PUSHPAY PRIVACY POLICY

This Privacy Policy is meant to help you understand how we collect, use and disclose personal data across the websites we operate and the services we provide and how you can exercise your privacy rights.

Last updated: January 19, 2024 – To view an archived version of this page, click here.

QUICK LINKS
We recommend that you read this Privacy Policy in full to ensure you are informed. However, to access a particular section of this Policy, you can click on the relevant link below.

WHO WE ARE

When we refer to “we” (or “our” or “us”), that means Pushpay Holdings Limited and the wholly-owned subsidiaries comprising the Pushpay Group. Church Community Builder, LLC, a Delaware limited liability company (“CCB”), became part of the Pushpay Group in December, 2019 and is wholly owned by Pushpay USA, Inc. CCB maintains its own terms, privacy policy, and data practices with support from Pushpay: you can find out more about CCB and its data practices here.

Our headquarters are in New Zealand but we operate and have offices in the United States. Address details for all Pushpay offices are available on our Contact Us page.

At Pushpay, we build and provide solutions that drive participation and generosity between organizations and their members. For more information, visit the About Us section of our Website.

When you use our Services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.

This notice applies to pushpay.com and any other websites we own or operate (collectively, our “Websites”) and all products and services we provide, including our online and mobile giving, payments, engagement services, products, and applications, and any other apps or services we offer (“Services”).

This Privacy Policy applies to Pushpay and our Websites and Services, as well as the information we collect when you interact with us through other online services. It also applies anywhere it is linked. It does not apply to non-Pushpay Websites and Services that may link to the Services or be linked to or from the Services and it does not apply to CCB which retains its own Privacy Policy available here; please review the privacy policies on those websites and applications to understand their privacy practices.

When we refer to your information, personal data or personal information: we mean identifiable information about you as defined under applicable law. If you can’t be identified (for example, when Personal Data has been aggregated and anonymized) then this notice doesn’t apply. Check out our User Agreement for more information on how we treat your other data.

HOW WE COLLECT YOUR DATA

When you visit our Websites or use our Services, we collect information about you.

Information you provide to us: When you visit or use some parts of our Websites or Services, we receive information from you, including when you register for an account, make a payment, or provide information to us through your use of the Services. We collect the following information from you:

  • Your name and email address when you sign up for an account or take part in training and events;
  • Your name, age, sex, marital status, religious affiliation or denomination, photographs, and any other information you upload when you create a profile.
  • Your postings when you participate in community forums or join us on social media;
  • Your contact information and a record of any correspondence when you contact us.

Failing to provide your information may mean you can’t use some parts of our Websites or Services.

Payment information: Our payment gateway partners will collect and process your payment details when you set up an account for purposes of making or receiving payments. The payment gateway partners’ privacy policy will apply to your payment information.

Information we collect automatically: We collect information about you automatically when you visit our Websites or use our Services. This information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. We collect:

  • Details of your visits to our Websites and information generated in the course of the use of our Websites and Services (including the timing, frequency and pattern of service use) such as traffic data, location data, time zone, weblogs and other communication data, the resources that you access, and how you reached our site.
  • Details regarding the device you use to access our Websites and Services, including, but not limited to, your web browser, IP address, operating system and browser type.
  • Information about how you interact with our ads and newsletters, including whether you open or click links in any correspondence.
  • Information about your precise geolocation, provided that you have enabled collection through your device settings. This location information is used to identify organizations in your proximity and to pinpoint the location of your transactions for security purposes. If you choose to disable any location-based services on your device and/or opt out of any location-based services through the mobile application’s Settings menu, you will not be able to utilize certain features of our services.
  • Information that you make available to us on a social media platform (such as by clicking on a social media icon linked from our Websites or Services), including your account ID or username and other information included in your posts.

This information is useful for us as it helps us get a better understanding of how you’re using our Websites and Services so that we can continue to provide the best experience possible (e.g., by personalizing the content you see).

Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our Cookie Notice.

Your browser or device may include “Do Not Track” functionality. At this time, we do not alter our sites’ data collection and use practices in response to Do Not Track signals.

We may also collect information about you from the organizations, institutions and businesses you elect to associate with in your Pushpay account.

HOW WE USE YOUR INFORMATION

We use your information to operate our Websites and Services and to manage our relationship with you. We use your information for the following purposes:

To provide you with access to our Websites and Services.

