Privacy Policy

We collect the following categories of personal information from you in different ways, including from you directly, from you automatically through your use of the Services, and from third parties. The personal information we collect is used and shared as described below.

We collect information you provide directly to us, such as when you create or modify your account; request a volunteer opportunity or receive a volunteer request; make a donation using our services; create a fundraiser, volunteering or cultural event, group or add nonprofit or individual content; and, as applicable, add photos, comments, or other media regarding your volunteer and donation opportunities, contact customer support, or otherwise communicate with us. This information may include personally identifiable information, including your name, company name, gender, date of birth, email, phone number, postal address. We may also collect additional personal information including, but not limited to, your profile picture, your preferred pronouns, causes you care about, nonprofit you support. We may also collect information from you device, including IP address and location.

If you decide to participate in a volunteering activity, we may collect additional contact information, details requested by a volunteer opportunity organizer, and other information you choose to provide.

Additionally, if you make a donation using our Services, we may collect limited data related to that financial transaction, including the amount of the transaction, the date of the transaction and the recipient organization. MTC leverages a third party service for donation processing, and do not store any payment information.

We may also collect information about you through technology. For example, when you visit the Services, we may collect your IP address (an IP address is often associated with the portal through which you enter the Internet, like your ISP (Internet Service Provider), or your company) or other information you choose to explicitly share or submit to us. At times, we use IP addresses to collect information regarding the geolocation and frequency with which visitors browse various parts of our Services and combine this information with other information about you.

The Services also use Cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. For more information about the processing of information we obtain by automated means and how to change your Cookie settings, please visit our Cookie Policy. To the extent required by applicable law, we will obtain your consent before using Cookies or similar tools.

Our Services also use other technical methods to track visitor usage, including web beacons (“web beacons” are small pieces of data that are embedded in images on the pages of a website). We use these technical methods to analyze the traffic patterns on our Services, such as the frequency with which our users visit various parts of our Services. These technical methods may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. We also use these technical methods in HTML e-mails that we may send visitors to our Services to determine whether such visitors have opened those e-mails and/or clicked on links in those e-mails. Information we collect using these technologies is never combined with the information you provide (e.g., name, email, etc.).

We collect this information through your use of the Services and from our service providers.

We may also receive information from other sources and combine that with information we collect through our Services. For example: If you choose to link, create, or log in to your MTC account with a social media service (e.g., LinkedIn), or if you engage with a separate app or website that uses our API (or whose API we use), we may receive information about you from that site or app.

If you are a corporate organizational user, your employer may have authorized the integration of employee data with our application, including details such as name, title, department, phone number, email address, date of birth, employee ID, phone number, etc., through the use of an internal communication platform, including Slack and Microsoft Teams, HRIS or SO integration. In certain instances, your authorization may be needed to complete certain integrations (such as Slack).

When you use messaging and support features (provided by or through third parties such as Mailchimp and Outlook), MTC may also collect information that you provide from or through those services.

When you provide volunteer services or are provided with volunteer services, each party is able to provide commentary, ratings, and other media regarding the event.

If you have registered to use MTC on your own, and not through an employment relationship or association with a corporate organizational licensing of MTC, you may correct your account information at any time by logging into your online account. If you wish to delete your account, please access your dashboard, select account information, and then, delete my account.

If you are using MTC as a result of an organization licensing the Services for use with their employees and associates, you may update your account directly in Slack and/or Microsoft Teams or directly in our platform. If the information was prefilled due to being sourced from your HRIS, payroll or SSO system, and the information is not editable in our platform but which to make a correction, please contact us at help@movethechain.com. Move the Chain will have to collaborate with the licensing organization (the data controller) to ensure that revisions and deletions are fully implemented, as integrations with HRIS, payroll or SSO may result in some changes being reversed.

Please see section 8.5 (“GDPR and Personal Data Requests”) for information about deletion requests.

Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law. For instance, we may have to keep records or financial transactions for compliance purposes, or if we believe you have committed fraud or violated our Terms of Use, we may seek to resolve the issue before deleting your information.

MTC will comply with individual's requests regarding access, correction, and/or deletion of the personal data it stores in accordance with applicable law.

