Last updated: February 26, 2020 – To view an archived version of this page, click here
- Who We Are
- Our Principles of Data Protection
- How We Collect Your Data
- How We Use Your Data
- How We Share Your Data
- International Data Transfers
- EU-US and Swiss-US Privacy Shield Frameworks
- Location Based Services
- Integrated Services
- For Children
- For EEA and Swiss Users
- Your Rights
- Contact Us
When we refer to “we” (or “our” or “us”), that means Pushpay Holdings Limited and the wholly-owned subsidiaries comprising the Pushpay Group. Our headquarters are in New Zealand but we operate and have offices in the United States. Address details for all Pushpay offices are available on our Contact Us page.
At Pushpay, we build and provide solutions that drive participation and generosity between organizations and their members. For more information, visit the About Us section of our Website.
When you use our Services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.
This notice applies to pushpay.com and any other websites we own or operate (collectively, our “Website”) and all products and services we provide, including our online and mobile giving, payments, engagement services, products, and applications, and any other apps or services we may offer. For the purpose of this notice, we’ll just call them our “Services.”
When we say “Personal Data” or “personal information”: we mean identifiable information about you, including like your name, email, address, telephone number, bank account details, payment information, or other online identifiers. If you can’t be identified (for example, when Personal Data has been aggregated and anonymized) then this notice doesn’t apply. Check out our User Agreement for more information on how we treat your other data.
Our approach to data protection is built around three key principles. They’re at the heart of everything we do relating to Personal Data.
Trust: Trust is very important to us and we know it’s important to you. When you entrust us with Personal Data, we understand this is a big responsibility and being good data stewards is of paramount importance to us.
Transparency: We are open, honest and transparent in how we treat your Personal Data.
Security: We believe that faith-based organizations, not-for-profits, and all organizations deserve access to solutions that champion leading approaches to security. We’re committed to protecting your Personal Data and have appropriate technical and organisational measures in place designed to keep your data safe and secure. For more information about security, check out our Security Page.
When you visit our Website or applications, or use our other Services, we collect Personal Data. The ways we collect it can be broadly categorized into the following:
Information you provide to us directly: When you visit or use some parts of our Website, applications and/or other Services, we may receive information from you, for example, when you register for an account, make a payment, or provide information to us in any other way through your use of the Services. For example, we ask for your contact information when you sign up for an account, respond to a job application or an email offer, participate in community forums, join us on social media, take part in training and events, contact us with questions or request support, and you may provide us with payment details when you set up an account for purposes of making or receiving payments. If you don’t want to provide us with Personal Data, you don’t have to, but it might mean you can’t use some parts of our Website, applications, or other Services.
Information we collect automatically: We collect some information about you automatically when you visit our Website, applications, or use our other Services, like your IP address and device type. We also collect information when you navigate through our Website, applications, or other Services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our Website, applications and other Services so that we can continue to provide the best experience possible (e.g., by personalizing the content you see).
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our Cookie Notice.
Information we get from third parties: The majority of information we collect, we collect directly from you. Sometimes we might collect Personal Data about you from other sources, such as individuals or organizations who use our Services, publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the Personal Data we already hold about you, in order to better inform, personalize and improve our services, and to validate the Personal Data you provide.
First and foremost, we use your Personal Data to operate our Website and applications and provide you with any other Services you’ve requested, and to manage our relationship with you. We also use your Personal Data for other purposes, which may include the following:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like training or education materials) or information we are required to send to you;
- operational communications, like changes to our Website, applications, or other Services, security updates, or assistance with using our Website, applications, or other Services;
- marketing communications (for example, about a product or service we think you might be interested in based on your marketing preferences); and
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
To support you: This may include assisting with the resolution of technical support issues or other issues relating to the Website, applications, or other Services, whether by email, in-app support or otherwise.
To enhance our Services and develop new ones: For example, by tracking and monitoring your use of Website, applications, and other Services so we can keep improving, or by carrying out technical analysis of our Website, applications, and other Services so that we can optimize your user experience and provide you with more efficient tools.
To market to you: In addition to sending you marketing communications, we may also use your Personal Data to display targeted advertising to you online – through our own Website, applications, and other Services or through third party websites and their platforms.
To analyze, aggregate and report: We may use the Personal Data we collect about you and other users of our Website, applications, and Services (whether obtained directly or from third parties) to produce aggregated and anonymized analytics and reports, which we may share publicly or with third parties.
There will be times when we need to share your Personal Data with third parties. We will only disclose your Personal Data to:
- other companies in the Pushpay group of companies;
- third party service providers and partners who assist and enable us to use the Personal Data to, for example, support delivery of, or provide functionality on, our Website, applications, or our Services, or to market or promote our Services to you;
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business; and
- others where we have your consent.
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose Personal Data to a third party in another country, we put safeguards in place to ensure your Personal Data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your Personal Data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your Personal Data – for example, by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out in the Contact us section below.
With respect to Personal Data concerning individuals in the EU and Switzerland, the United States incorporated subsidiaries of the Pushpay Group (the “U.S. Subsidiaries”) comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce. The U.S. Subsidiaries are Pushpay USA Inc., Pushpay Inc., Pushpay Processing Inc., Bluebridge Churches LLC and NPO Apps Inc.
U.S. Subsidiaries adhere to and will abide by the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability when processing such Personal Data.
