, department, phone number, email address, date of birth, employee ID, phone number, etc., through the use of an internal communication platform, including Slack and Microsoft Teams, HRIS or SO integration. In certain instances, your authorization may be needed to complete certain integrations (such as Slack).

  When you use messaging and support features (provided by or through third parties such as Mailchimp and Outlook), MTC may also collect information that you provide from or through those services.

  When you provide volunteer services or are provided with volunteer services, each party is able to provide commentary, ratings, and other media regarding the event.

For each category of personal information above, we use your personal information as permitted by applicable laws to carry out the following purposes:

• Provide you with Services: We use your personal information to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us;
• Improve our Services: We use your personal information about you to improve our Services. We might use your personal information to deliver the Services and/or customize your experience with us. For example, we may use your personal information to improve the Services and our other internal business purposes;
• Security and Fraud Prevention and Detection: We use your personal information for security purposes. We may use personal information to enforce our rights, for fraud prevention and detection, or to protect our company, affiliates, our customers, or our Services, or a third-party website or platform;
• Compliance with Laws and to Protect Ourselves: We use your personal information to support auditing, legal and compliance purposes, including responding to court orders or subpoenas. We may also share your personal information if a government agency or investigatory body requests. We may also use your personal information when we are investigating potential fraud or other areas of concern or if we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others;
• Communication between donors, volunteers and nonprofit organizations:Send or facilitate communications, including but not limited to communications between volunteers and organizations and/ or donors and recipient organizations.
• General Communications: We use your personal information to communicate with you about your account or our relationship. We may contact you about your use of our Services. We may contact you about your account, feedback, or changes to our service. We might also contact you about this Privacy Policy or the Services' Terms of Use.
• Debug and Identify Errors: We use your personal information to debug and identify and repair errors that impair existing intended functionality on our Services.
• Statistical Analysis and Research: We may use your personal information for statistical analysis and research purposes, including analyzing performance.

We do not disclose personal information we collect about you, except as described in this Privacy Policy or as described at the time of collection or sharing. Through our services we may share your information:

• Between donors, payment processors facilitating the donation, and the recipient organization, as may be authorized and required, to request receipting for tax purposes;
• Between volunteers and organizations to enable each to efficiently connect through the Services. For example, we share your name, photo (if you provide one), rating, profile data, and any other information you have submitted to the Services and that you have authorized to share with a nonprofit organization;
• With other Users; and with other people, as directed by you, such as when you want to share your donation or volunteering experiences or fundraisers with a friend, coworker, organization (such as your employer), or on a social network (please note that if you are a corporate organizational user, your employer may limit or prevent social sharing);
• With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
• With the general public if you submit content in a public forum, such as blog comments, social media posts, or other features of our Services that are viewable by the general public;
• With third parties with whom you choose to let us share information, for example other apps or websites that integrate with our API or Services, or those with an API or Service with which we integrate;
• We share personal information with service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.
• We also may disclose personal information (a) if required by law, including, for example, to comply with a court order or subpoena, or (b) to enforce our Terms of Use (which can be found athttps://www.movethechain.com/terms-of-use); protect your safety or security, including the safety and security of property that belongs to you; and/or, protect the safety and security of our Services, databases, and/or third parties, including the safety and security of tangible and/or intangible property that belongs to us or to third parties.
• In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
• We may share your information with third parties when you engage in certain activities on our Services that are sponsored by third parties, such as electing to receive information or communications from a third party. When you participate in such activities, you will either be required or requested to agree that the sponsor or business associate may use your personal information (including, in some cases, your e-mail address) in accordance with the sponsor or business associate's privacy practices. If you provide a product review or otherwise share content on our Services, we may share this information publicly/with other users of our Services. If you choose to use integrations we offer on our Services, including for reporting purposes, locking rates, and returning diligence results, we may share certain information with the integration partners.
• In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

The Services may integrate with social sharing features and other related tools which let you share actions you take on our Services with other apps, sites, or media, and vice versa, including LinkedIn, Facebook, Twitter, text messaging and email. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them.