To the extent provided by the law of your jurisdiction, you may at any time request, in writing, access to the personal information we maintain about you, request how we collect, use and process your personal information, or request that we correct, update, amend, or delete your information, or restrict the processing of such information by contacting us as indicated below, or object to the processing of your personal information in certain circumstances.

Subject to applicable law, you also have the right to receive, in a structured, commonly used, and machine-readable format, the personal information that you have provided to us about you, with your consent or based on a contract to which you are party. You have the right to have this information transmitted to another company, where it is technically feasible.

If you have registered to use MTC on your own, and not through an employment relationship or association with a corporate licensing of MTC, you may opt out of receiving promotional messages from us by following the instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.

If you are using MTC as a result of an organization licensing the Services for use with their employees and associates, you may opt out of receiving promotional messages from us by following the instructions from MTC on managing your preferences; however, your employer or the licensing organization may continue to send you messages about MTC and the Services, and we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.

Where provided by law, you may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal information, and we will apply your preferences going forward.

We may provide links on our Services to third parties. In addition, third parties may also provide links to our Services. These companies may have their own privacy notices or policies, which you are encouraged to review. We do not control such third-party websites and are not responsible for the privacy practices of any non-MTC websites, apps or services (whether or not such site is linked on or to our Services). These links are provided to you for convenience purposes only, and you access them at your own risk.

The providers of third-party apps, tools, widgets, and plug-ins on our Services, such as LinkedIn and Google buttons, also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of the features and is subject to the privacy policies or notices of these providers.

To the extent permitted by applicable law, we are not responsible for these providers' information practices.

General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The main objective of the GDPR is to define the manner in which the privacy of EU citizens should be protected by unifying the data regulation rules of the EU's member states. The GDPR therefore gives EU citizens' rights regarding the collection and usage of their personal data. Personal data includes any personal information relating to a resident of the EU. Personal data can be anything from a name to a photo, an email address, bank details, posts on social networking websites, medical information, a computer IP address, and so on.

MTC embedded privacy and the protection of information into the design of our system to ensure that we handle user data in accordance with guidelines defined by the different data protection legislators. MTC ensures that we only use the information that is necessary to provide you with the Services. In the event that a data breach occurs, in spite of our MTC's efforts to prevent such an event, we will make sure to notify the relevant Data Protection Authority of any breach without undue delay once we become aware of any breach.

If you need to make a data deletion request, please send an email to help@movethechain.com with the subject “Data Deletion Request” from the email associated with your account.

If you are using the MTC services in your individual capacity and not as a user associated with a corporate organizational licensure of the Services, upon your request for your data to be deleted, MTC will delete all personal information, profile images, Facebook token (if applicable), usage data, and anonymize your activity. MTC will also remove your information from any 3rd party vendors who may be sub-processors of that data. If you are using MTC as a result of an organization licensing the Services for use with their employees and associates, MTC will have to collaborate with the licensing organization (the data controller) to ensure that revisions and deletions are fully implemented, as integrations with HRIS, payroll or SSO may result in some changes being reversed.

Once data deletion is requested and account ownership is confirmed, the data deletion request enters our queue. Generally, the data is deleted within 14 calendar days of the initial request. During the deletion process data is securely purged from MTC's databases and servers. All related backup and log data will be deleted within 30 calendar days. Once data has been deleted it cannot be recovered.

In the event that you think that there was a breach in the manner in which we use your personal data, we would appreciate the chance to deal with any of your queries, concerns or complaints in the first instance. Nevertheless, please be aware that you also have the right to lodge a complaint with the relevant data protection authority based on your location.

We have designed our services to comply with applicable data protection laws, and have implemented industry standard technological and organizational controls to secure the confidentiality of your personal information. We will not disclose confidential information about your business to anyone except where:

• We are permitted to do so by law;
• We have a public duty to disclose the information; and/or
• We need to do so to comply with regulatory requirements, codes or recommendations.

When we process your personal data, we will do so in reliance on the following lawful bases:

• To perform our responsibilities under our contract with you (e.g., processing payments for and providing the products and services you requested).
• When we have a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
• To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
• When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.

Subject to certain limitations, you have the right to request access to the personal data we hold about you and to receive your data in a portable format, the right to ask that your personal data be corrected or erased, and the right to object to, or request that we restrict, certain processing. Individuals in the EEA and UK may submit queries related to the processing of their personal information by MTC by contacting us directly at help@movethechain.com

MTC commits to resolve complaints about our collection or use of your personal information in accordance with data protection laws applicable to us for the applicable collection or use.

Individuals in the EU and UK may submit queries related to the processing of their personal information by MTC contacting us directly at help@movethechain.com

MTC has further committed to cooperate with: (1) the DPAs concerning personal data transferred from the EU; and (2) the ICO concerning data transferred from the UK, and to comply with the advice given by such authorities as concerns the processing of personal information or unresolved Privacy Shield complaints.

While you may make a direct complaint at any time to the applicable DPA about our collection or use of your personal information, we would appreciate the chance to deal with any of your queries, concerns or complaints in the first instance.

If we have not been able to successfully resolve your query or complaint, you may raise your query or complaint directly with the applicable supervisory authority. Contact details for DPAs can be found using the links below:

• For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
• For individuals in the UK: https://ico.org.uk/global/contact-us/
• For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

If your inquiry still has not been satisfactorily resolved, you may have other recourse mechanisms to address your concerns, such as invoking binding arbitration by the Privacy Shield Panel.

11.1. California Consumer Privacy Act

You may have rights under the California Consumer Privacy Act of 2018 (“CCPA”), as described in this section of our Privacy Policy.

11.2. Consumer Rights Requests

Subject to certain limitations and as we explain further below, you have the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose, (2) request deletion of your personal information, (3) opt out of any “sales” of your personal information that may be occurring, and (4) not be discriminated against for exercising these rights. You may make these requests by contacting us via email at privacy@movethechain.com

11.3. Rights to Request Information

We are committed to ensuring that you know what information we have collected and shared about you over the 12-month period preceding the request. You can submit a request to us for the following information:

• The categories of Personal Information that we have collected about you.
• The categories of sources where we collected the Personal Information.
• The business or commercial purposes for why we collected and/or sold the Personal Information.
• The third parties with whom we shared the information.
• The specific pieces of information we collected.
• The categories of Personal Information, if any, we have sold about you, categories of third parties to whom we sold that Personal Information, and the category or categories of Personal Information sold to each category of third party.
• The categories of Personal Information that we've shared with third parties for business or commercial purposes.

11.4. Your Right to Request the Deletion of Personal Information

Upon receiving and verifying such request as described below, we will delete the Personal Information that we have collected about you, except for situations when that information is necessary for MTC to: provide you with a good or service that you have requested; perform a contract we have entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with expectations based on the your relationship with us.

11.5. Our Process to responding to Consumer Rights Requests

We will verify your consumer rights request by asking you to provide information related to your recent interactions with us, as described below.

• Requests for Household Information: Please note that certain types of Personal Information may be associated with a household, meaning a group of people living together in a single home. Each member of the household must make requests for access or deletion of household Personal Information. We will then verify each member of the household using verification criteria. If we are unable to verify the identity of each household member to the degree of required certainty, we will not be able to respond to the request. We will notify you to explain the basis of our denial. If you are legally entitled to such rights, you may designate an agent to submit a request on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State. If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain personal information, depending on the nature of the information you require, which we will endeavor to match with information we may maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will also be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent's identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity. Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
• Requests for specific pieces of personal information: To respond to these requests, we will ask you for at least three pieces of personal information and will endeavor to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial. In addition, we will treat the request as one seeking disclosure of the categories of personal information we have collected about you and endeavor to verify your identity using the less-stringent standards applicable to such requests.
• Requests for categories of personal information: To respond to these requests, we will ask you for at least two pieces of personal information and endeavor to match those to information we may maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.
• Requests for deletion of personal information: To respond to these requests, we will ask you for at least two pieces of personal information and endeavor to match those to information we may maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.
• Non-Discrimination: You have a right not to be discriminated against for the exercise of the privacy rights conferred by the CCPA.