Privacy Policy
Visit.org, Inc. (together with its affiliated companies - “Visit.org”, “we”, “our” or “us”) puts great effort into making sure that your personal data is kept safe and used properly and responsibly.
Visit.org’s platform (the “Platform”) allows users to register for social impact team experiences (“Experiences”), benefiting local nonprofits and social ventures (“Nonprofit Partners”). This Privacy Policy describes how we collect, store, use and disclose the following types of personal data in connection with our Platform, as well as our activities generally (together with our Platform, our “Services”):
-
When you create an account with us– this relates to either:
-
individuals who are registered users of our Platform, and includes information associated with their interactions with our Platform (“Account Users”); or
-
individuals who are registered by our Nonprofit Partners or by our corporate partners (“Corporate Partners”) as “administrators” in our Platform, and includes information associated with their interactions with our Platform (“Admin Users”);
-
-
Website visitors, CRM data & prospects data– this relates to visitors to our website, participants at our events, business clients, Corporate Partners, Nonprofit Partners and any prospective clients, partners, employees or volunteers who visits or otherwise interacts with any of our websites, online ads and content, emails or other communications (“Visit.org Sites” or “Sites”).
Specifically, this Privacy Policy describes our practices regarding –
If you are an Account User, visitor, partner or prospect (“you”) - please read this Privacy Policy carefully and make sure that you fully understand and agree to it.
You are not legally required to provide us with any personal data, and you are free to do so or not to do so. If you do not wish to provide us with your personal data, or to have it processed by us or any of our Service Providers (defined below), please refrain from accessing, using or registering to our Services.
(i) Account Users: Our Platform allows users to register and receive their own individual account, which then enables them to then sign up for Experiences based on their personal preferences, and track past Experiences they have performed.
We collect and generate the following types of personal data relating to Account Users –
-
Account Information – full name, e-mail address, password, current department, company name, physical address, uploaded user profile image, and similar information as detailed by our Corporate Partner.
-
Experiences Information – the Experiences you took part of or registered for;
-
Usage Information – connectivity, technical and aggregated usage data and activity logs, log-in and log-out time, user agent, IP addresses and the cookies and pixels installed or utilized on their device;
-
Direct Interactions and Communications with us – including recordings and transcripts of the experiences you took part of, as well as your calls, emails, form submissions and chats with us, e.g. for customer support, feedback, training purposes, etc.
-
Chat & Feedback – including information provided by an Account User regarding an Experience or a specific Nonprofit Partner such as feedback, surveys, and chats with Nonprofit Partners.
-
Donations - charitable donation amounts you make to a Nonprofit Partner through our platform as well as limited and sanitized payment information to support issuance of donation receipts.
With respect to information pertaining to Account Users we are the ‘data controller’, which means we determine the purpose and the scope of the processing.
(ii) Visit.org Sites Usage, CRM & Prospect Data: We collect and generate the following types of personal data concerning our website visitors, partners and prospects –
-
Visit.org Sites usage information - connectivity, technical and aggregated usage data, such as user agent, IP addresses, device data (like device type, OS, device ID, browser version, location setting, timezone, and language settings used), activity logs, session recordings, and the cookies and pixels installed or utilized on our Sites and/or a user’s device;
-
Business Account Information - contact details, contractual and billing details relating to our Partners, which may also contain the details of their internal focal persons who directly engage with Visit.org on behalf of their organization, e.g. the account administrators, billing contacts and authorized signatories on behalf of our Corporate Partner, as well as the needs and preferences of the Corporate Partner or Nonprofit Partner, as identified to us or recognized via our engagement with them;
-
Information Concerning Employment Prospects - contact and business details, our communications with prospects (correspondences, call and video recordings, call transcripts, and analyses thereof), as well as any needs, preferences, attributes and insights relevant to our potential engagement.
We collect this data either automatically, through your interaction with us or with our Sites or Services; or through third party services, social media, analytics tools, events we organize or participate in, and other business initiatives.
To the extent that any of the above-mentioned data pertains only to a non-human entity (e.g., the phone number or bank account of a company or business), we will not regard it as “personal data” and this Privacy Policy will not apply to it.
We use personal data as necessary for the facilitation and performance of our Services; to comply with our legal and contractual obligations; and to support our legitimate interests in maintaining and improving our Services; providing customer service and technical support; and protecting and securing our users, Partners, ourselves and our Services.
If you reside or are using the Services in a territory governed by privacy laws under which "consent" is the only or most appropriate legal basis for the processing of personal data (in general, or specifically with respect to the types of personal data you expect or elect to process or have processed by or via the Services, e.g. ‘special categories’ under the GDPR), your acceptance of our Privacy Notice and this Privacy Policy will be deemed as your consent to the processing of your personal data for all purposes detailed in this Policy. If you wish to revoke your consent, please contact us at privacy@visit.org
We do not sell your personal information.