If you are a corporate organizational user, please note that your employer may have limited or turned off such social sharing functionality.

The security and confidentiality of your personal information is important to us. We maintain reasonable technical, administrative, organizational and physical security measures to protect personal information from accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or misuse. From time to time, we review our security procedures in order to consider appropriate new technology and methods. Please be aware though that, despite these efforts, no security measures are perfect or impenetrable.

To the extent permitted by applicable law, we retain your personal information for the duration of our relationship (but no longer than reasonably necessary to fulfil the purposes for which we collected such information), plus a reasonable period in order to be able to run regular deletion routines or to consider the applicable statute of limitation period or to comply with mandatory applicable law. If you have created an account with us, we will delete your account information once your account becomes inactive (i.e., when there has been no user log-in to the account in over 1 year).

We may retain your personal information for a longer period due to legal or regulatory requirements, including in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

• 8.1. Your Account Information

  If you have registered to use MTC on your own, and not through an employment relationship or association with a corporate organizational licensing of MTC, you may correct your account information at any time by logging into your online account. If you wish to delete your account, please access your dashboard, select account information, and then, delete my account.

  If you are using MTC as a result of an organization licensing the Services for use with their employees and associates, you may update your account directly in Slack and/or Microsoft Teams or directly in our platform. If the information was prefilled due to being sourced from your HRIS, payroll or SSO system, and the information is not editable in our platform but which to make a correction, please contact us at support@movethechain.com. Move the Chain will have to collaborate with the licensing organization (the data controller) to ensure that revisions and deletions are fully implemented, as integrations with HRIS, payroll or SSO may result in some changes being reversed.

  Please see section 8.5 (“GDPR and Personal Data Requests”) for information about deletion requests.

  Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law. For instance, we may have to keep records or financial transactions for compliance purposes, or if we believe you have committed fraud or violated our Terms of Use, we may seek to resolve the issue before deleting your information.

• 8.2. Access Rights

  MTC will comply with individual's requests regarding access, correction, and/or deletion of the personal data it stores in accordance with applicable law.

  To the extent provided by the law of your jurisdiction, you may at any time request, in writing, access to the personal information we maintain about you, request how we collect, use and process your personal information, or request that we correct, update, amend, or delete your information, or restrict the processing of such information by contacting us as indicated below, or object to the processing of your personal information in certain circumstances.

  Subject to applicable law, you also have the right to receive, in a structured, commonly used, and machine-readable format, the personal information that you have provided to us about you, with your consent or based on a contract to which you are party. You have the right to have this information transmitted to another company, where it is technically feasible.

• 8.3. Promotional Communications

  If you have registered to use MTC on your own, and not through an employment relationship or association with a corporate licensing of MTC, you may opt out of receiving promotional messages from us by following the instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.

  If you are using MTC as a result of an organization licensing the Services for use with their employees and associates, you may opt out of receiving promotional messages from us by following the instructions from MTC on managing your preferences; however, your employer or the licensing organization may continue to send you messages about MTC and the Services, and we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.

  Where provided by law, you may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal information, and we will apply your preferences going forward.

• 8.4. Other Services

  We may provide links on our Services to third parties. In addition, third parties may also provide links to our Services. These companies may have their own privacy notices or policies, which you are encouraged to review. We do not control such third-party websites and are not responsible for the privacy practices of any non-MTC websites, apps or services (whether or not such site is linked on or to our Services). These links are provided to you for convenience purposes only, and you access them at your own risk.

  The providers of third-party apps, tools, widgets, and plug-ins on our Services, such as LinkedIn and Google buttons, also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of the features and is subject to the privacy policies or notices of these providers. To the extent permitted by applicable law, we are not responsible for these providers' information practices.