To communicate with you by:

  • Providing you with information you’ve requested (like training or education materials) from us, processing your payments, or sending information we are required to send to you;
  • Sending you operational communications related to changes to our Websites or Services, security updates, or assistance with using our Websites or Services;
  • Sending you marketing communications (for example, about a product or service we think you might be interested in, based on your marketing preferences); and
  • Asking you for feedback or to take part in any research we are conducting (which we may engage a vendor to assist with).

To support you: By assisting with the resolution of technical support issues or other issues relating to the Websites or Services.

To administer contests and sweepstakes. We or our advertisers and other business partners may conduct or sponsor special contests, sweepstakes, and other promotions that users may enter or otherwise participate in on our Websites or Services.

To enhance our Services and develop new ones: By tracking and monitoring your use of Websites and Services so we can keep improving, or by carrying out technical analysis of our Websites and Services so that we can optimize your user experience and provide you with more efficient tools.

To protect: By detecting and preventing any fraudulent or malicious activity, and making sure that everyone is using our Websites and Services fairly and in accordance with our terms of use.

To market to you: By using your information to display targeted advertising to you online through our own Websites and Services or through outside websites and their platforms.

To analyze, aggregate and report: By using the information we or our partners collect about you and other users of our Websites and Services to produce aggregated and anonymized analytics and reports, which we may share publicly or with outside parties.

HOW WE SHARE YOUR DATA

We share your information in the following circumstances:

  • With the faith-based organization, educational institution, not for profit organization, or business with which you choose to interact with using Pushpay’s Websites or Services;
  • With other companies in the Pushpay group of companies, including Church Community Builder, LLC.
  • With partners and service providers who assist and enable us to use the information to, for example, support delivery of, or provide functionality on, our Websites or Services, or to market or promote our Services to you.
  • With social media companies where you choose to interact with us through social media, which typically allows the social media company to collect some information about you through cookies they place on your device and other tracking mechanisms. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with the social media company. Please visit the social media companies’ respective privacy policies to better understand their data collection practices and controls they make available to you.
  • With advertisers or other business partners as part of special contests, sweepstakes, and other promotions that users may enter or otherwise participate in on our Websites or Services. In these instances, the collection of your information may occur directly by our partner on its website or other online service and may be shared with us. The promotion will state the privacy policy or policies governing the collection of such information.
  • With regulators, law enforcement bodies, government agencies, courts or other entities where necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
  • With an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business.
  • With others where we have your consent.
INTERNATIONAL DATA TRANSFERS

When we share your data, it may be transferred to, and processed in, countries other than the country you live in – such as the United States, where our data hosting provider’s servers are located. The laws in the United States regarding personal data may be different from the laws of your jurisdiction. Any cross-border transfers of your personal data by us will comply with the safeguards required by us under applicable law. For further information about these international data transfer safeguards for individuals in the European Economic Area (“EEA”), United Kingdom, and Switzerland, please see the section titled “For EEA, UK, and Swiss Users Only” below, and its sub-section “International Data Transfers (for EEA, UK, and Swiss Users Only)”.

FOR EEA, UK, AND SWISS USERS ONLY

Legal Basis (For EEA, UK, and Swiss Users Only)
If you are a visitor from the EEA, UK, or Switzerland, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. Where we collect personal data, we typically only process it:

  • to perform a contract with you;
  • when you provide consent;
  • where we have legitimate interests to process the personal data and they’re not overridden by your rights; or
  • in accordance with a legal obligation.

International Data Transfers (For EEA, UK, And Swiss Users Only)

For individuals in the EEA, UK, and/or Switzerland, your personal data will be transferred outside of your jurisdiction. Where your personal data is transferred outside the EEA, UK, and/or Switzerland, it will only be transferred to jurisdictions that have been identified as providing adequate protection for such personal data (like New Zealand), or under an approved data transfer mechanism such as Standard Contractual Clauses.

Pushpay complies with the EU-US Data Privacy Framework (“EU-US DPF”) and the UK Extension to the EU-US DPFas set forth by the US Department of Commerce.

The DPF Principles are: Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability when processing such personal data. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern.