​
Specifically, we use personal data for the following purposes:
-
To facilitate, operate, and provide our Services;
-
To authenticate the identity of the Admin Users and to allow them to access and use our Services;
-
To provide assistance and support to our Corporate Partners , our Nonprofit Partners and their employees;
-
To gain a better understanding on how users use and interact with our Services, and how we can improve user experience, and continue improving our products, offerings and the overall performance of our Services;
-
To contact you with general or personalized service-related messages, as well as promotional messages that may be of specific interest to you (as further described in Section 6 below);
-
To facilitate, sponsor and offer certain events, contests and promotions;
-
To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity;
-
To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our business partners may use to provide and improve our respective services, or for any other purpose; and
-
To comply with applicable laws and regulations.
Data Location: Your personal data may be maintained, processed and stored by us and our authorized Service Providers (defined below) in multiple locations, including in the United States and Europe, and the Philippines, as reasonably necessary for the proper performance and delivery of our Services, or as may be required by law.
While privacy laws may vary between jurisdictions, Visit.org and its Service Providers are each committed to protect personal data in accordance with this Privacy Policy, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
Data Retention: We will retain your personal data for as long as it is reasonably necessary for us to maintain our relationship with you and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from, or defend, any potential or actual disputes (i.e. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our contractual terms and data retention policy.
Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you. If you have any questions about our data retention policy, please contact us by e-mail at privacy@visit.org.
Legal Compliance: In exceptional circumstances, we may disclose or allow government and law enforcement officials access to your personal data, in response to a subpoena, search warrant or court order (or similar requirement) and where such disclosure is necessary to comply with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; or (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect the security or integrity of our Services.
Service Providers: We engage selected third-party companies and individuals to perform services complementary to our own. Such service providers hosting and server co-location services, communications and content delivery networks (CDNs), billing and payment processing services, data and cyber security services, fraud detection and prevention services, web and mobile analytics, e-mail, text messages and web/mobile notification distribution, monitoring and analytics services, data optimization and marketing services, social and advertising networks, content providers, e-mail, voicemails, support and customer relation management systems, call and session recording services, and our legal, financial and compliance advisors (collectively, “Service Providers“).
These Service Providers may have access to your personal data, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such limited purposes as determined in our agreements with them. Should you decide to directly engage with any of our Service Providers, please note that such engagement is beyond the scope of our Terms and Conditions and Privacy Policy, and will therefore be covered by our Service Provider’s terms and policies.
Our Service Providers are ‘data processors’ in circumstances where we assume the role of ‘data controller’; and where we act as the ‘data processor’ for our Corporate Partner, the Service Provider is our ‘sub-processor’ (as further described in Section 9 below).
Third Party Websites and Services: Our Services may also include links to third-party websites, and integrations with third party services. These websites and third-party services, and any information you process, submit, transmit or otherwise use with such websites and third-party services, are governed by the third party’s terms and privacy practices and policies, and not by this Privacy Policy. We encourage you to carefully read the terms and privacy policies of such website and third-party services.
Sharing Personal Data with our Corporate Partners: We may share your personal data with the Corporate Partner who owns the account with which you are associated as an employee – including data and communications concerning your use of the Services or other interactions with us. In such cases, sharing this data means that the account’s administrator(s) or other individuals in the organization (e.g. the Admin User) may access it on behalf of our Corporate Partner, and will be able to monitor and review data concerning your interaction with our Services, as well as access any personal data that you submitted to the Service. We may also share employee donation amounts with our Corporate Partners to support donation matching and reporting.
Sharing Personal Data with our Nonprofit Partners: We may share your personal data with the Nonprofit Partners relating to Experiences you’ve performed (for example, we may share your name and address if they need to ship you any goods for the purpose of the Experience), and any feedback you may have provided relating to those Experiences. If you choose to opt in, we may also share your name and donation amount with our nonprofit partners.
Protecting Rights and Safety: We may share your personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of Visit.org, any of our users, partners or clients, or any members of the general public.
Our Subsidiaries and Affiliated Companies: We may share personal data internally within our group of companies, for the purposes described in this Privacy Policy. In addition, should we or any of our subsidiaries or affiliates undergo, or propose to undergo, any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of our assets, your personal data may be shared with the parties involved in such an event. If we believe that such change in control might materially affect your personal data then stored with us, we will notify you of this event and the choices you may have via e-mail or prominent notice on our Services.
We may share your personal data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may transfer, share or otherwise use non-personal data at our sole discretion and without the need for further approval.
When you sign up for an Experience, we do not directly share any personal data with the Organization where you choose to perform the Experience. This information may be collected by the Organization directly when you perform the Experience, in which case the Organization will be the ‘Data Controller’ and this will be beyond the scope of our Terms and Conditions and this Privacy Policy.