• 8.5. GDPR and Personal Data Privacy Rights

  General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The main objective of the GDPR is to define the manner in which the privacy of EU citizens should be protected by unifying the data regulation rules of the EU's member states. The GDPR therefore gives EU citizens' rights regarding the collection and usage of their personal data. Personal data includes any personal information relating to a resident of the EU. Personal data can be anything from a name to a photo, an email address, bank details, posts on social networking websites, medical information, a computer IP address, and so on.

  MTC embedded privacy and the protection of information into the design of our system to ensure that we handle user data in accordance with guidelines defined by the different data protection legislators. MTC ensures that we only use the information that is necessary to provide you with the Services. In the event that a data breach occurs, in spite of our MTC's efforts to prevent such an event, we will make sure to notify the relevant Data Protection Authority of any breach without undue delay once we become aware of any breach.

  If you need to make a data deletion request, please send an email to support@movethechain.com with the subject “Data Deletion Request” from the email associated with your account.

  If you are using the MTC services in your individual capacity and not as a user associated with a corporate organizational licensure of the Services, upon your request for your data to be deleted, MTC will delete all personal information, profile images, Facebook token (if applicable), usage data, and anonymize your activity. MTC will also remove your information from any 3rd party vendors who may be sub-processors of that data. If you are using MTC as a result of an organization licensing the Services for use with their employees and associates, MTC will have to collaborate with the licensing organization (the data controller) to ensure that revisions and deletions are fully implemented, as integrations with HRIS, payroll or SSO may result in some changes being reversed.

  Once data deletion is requested and account ownership is confirmed, the data deletion request enters our queue. Generally, the data is deleted within 14 calendar days of the initial request. During the deletion process data is securely purged from MTC's databases and servers. All related backup and log data will be deleted within 30 calendar days. Once data has been deleted it cannot be recovered.

• 8.6. Data Protection Authority

  In the event that you think that there was a breach in the manner in which we use your personal data, we would appreciate the chance to deal with any of your queries, concerns or complaints in the first instance. Nevertheless, please be aware that you also have the right to lodge a complaint with the relevant data protection authority based on your location.

• 8.7. Security/Data Protection

  We have designed our services to comply with applicable data protection laws, and have implemented industry standard technological and organizational controls to secure the confidentiality of your personal information. We will not disclose confidential information about your business to anyone except where:

  • We are permitted to do so by law;
  • We have a public duty to disclose the information; and/or
  • We need to do so to comply with regulatory requirements, codes or recommendations.

MTC does not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register for the Services. The Services and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at dataprotection@movethechain.com

If you are located in the EEA, the United Kingdom, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data, and this section applies to you.

• 10.1. Legal Basis for Processing

  When we process your personal data, we will do so in reliance on the following lawful bases:

  • To perform our responsibilities under our contract with you (e.g., processing payments for and providing the products and services you requested).
  • When we have a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
  • To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
  • When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.

• 10.2. Data Subject Requests

  Subject to certain limitations, you have the right to request access to the personal data we hold about you and to receive your data in a portable format, the right to ask that your personal data be corrected or erased, and the right to object to, or request that we restrict, certain processing. Individuals in the EEA and UK may submit queries related to the processing of their personal information by MTC by contacting us directly at Privacy@movethechain.com.

• 10.3. Dispute resolution and complaint management process

  MTC commits to resolve complaints about our collection or use of your personal information in accordance with data protection laws applicable to us for the applicable collection or use.

  Individuals in the EU and UK may submit queries related to the processing of their personal information by MTC contacting us directly at Privacy@situsamc.com.

  MTC has further committed to cooperate with: (1) the DPAs concerning personal data transferred from the EU; and (2) the ICO concerning data transferred from the UK, and to comply with the advice given by such authorities as concerns the processing of personal information or unresolved Privacy Shield complaints.

  While you may make a direct complaint at any time to the applicable DPA about our collection or use of your personal information, we would appreciate the chance to deal with any of your queries, concerns or complaints in the first instance.