Pushpay’s compliance with the DPF Principles is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pushpay is responsible for the processing of EEA, UK, and/or Swiss personal data it receives in the US which it then subsequently transfers to a third party acting as its agent. If such third party agent processes your personal data in a manner inconsistent with the DPF Principles, then CCB will remain responsible for such third party, unless we can prove we are not responsible for the event giving rise to the damage.

In certain situations, Pushpay may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

SECURITY

Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organizational measures in place to make sure that happens. We use a variety of technologies and procedures to help protect information from unauthorized access, use or disclosure. When we transmit sensitive information (such as credit card numbers), we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Pushpay is a level 1 certified PCI-DSS compliant provider. PCI Data Security Standards are endorsed by Visa, MasterCard, American Express and all other leading card brands. For more information about security, check out our Security Page.

RETENTION

We may retain your personal data for a period of time consistent with the original purpose of collection, including to pursue our legitimate business interests, comply with our legal, tax or accounting requirements, resolve disputes and enforce applicable agreements.

YOUR RIGHTS
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, click on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or send your request to privacy@pushpay.com

You also have rights to:

  • know what personal data we hold about you, and be able to check to make sure it’s correct and up to date;
  • request a copy of your personal data, or ask us to restrict processing your personal data or delete it; and
  • object to our continued processing of your personal data.

You can exercise these rights at any time by sending an email to privacy@pushpay.com or by contacting us using the contact details provided under “How to contact us” below.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

If you’re not happy with how we are processing your personal data, please let us know by sending an email to privacy@pushpay.com. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also contact your local data protection authority. They will be able to advise you how to submit a complaint.

CHILDREN’S INFORMATION

Our Website and Services are intended for a general audience and not directed to children under 16 years of age. If we discover that we have inadvertently collected information from anyone younger than the age of 16, we will delete that information. If you believe we have collected personal data from children, please contact us at the email address listed below.

CHOICES YOU HAVE
You can always opt not to disclose information. However, if you elect to do so, we will likely be limited in responding to your inquiry or providing services to you.

You can opt-out of receiving marketing messages from us by unsubscribing through the unsubscribe or opt-out link in an email, or by sending an email to privacy@pushpay.com. We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.

YOUR RIGHTS
In addition to the rights above, depending on the circumstances you also have the right to:

  • request portability of your personal data, or delete it; and
  • if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

HOW TO ACCESS, CORRECT, AMEND OR REMOVE INFORMATION ABOUT YOU.
If you would like to access, correct, amend, remove or limit the use or disclosure of any personal data about you that has been collected and stored by us, or have it transferred to another organization, please notify us at privacy@pushpay.com so that we may consider and respond to your request in accordance with applicable law. If you would like to object to the processing of your personal data for direct marketing purposes, please use the mechanisms outlined in the Choices You Have Section.

  • For your protection, we only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we need to verify your identity before implementing your request. We will respond to your request within 30 days.
  • Please note that we need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such access, change or deletion.

UPDATES TO THIS PRIVACY POLICY
We may amend this Privacy Policy from time to time. The “Effective Date” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes to this Privacy Notice will become effective when we post the revised Privacy Policy on our Website.

HOW TO CONTACT US

We’re always happy to hear from you. If you’re curious about what information we hold about you or you have a question or feedback for us on this notice or our Websites or Services, please reach out and get in touch.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.

Pushpay has appointed Aaron Senneff as internal data protection officer. You may contact the privacy team if you have any questions or concerns about how we handle your personal information or our privacy policies and practices via any of the following means. Our email is privacy@pushpay.com, our mailing address is Pushpay, Attention: Privacy Team, 18300 Redmond Way, Suite #300, Redmond, Washington 98052, or you can reach us by phone at +1(425) 202-8558 or toll free at +1(844) 249-7285.

In compliance with the DPF Principles, we commit to resolve DPF-related complaints within forty-five (45) days of receipt.

We have further committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If neither Pushpay nor our designated independent recourse mechanism, JAMS, is able to resolve your DPF-related complaint, then an individual may, under certain conditions, be able to invoke binding arbitration for the resolution of your complaint. To find out more about the DPF’s binding arbitration scheme, please see https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.

YOUR CALIFORNIA PRIVACY RIGHTS

Residents of the State of California have the right to request information regarding third parties to whom companies have disclosed certain categories of their information during the preceding year for the third parties’ direct marketing purposes. We do not disclose personal information to third parties for the third parties’ direct marketing purposes.