Cookies are packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie. Some cookies are removed when you close your browser session. These are “Session Cookies”. Some last for longer periods and are called “Persistent Cookies”. We use both types.
We use Persistent Cookies to remember your log-in details and make it easier for you to log-in the next time you access the Services. We may use this type of cookies and Session Cookies for additional purposes, to facilitate the use of the Services’ features and tools.
Every browser allows you to manage your cookies preferences. Please bear in mind that disabling cookies may complicate or even prevent you from using certain parts of features of the Services.
We also use analytics tools such as Google Analytics. These tools help us understand your behavior on our Services, including by tracking page content, and click/touch, movements, scrolls and keystroke activities. Further information about the privacy practices of our google analytics is available at: www.google.com/policies/privacy/partners/;
Further information about your option to opt-out of google analytics services is available at: https://tools.google.com/dlpage/gaoptout.
Please note that if you get a new computer or device, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), you may also clear the opt-out cookies installed once you opt-out, so an additional opt-out will be necessary to prevent additional tracking.
Service Communications: We may send you notifications (through any of the means available to us, including by email, SMS and mobile notifications) of changes or updates to our Services, billing issues, service changes, etc. You can control some of these notifications settings. However, please note that you will not be able to opt-out of receiving certain service communications which are integral to the operation of our Services and their use (like billing notices).
Promotional Communications: We may also notify you about new features, additional offerings, better ways to use the Services, events and special opportunities or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone, SMS, or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.
If you do not wish to receive such promotional communications, you can notify us at any time by writing to privacy@visit.org, or by following the “unsubscribe”, “stop”, “opt-out” or “change e-mail preferences” instructions contained in the promotional communications you receive.
We and our hosting services implement systems, applications and procedures to secure your personal data, and to reduce the risks of theft, damage, loss of data, or unauthorized access or use of personal data. These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
Individuals have rights concerning their Personal Data. If you wish to exercise your privacy rights under any applicable law, including the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), such as the right to request access to, and rectification or erasure of your Personal Data held by Visit.org, or to restrict or object to your Personal Data’s processing, or to exercise your rights to portability with respect to your Personal Data or your right to equal services and prices (each to the extent available to you under the laws which apply to you) – please contact us at: privacy@visit.org.
Please note that when you ask us to exercise any of your rights under this policy or applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of personal information related to others and to ask you to provide further information to better understand the nature and scope of data that you request to access. Such additional data will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request), in accordance with Section 3 above.
We may redact from the data which we will make available to you, any personal data related to others.
Certain data protection laws and regulations, such as the GDPR or the CCPA, typically distinguish between two main roles for parties processing Personal Data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.
​
Visit.org is the “data processor” of personal data pertaining to Account users which we process on behalf of our Corporate Partner (who is the “data controller” of such data, and our Service Providers and our affiliated companies who process such data on our behalf are the “sub-processors” of such data). When we are the data processor, our activity is conducted strictly in accordance with our Corporate Partner’s reasonable instructions and as further stipulated in a Data Processing Agreement and other commercial agreements with such Corporate Partner. The Corporate Partner, as controller of such personal data, will be responsible for meeting any legal requirements applicable to data controllers (such as establishing a legal basis for processing and responding to Data Subject Rights requests concerning the data they control).
10. Additional Notices & Contact Details
Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an amended version on our Website and Platform. The amended version will be effective as of the date it is published. We will provide prior notice if we believe any substantial changes are involved via any of the communication means available to us or via the Services. After such notice period, all amendments shall be deemed accepted by you.
External Links: While our Services may contain links to other websites or services, we are not responsible for their privacy practices. We encourage you to pay attention when you leave our Services for the website or application of such third parties, and to read the privacy policies of each and every website and service you visit. This Privacy Policy applies only to Visit.org’s Services.
Protecting Children’s Privacy: We may collect personal data in the form of name and email address from children who are affiliated with Non-Profit Organizations (NPO) and who have received parental or guardian consent to participate in programs offered by the NPO, including those programs associated with Visit.org. We do not knowingly collect personal information from persons under the age of 16 without parental consent. We take appropriate measures to safeguard the personal information we collect from children under 16, including limiting access to the information and using reasonable security measures to protect against unauthorized access, disclosure, alteration, or destruction. If we discover that we have collected personal information from a person under the age of 16 without parental consent provided via the NPO, we will take steps to delete the information as soon as possible. NPOs and parents of minors associated with NPOs have the right to review the personal information we have collected from their child, request that we delete the information, and refuse to allow us to collect or use any further information from their child. To exercise these rights, please contact us at privacy@visit.org.
EU / UK Representative:
UK
Prighter Ltd
20 Mortlake Mortlake High Street,
London, SW14 8JN
UNITED KINGDOM
EU
Maetzler Rechtsanwalts GmbH &
Co KG
Schellinggasse 3/10, 1010 Vienna
AUSTRIA
Policy Effective Date: June 13, 2023