Last Modified: May 16, 2018
iWave Information Systems Inc. (“iWave”) is committed to protecting the privacy of individuals who visit our websites, individuals who register to use our Services (“Customers”), and Customer data used to research donors and prospective donors (“Donors”). This Privacy Statement describes iWave’s privacy practices in relation to the use of our websites and services offered by iWave (the “Services”), including: https://www.iwave.com; https://pro.iwave.com; https://verigift.iwave.com; and https://api.iwave.com.
iWave’s Services may contain links to other websites. The information practices or the content of such other Websites is governed by the privacy statements of such other websites. iWave encourages you to review the privacy statements of the other websites to understand their information practices.
iWave follows Information Security best practices to ensure personal information and sensitive Donor information is not disclosed or used for any other purpose from which it was intended. Our policies help ensure the Health Insurance Portability and Accountability Act (HIPAA), the Personal Information Protection and Electronic Documents Act (PIPEDA), Standards for Attestation Engagements (SSAE16), and other similar standards are met.
When expressing an interest in obtaining additional information about our Services or registering to use the Services, iWave requires you to provide personal contact information, such as name, company name, address, phone number, and email address. When purchasing the Services, iWave may require you to provide billing information, such as billing name and address, credit card number, and the number of employees and name of employees within the organization that will be using the Services.
As you navigate iWave’s Services, we may also collect navigational information using cookies. Website navigational information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the websites (such as the web pages viewed and the links clicked). When using iWave Services, in addition to the data collected above, we collect usage information on what features you use and how you use it (number of searches completed, datasets used, filters used, number of profiles created, etc).
iWave uses data about iWave Customers to perform the services requested. For example, if you fill out a “Contact Me” or “Free Trial” Web form, iWave will use the information provided to contact you about your interest in the Services.
iWave may also use customer information and prospective customer information for marketing purposes. For example, iWave may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding iWave, such as information about promotions or events.
iWave uses credit card information solely to check the financial qualifications and collect payment from existing Customers and prospective Customers.
iWave uses website navigational information to operate and improve our Services. The Company may also use website navigational information alone or in combination with Customer information and prospective Customers information to provide personalized information about iWave.
iWave uses Service usage information to anticipate Customer needs which will assist in improving usability and functionally of our Services. This data also provides iWave with context of each user, so that we can be more helpful in supporting you.
When you use iWave’s Services, Internet Protocol (“IP”) addresses are collected to track and aggregate non-personal information. For example, iWave uses IP addresses to monitor the regions from which Customers and Visitors navigate our Services.
iWave also collects IP addresses from Customers when they log into the Services as part of iWave’s “Identity Confirmation” and “IP Range Restrictions” security features.
Social Media Features
iWave Customers may electronically submit data or information to the Services for hosting and processing purposes. iWave will not review, share, distribute, or reference any such Customer Data except as may be required by law. In accordance with the iWave Subscription Agreement, iWave may access Customer Data only for the purpose of providing the Services, providing customer support, preventing or addressing service or technical problems, or as may be required by law.
iWave may share Customer information with service providers such as third-party social networking and media websites for marketing and advertising on those websites. Unless described in this Privacy Statement, iWave does not share, sell, rent, or trade any information, including Donor information, with third parties for their promotional purposes or for any other purpose from which it was intended.
This Privacy Statement sets forth the information iWave collects on its websites and the information we share with third parties. iWave does not authorize the collection of personal information by third parties through advertising technologies deployed on our websites, nor do we share personal information with any third parties collected from its websites, except as provided in this Privacy Statement.
iWave uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on iWave’s behalf.
iWave reserves the right to use or disclose information provided if required by law or if iWave reasonably believes that use or disclosure is necessary to protect its rights and/or to comply with a judicial proceeding, court order, or legal process.
International transfer of information collected
iWave primarily stores Customer personal information and Donor information in Canada. To facilitate iWave’s marketing and communication needs customer information may be transferred to the United States. All Donor information is processed and stored in Canada.
Public blog, refer a friend, and customer testimonials
iWave provides a blog on the company’s website. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. iWave is not responsible for the personal information you choose to submit on these blogs.
Customers and Visitors may elect to use iWave referral program to inform friends about iWave Services. When using the referral program, iWave requests the friend’s name, email address, organization name, and organization’s state. iWave will automatically send the friend a one-time email inviting him or her to visit the Company’s Web sites and contact them to accept a demo.
iWave posts some Customers and testimonials on the Company’s Web sites that contain information such as Customer names, titles, and organization names. iWave obtains the consent of each Customer prior to posting testimonials or personal information.
As a Software as a Service company, iWave recognizes the importance of effectively and continuously protecting Customer information and their Donor data. We understand that secure services are instrumental in sustaining your trust. Our goal is to protect all information in transit, being processed, and at rest. We follow best practices from the ISO 27001 Security Standards. (https://www.iso.org/iso/home/standards/management-standards/iso27001.htm)
The ISO 27001 specification can be aligned with and support many of the specifications for the following standards:
We have designed our Services to be flexible to our Customers and the needs of our Customer Organizations. This means that when you delete your sensitive donor and prospective donor information from our Services it is permanently deleted and not recoverable.
Data must be permanently deleted when no longer needed for legal, regulatory, customer, or business reasons. 30 days after a customer subscription ends all sensitive customer data will be permanently deleted from iWave systems.
Our Services use SSL encryption (SHA-256) to ensure passwords and data are encrypted while in transit over the web between the Customer and our Services. Data is securely processed and stored by iWave within our secured datacentre located in Prince Edward Island, Canada.
This Section applies only to the extent that Personal Data (as defined by European data protection legislation) from the European Union is requested by Customer from iWave as part of the Services. Personal Data from the European Union can only be transferred in accordance with applicable data protection laws, which currently require parties outside of jurisdictions deemed adequate by the EU to (i) enter into the EU standard contractual clauses, OR (ii) process Personal Data in a manner consistent with privacy principles designed by the U.S. Department of Commerce and European Commission available at https://www.privacyshield.gov (“Privacy Principles”). iWave shall receive information pertaining to Donors and potential Donors only through third party data providers that have represented to iWave that such third party has certified to the Privacy Principles in order to legally transfer Personal Data to iWave, and accordingly, Customer and iWave each warrants and undertakes that:
(iii) upon notice, including under (ii), take reasonable and appropriate steps to stop processing such Personal Data and/or remediate unauthorized use.
If you have questions regarding this Privacy Statement, CCPA, GDPR or Information Security Policies, please email your request to iWave at email@example.com or 1-800-655-7729.