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “personal information,” as well as rights to access and control personal information. The CCPA defines “personal information” to mean “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered publicly available information (i.e., it is made available by a government entity) or covered by a federal privacy law, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.

To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and our rights are described below.

Right to Information Regarding the Categories of Personal Information Collected, Sold, and Disclosed

The following is a description of our data collection practices, including the personal information we collect, the sources of that information, the purposes for which we collect information, and whether we disclose that information to external parties. We may use any and all of the information for any of the purposes described in this Policy, unless limitations are listed. The categories we use to describe the information are those enumerated in the CCPA.

  • Personal Identifiers:
  • We collect your name, billing address, shipping address, email address, and telephone number when you create an account, complete a transaction, or otherwise communicate with us. We collect your email address when you subscribe to our newsletter. If you choose to create an account, you will also be asked to create a username, and we will assign one or more unique identifiers to your profile.
  • We collect your payment information when you complete a transaction.
  • We collect your IP address automatically when you use our Websites and Services.
  • We collect your Device ID automatically when you use our Websites and Services.
  • Protected Classifications: We may collect your age, gender, and religion when you provide it when creating a profile. We do not collect information related to your race, ethnic origin, or sexual orientation.
  • Commercial Information: When you engage in transactions with us, we create records of goods or services purchased or considered or donations made, as the case may be, as well as your donation, purchasing or consuming histories or tendencies.

 

  • Biometric Information: We do not collect information about your physiological, biological, and behavioral characteristics.
  • Internet or Other Electronic Network Activity Information: We collect information about your browsing history, search history, information regarding your interaction with websites, and applications or advertisements automatically when you utilize our Websites or Services.
  • Geolocation Data: As described above, we collect your IP address automatically when you use our Services. We may be able to determine your general location based on your IP address. If you allow your device to provide us with this information, we use it to make improvements to our products and services, and to provide recommendations and deliver relevant advertising.
  • Audio, electronic, visual, thermal, olfactory, or similar information: If you contact us via phone, we may record the call. We will notify you if a call is being recorded at the beginning of the call.
  • Professional or employment-related information: We do not collect your professional or employment-related information.
  • Education information: We do not collect any information about the institutions you have attended or the level of education you have attained.
  • Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We analyze your actual or likely preferences through a series of computer processes and add our observations to your internal profile. We use this information to gauge and develop our marketing activities, measure the appeal and effectiveness of our services, applications, and tools, and to provide you with targeted information, advertisements, and offers.

We may also collect information about you from the organizations, institutions and businesses you elect to associate with in your Pushpay account.

We may share any of the above-listed information with service providers, which are external parties that we engage for business purposes and are restricted from using personal information for any purpose that is not related to our engagement. The categories of service providers with whom we share information and the services they provide are described in this Policy.

We may also disclose information to other external parties who are not listed here when required by law or to protect our company or other persons, as described in this policy.

Right to Access Information

You have the right to request access to personal information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect your personal information, we will verify your identity before we act on your request.

Right to Request Deletion of Information

You have the right to request in certain circumstances that we delete any personal information that we have collected directly from you. To protect your personal information, we will verify your identity before we act on your request.

Right to Information Regarding Participation in Data Sharing for Financial Incentives

We run promotions from time to time and offer online resources whereby we incentivize you to share certain pieces of information with us. Participation in these incentives is voluntary and you may opt out of the data sharing at any time.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights under the CCPA.

Right to Opt Out of Sale of Personal Information to Third Parties

You have the right to opt out of any sale of your personal information by Pushpay to third parties. Pushpay does not sell personal information, so we do not have an opt-out.

Special Information for Nevada Residents

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. If you are a Nevada resident and would like to make such a request, please email privacy@pushpay.com.

Additional Information Concerning Use or Access to YouTube Services

Click here for more information.

VeraSafe

The following as been updated and added as of July 25, 2022:

VeraSafe has been appointed as Pushpay’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to Pushpay’s Privacy Officer, only on matters related to the processing of personal data.

To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd. Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland

VeraSafe has been appointed as Pushpay’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of Pushpay’s Privacy Officer, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003. Alternatively, VeraSafe can be contacted at: VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom.