At everydayhero, we are committed to protecting your privacy. We use your data as described below to allow you to use everydayhero and enhance your experience using our platform.
everydayhero in the UK is a service provided by Everyday Hero Limited, an entity established under the laws of England and Wales. You can contact everydayhero via firstname.lastname@example.org or by writing to everydayhero, WeWork 10 York road London, United Kingdom. This Policy applies to our collection and use of your data in connection with our services, like the everydayhero website (the "Services").
To contact everydayhero's Data Protection Officer regarding our processing of your personal data, email email@example.com.
everydayhero recognises that your personal data belongs to you and we don't wish to use it in ways that you don't want us to.
You can control whether or not you receive most types of email from everydayhero by visiting the "Manage Notifications" tab in your account.
You can also exercise a variety of rights regarding our use of your data:
To exercise any of the foregoing rights, click here. Note that some of these rights may not be enforceable until 25 May 2018 and some aren't absolute—for example, we may not be able to forget you if we have to keep some of your data to comply with the law—but we'll evaluate your request in accordance with applicable data protection laws. everydayhero will respond to your request within one month of receiving it. Also, note that you have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.
We know that it's complicated, but when you use the Services to make a donation or fundraise, some of your data is collected by us for the charity's use and some is for ours. This makes us a data controller for the data we need to create your everydayhero account, give you general customer support, send you helpful updates from everydayhero and monitor and improve our Services. Charities are data controllers for donation and fundraising data, even though those activities happen on our platform.
For more information, here's a handy infographic.
As stated above, we collect data for our use to create your account, give you general customer support, send you helpful updates from everydayhero and monitor and improve our products. We discuss what data we collect for those purposes below.
Charities ultimately determine the data we collect related to your donations and fundraising and how they'll use that data. Even so, we thought it would be helpful to describe the data we're collecting on their behalf when you make a donation or fundraise, so that information is also below.
We don't receive any personal data about you other than what you provide us, either by creating an account, using the Services, from Facebook, Fitbit, Twitter, MapMyFitness and Strava (your "Connections") when you agree to share data between the Services and your Connections, or data we can infer from your use of the Services.
WHAT WE COLLECT FOR US:
When you create an everydayhero account: We will collect basic contact information about you to set up your account. This will include your name, address, email address and phone number. We will also ask you to select a password so you can gain secure access to your account in the future.
Alternatively, you may authorise us to collect your basic personal details from a secure online source (e.g. Facebook, Strava or MapMyFitness) to which you have already provided this information.
When you sign in to everydayhero using your Connections: If you choose to log in via one of the Connections, we will receive your profile information to allow you to login and populate our records about you. In addition, we obtain access to the following data:
You can control whether or not your Connections share this data with us, either by changing your preferences in the "Manage Connections" tab in your account or, if available, by visiting the app setting controls on the Connections' websites.
WHAT WE COLLECT FOR CHARITIES:
When you make a donation: To enable us to process donations, we will collect basic payment information as well as your name, home address and email address.
When you create a fundraising page: We will use the details you provided when you set up your account to create your fundraising page. Where applicable, we will ask you to provide details of how and when you are intending to fundraise and/or the occasion you are recognising by carrying out the fundraising.
When you give us information about others: You may decide to provide us with information about others (or authorise us to collect this information on your behalf from your social networks) for example:
You must ensure that they have agreed to you providing us with their information. Where required by local laws, we would advise you to keep a record of their agreement and provide them with a copy of, or link to, this Policy. This is especially the case if you provide us with sensitive information about them (e.g. a reference to an illness or health condition).
You should also only contact individuals using the Services who you know would be happy to hear from you and must not use our Services to send unsolicited 'spam' messages.
You are not required to provide personal data to us. Note, however, that your failure to do so may affect our ability to provide the Services you request. For example, we are unable to process your donation to a fundraiser if you do not provide your payment information.
everydayhero uses your personal data to allow you to create an account, to give you customer support about general site usage, to send you communications and to enhance your ability to fundraise. We also use your data to help us make everydayhero better.
Create Your Account: We use your information to create your everydayhero account.
Help You Use the Website: We use your information to provide customer support about your use of the Services generally, like if you have problems accessing your account. Note that if we provide customer support with your donation or fundraiser, we do so on the charity's behalf.
Communications: We use your information to send you some different types of emails (on our own behalf and on behalf of charities) and you can stop receiving them as set forth below:
|Types of Emails||On Whose Behalf Are They Sent?||How Can You Stop Getting Them?|
|Fundraising page notifications, team fundraising notifications, important updates from campaigns you're fundraising in||The charity you donate to or fundraise for||You can opt out by visiting the "Manage Notifications" tab in your account or click unsubscribe on any email|
|Helpful updates from everydayhero||everydayhero||You can opt out by visiting the "Manage Notifications" tab in your account or click unsubscribe on any email|
|Triggered by actions you take using the Services, like page creation and cancellation notification emails||The charity you donate to or fundraise for||You can't opt out of these, but you won't receive any unless you take an action on everydayhero. To stop receiving these emails, just don't take any actions on the platform.|
|Containing communications charities are required to provide you by law, like donation receipts and Gift Aid information||The charity you donate to or fundraise for||Charities have to send these emails as required by law, as long as you make a donation or claim Gift Aid. To stop receiving these emails, just don't make a donation or claim Gift Aid.|
|Containing communications we're required to provide you by law, like notices about data breaches||everydayhero||We have to send these emails as required by law, as long as you have an everydayhero account. To stop receiving these emails, please contact us to delete your account. We may still send them if a breach occurred you when you were a user.|
Making everydayhero Better: We use aggregated and personal data about you and your use of our Services to develop and test better fundraising tools, to drive our research and development and to better understand our users and charity partners. everydayhero does this analysis using a variety of data sources—transactional data (how you use the Services), click stream and log data (web traffic and Services usage), email data (how you respond to emails we send you), survey data, customer service data and data you agree to share with us from your Connections. We may send you surveys about the Services, but you can opt out of these by visiting the "Manage Notifications" tab in your account and participation is completely voluntary.