U.S. Subsidiaries are responsible for the processing of Personal Data received under each Privacy Shield Framework and transferred to a third party acting as an agent on its behalf. U.S. Subsidiaries comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EEA and Switzerland, including the onward transfer liability provisions unless proven not responsible for the event giving rise to the damage.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, U.S. Subsidiaries are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, U.S. Subsidiaries may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review the certification on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Please refer to Privacy Shield Annex I for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Our Services may contain interactive functionality that allows you to engage with other users on the services, post comments to forums, to make prayer requests, to upload photographs and other content (which we refer to as “User Materials“), participate in surveys, and otherwise to interact with our Services and with other users. If you use any interactive functionality on our Services that request or permit you to provide us with Personal Data (including, for example, any services that allow you to post User Materials on any of our Services), we collect the Personal Data that you provide to us in the course of using these interactive features.
CONTESTS AND SWEEPSTAKES
Pushpay partners with payment gateways to process credit card payments and those gateways maintain their own privacy policies. Please consult those policies for details on how your Personal Data will be handled by those partners.
Security is a priority for us when it comes to your Personal Data. We’re committed to protecting your Personal Data and have appropriate technical and organisational measures in place to make sure that happens. For more information about security, check out our Security Page.
Pushpay is committed to data security. Pushpay uses a variety of technologies and procedures to help protect Personal Data from unauthorized access, use or disclosure. For example, Pushpay stores the data in computer servers with limited access that are located in controlled facilities secured by the latest in surveillance and security technology. When Pushpay transmits sensitive information (such as a credit card numbers), Pushpay protects it through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Pushpay is a level 1 certified PCI-DSS compliant provider. PCI Data Security Standards are endorsed by Visa, MasterCard, American Express and all other leading card brands.
We will retain your Personal Data for a period of time consistent with the original purpose of collection, including to pursue our legitimate business interests, comply with our legal, tax or accounting requirements, resolve disputes and enforce applicable agreements.
It’s your Personal Data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, click on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or send your request to firstname.lastname@example.org
You also have rights to:
- know what Personal Data we hold about you, and be able to check to make sure it’s correct and up to date;
- request a copy of your Personal Data, or ask us to restrict processing your Personal Data or delete it; and
- object to our continued processing of your Personal Data.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
If you’re not happy with how we are processing your Personal Data, please let us know by sending an email to email@example.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also contact your local data protection authority. They will be able to advise you how to submit a complaint.
Our Website, applications, and other Services are intended for a general audience and not directed to children under 13 years of age. We do not intend to collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA“) (which we refer to as “children’s personal data”) in a manner that is not permitted by COPPA, or by applicable data protection laws. If you are a parent or guardian and believe we have collected children’s personal data in a manner not permitted by COPPA, please contact us by sending a letter to the email address listed under “How to contact us” (Attention: Legal) and we will remove such data to the extent required by COPPA or by applicable data protection laws.
Parents may want to consider commercially available parental control protections to limit what minors can access online and/or monitor their minor children’s online activities. Examples include: www.netnanny.com, www.webwatcher.com and www.sentrypc.com. We do not endorse these or other services and are not responsible for them.
By using any of our Website, applications or other Services, you represent that you are at least the age of majority in your state or province of residence.
For Individuals from the EEA or Switzerland, the following terms also apply.
Legal Basis (For EEA And Swiss Users Only)
If you are a visitor from the EEA or Switzerland, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. Where we collect Personal Data, we typically only Process it:
- to perform a contract with you;
- when you provide consent;
- where we have legitimate interests to process the Personal Data and they’re not overridden by your rights; or
- in accordance with a legal obligation.
International Data Transfers (For EEA And Swiss Users Only)
Your data may be transferred outside of the EEA or Switzerland. Where your Personal Data is transferred outside the EEA or Switzerland, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your Personal Data – for example, by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us using the details set out in the Contact us section below.
In compliance with the Privacy Shield Principles, we, the Pushpay Group commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us by email at firstname.lastname@example.org, by mail at Pushpay, Attention: Privacy Team, 18300 Redmond Way, Suite #300, Redmond, Washington 98052, or by phone at: +1(425) 202-8558.
We, the Pushpay Group, have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
HOW TO ACCESS, CORRECT, AMEND OR REMOVE INFORMATION ABOUT YOU.
If you would like to access, correct, amend, remove or limit the use or disclosure of any Personal Data about you that has been collected and stored by us, or have it transferred to another organization, please notify us at email@example.com so that we may consider and respond to your request in accordance with applicable law. If you would like to object to the processing of your Personal Data for direct marketing purposes, please use the mechanisms outlined in the Choices You Have Section.
For your protection, we only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we need to verify your identity before implementing your request. We will respond to your request within 30 days.
Please note that we need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such access, change or deletion.
You can always opt not to disclose information. However, if you elect to do so, we will likely be limited in responding to your inquiry or providing services to you.
You can opt-out of receiving marketing messages from us by unsubscribing through the unsubscribe or opt-out link in an email, or by sending an email to firstname.lastname@example.org. We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.
In addition to the rights above, depending on the circumstances you also have the right to:
- request portability of your Personal Data, or delete it; and
- if we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
We’re always happy to hear from you. If you’re curious about what Personal Data we hold about you or you have a question or feedback for us on this notice, our Website, applications, or other Services, please reach out and get in touch.
As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is email@example.com, our mailing address is Pushpay, Attention: Privacy Team, 18300 Redmond Way, Suite #300, Redmond, Washington 98052, or you can reach us by phone at +1(425) 202-8558.