  If we have not been able to successfully resolve your query or complaint, you may raise your query or complaint directly with the applicable supervisory authority. Contact details for DPAs can be found using the links below:

  • For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
  • For individuals in the UK: https://ico.org.uk/global/contact-us/
  • For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

  If your inquiry still has not been satisfactorily resolved, you may have other recourse mechanisms to address your concerns, such as invoking binding arbitration by the Privacy Shield Panel.

The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) affords consumers residing in California certain rights with respect to their personal information. If you are a California resident, this section applies to you.

The rights for California residents set forth in this section do not extend to (i) personal information that is already protected under the Gramm-Leach-Bliley Act (“GLBA”) as set forth in our GLBA privacy notice (ii) personal information processed solely in the business-to-business context, or (iii) other data that is exempt from certain requirements of the CCPA.

• 11.1. California Consumer Privacy Act

  You may have rights under the California Consumer Privacy Act of 2018 (“CCPA”), as described in this section of our Privacy Policy.

• 11.2. Consumer Rights Requests

  Subject to certain limitations and as we explain further below, you have the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose, (2) request deletion of your personal information, (3) opt out of any “sales” of your personal information that may be occurring, and (4) not be discriminated against for exercising these rights. You may make these requests by contacting us via email at privacy@movethechain.com.

• 11.3. Rights to Request Information

  We are committed to ensuring that you know what information we have collected and shared about you over the 12-month period preceding the request. You can submit a request to us for the following information:

  • The categories of Personal Information that we have collected about you.
  • The categories of sources where we collected the Personal Information.
  • The business or commercial purposes for why we collected and/or sold the Personal Information.
  • The third parties with whom we shared the information.
  • The specific pieces of information we collected.
  • The categories of Personal Information, if any, we have sold about you, categories of third parties to whom we sold that Personal Information, and the category or categories of Personal Information sold to each category of third party.
  • The categories of Personal Information that we've shared with third parties for business or commercial purposes.

• 11.4. Your Right to Request the Deletion of Personal Information

  Upon receiving and verifying such request as described below, we will delete the Personal Information that we have collected about you, except for situations when that information is necessary for MTC to: provide you with a good or service that you have requested; perform a contract we have entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with expectations based on the your relationship with us.

• 11.5. Our Process to responding to Consumer Rights Requests

  We will verify your consumer rights request by asking you to provide information related to your recent interactions with us, as described below.

  • Requests for Household Information:Please note that certain types of Personal Information may be associated with a household, meaning a group of people living together in a single home. Each member of the household must make requests for access or deletion of household Personal Information. We will then verify each member of the household using verification criteria. If we are unable to verify the identity of each household member to the degree of required certainty, we will not be able to respond to the request. We will notify you to explain the basis of our denial. If you are legally entitled to such rights, you may designate an agent to submit a request on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State. If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain personal information, depending on the nature of the information you require, which we will endeavor to match with information we may maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will also be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent's identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity. Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.

  • Requests for specific pieces of personal information:To respond to these requests, we will ask you for at least three pieces of personal information and will endeavor to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial. In addition, we will treat the request as one seeking disclosure of the categories of personal information we have collected about you and endeavor to verify your identity using the less-stringent standards applicable to such requests.

  • Requests for categories of personal information:To respond to these requests, we will ask you for at least two pieces of personal information and endeavor to match those to information we may maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.

  • Requests for deletion of personal information:To respond to these requests, we will ask you for at least two pieces of personal information and endeavor to match those to information we may maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.

  • Non-Discrimination: You have a right not to be discriminated against for the exercise of the privacy rights conferred by the CCPA.

We may change this Policy from time to time, at our sole discretion. Changes will be notified and your continued use of the Services after such notice constitutes your consent to the changes. We encourage you to periodically review the Policy for the latest information on our privacy practices.

To ask us to remove your information from our mailing lists, exercise your rights or submit a request, or have any questions or comments about this Privacy Policy, please email us at Privacy@movethechain.com.