We process your personal data on a variety of legal bases depending on the use. Note that the charities who are data controllers with respect to your donation and fundraising data determine the legal basis for our processing of such data, so please contact them for more information.
Under applicable data protection law, everydayhero can process your personal data on one of six legal bases: with your explicit consent, or if it is necessary for the performance of a contract, to comply with a legal obligation, to protect a person's vital interests, for the performance of a task carried out in the public interest or in the exercise of controller's official authority or for legitimate interests of the controller.
everydayhero justifies the following processing activities on the bases listed below:
Linking your everydayhero account with your Connections
Performance of a Contract (aka performing services you request). When you request that we perform certain functions for you, these activities require that we process your personal details, or else we can't perform the function you're requesting:
The functions you can request from us are to:
We may process your personal data for the purposes of our legitimate interests, provided that these uses aren't outweighed by your rights or interests. For any uses we justify on the basis of legitimate interest, you have the right to opt out of such processing here.
Making everydayhero Better: As stated above, we use aggregated and personal data about you and your use of our Services to develop and test better fundraising tools, to drive our research and development and to better understand our users and charity partners. We also send you surveys about our Services, which are voluntary. These activities are necessary to fulfil our interest in creating better tools for enhancing the ecosystem of good by helping us create better technology, better communications and a better website.
Sending Emails: We use charity users' data to send organisations marketing communications about our Services and offerings from our affiliated organisations. We also use your data to send you helpful updates from everydayhero, like updates about new features and recommendations about other campaigns you might like. As for most companies, our ability to send such emails is necessary for our commercial interests and may allow us to expand our base of charity partners and users.
For each of the foregoing purposes, we have conducted a legitimate interest assessment to ensure that such processing isn't overridden by your rights or interests. We employ safeguards, such a formal data governance programme and robust security measures, to protect your privacy.
everydayhero does not conduct automated decision-making on its users.
We may disclose your data to our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR). We also may disclose your information if required by law, requested by law enforcement authorities or to enforce our legal rights. We may share your information in connection with a sale or reorganisation of everydayhero.
Our service providers include:
We also share your personal data with fundraisers and charities as follows:
Fundraisers: If you donate to a fundraising page, we pass on details about you that are already publicly available on the page. In other words, we let the page creator know your display name, your comment (if you've made one) and amount of your donation (if you've chosen not to make it anonymous).
Charities: We share with charities and not-for-profits details about donations made to them and fundraising pages created for their behalf, including your personal data, and they're actually the data controller of such information. For more information, please see the section "How Do Charity Partners Use My Data?" below.
Event Partners and Companies: We sometimes share data about fundraising pages with third parties that host or sponsor events so they can understand who is fundraising for their events and how well fundraising efforts are progressing or performed. The data we share with these event partners and companies includes fundraiser name, the name and creation date of your page, your fundraising target, how much you have raised and the number of donors to your page. If an event benefits multiple charities and you choose to fundraise for a particular charity, event partners and companies will also receive the name of the charity for which you're fundraising. This data is already publicly available on fundraising pages. Event partners and companies don't receive personal data about donors.
As stated above, when you donate to or fundraise for a charity, that charity is the data controller for the personal data related to that transaction and everydayhero only acts on behalf of the charity when it handles that data. This means that such charities are responsible for their own compliance with data protection laws when they use your personal data, and all such use is subject to the charity's own privacy notice. When charities receive your details, they are required to send you their privacy notice. everydayhero is not responsible for charities' use of your personal data or the charities' compliance with applicable laws.
When you donate to or create a fundraising page, everydayhero will ask whether or not you consent to receiving email from the charity about the impact of your donation and other ways to support them including future events, campaigns and appeals. We will pass your consent preference on to the charity.
If you want to change your preferences for a charity to use your data (to contact you or otherwise), please contact the charity directly.
Note that charities receive information about supporters from lots of different sources. We're not the system of record for our charity partners, so we can only collect and evidence your consent to receive email fundraising appeals from our charity partners as you elect on our platform. We cannot reflect any changes in your consent preferences that you make directly with the charity. For example, if you opt in to receive emails from a charity when you make a donation through everydayhero, but then you subsequently opt out by telling the charity, everydayhero won't have a record that you opted out of receiving email from that charity.
Some of our service providers and affiliated organisations may lie outside the EU. Therefore, sometimes we may transfer your data outside the EU. If we do, we ensure your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards, such as model contract clauses, binding corporate rules, or mechanisms like the EU-U.S. Privacy Shield framework. For a copy of such safeguards, please contact us.
If you work for a charity or company that has a business relationship with everydayhero, we use your data in slightly different ways than for individual users of the Services.
We collect a charity user's name, position, work email address and office number. We use this data to enable you to sign into your organisation's account. In addition, we may use your data to perform business services you request. Finally, we will send you the following email communications: operational emails, customer service emails and business marketing emails. You can opt out of receiving emails from us by clicking "unsubscribe" on the bottom of our emails, but you cannot opt out of service emails related to your requests.
We keep your personal data in an identifiable form for as long as we have a legitimate reason to use the data and as required by law. If you would like us to remove any information please contact us.
everydayhero adheres to the Payment Card Industry Data Security Standard (PCI DSS). The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, and Discover.