Privacy Policy

 

Last Updated: April 1, 2022

This Privacy Policy (https://www.iwave.com/privacy-policy/) will change periodically to comply with privacy law requirements. If the changes are significant, we will provide notice.

We at iWave Information Systems Inc. (“iWave”, “us,” “our”, or “we”) are committed to protecting the privacy of individuals who visit our websites (“visitors”), individuals who subscribe to use our services (“clients”), and individuals whose personal data is in our databases. This Privacy Policy describes our practices related to the foregoing personal data.

We recommend that you read this Privacy Policy to ensure you are fully informed about the types of personal data we collect, why and how we collect, use, and protect it, how it is disclosed, where it is stored, and to ensure you are fully informed about your rights relating to any of your data. Residents of California, Nevada, and Canada, please also refer to the specific sections directed to you in this Privacy Policy to learn more about your privacy rights. If you wish to access a particular section of this Privacy Policy, please click on the links below:

  1. Privacy Practices Related to Visitors and Clients
  2. Privacy Practices Related to Individuals whose personal data is in our Databases
  3. Your Rights (Visitors and Individuals in our Databases)
  4. How We Protect Personal Data
  5. Transfer of Personal Data
  6. Notice to California Residents
  7. Notice to Nevada Residents
  8. Notice to Canadian Residents
  9. Third Party Websites
  10. Children’s Privacy
  11. Changes to the Privacy Policy
  12. Questions?

Click here to contact us.

PRIVACY PRACTICES RELATED TO VISITORS AND CLIENTS

How We Collect

iWave collects personal data from you directly when you express an interest in obtaining

additional information about our services, register to use the services, or purchase our services, register or log in to your account, create or edit your user profile, contact iWave’s customer support team, comment on our blogs or in community forums, or when you interact with us in any form. iWave also collects your personal data from other sources including third parties, clients, advertising networks, operating systems and platforms, data brokers, partner publishers, social media platforms, service providers, etc. iWave may combine information about you that it already has with the information it receives from other sources. iWave and its vendors, including third parties like Google, also collect personal data from you using automated technology through its websites (https://www.iwave.com; https://app.iwave.com; https://ca.iwave.com).

What We Collect

The type and manner of data that we and our vendors, including third parties like Google, collect includes the following:

  • Personal Identifiers — When you sign up for our services such as name, company name, address, phone number, email address, billing information (name and address), number of employees or users and name of employees or users within your organization using our services. Please note that iWave does not collect credit card or other financial information — payment transactions are processed directly through Invoiced.com
  • Internet and Network Activity —We and our vendors, including service providers and third parties, collect information about how you use our services and the computers or other devices, such as mobile phones or tablets, you use to access our services. Examples include: IP address, Unique device identifiers and device attributes, like operating system and browser type, Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our services, the frequency of your use of our services, error logs, and other similar information, transactional data, such as names and email addresses of parties to a transaction, subject line, history of actions that individuals take during a transaction (e.g., downloading an e-book, watching a webinar) and information about those individuals or their devices, such as name, email address, IP address, and authentication methods.

How We Use Your Personal Data

We use your personal data for the following purposes:

  • To administer our websites, services and products, and internal operations, including to fix problems individuals may have with our services, such as answering support questions and resolving technical issues;
  • Manage the services platform including support systems and security;
  • Respond to your inquiries about your expression of interest in our services such as through iWave’s “Contact Me” or “Free Trial” web form;
  • Send records of your subscription relationship;
  • For marketing features, products, promotions or special events, research and advertising purposes, including to deliver tailored content and targeted advertising;
  • To analyze and improve our products, business, services, and websites including to create and review data about our users and how they use our services;
  • To test changes in our services and develop new features and products;
  • To comply with our obligations including legal obligations, establishing, exercising, or defending legal claims, monitoring, and reporting compliance issues, records retention periods;
  • To prevent, investigate and respond to fraud, unauthorized access to or use of our services, breaches of terms and policies, or other wrongful behavior;
  • As otherwise disclosed or permitted by law, or as otherwise specified at the time of collection.

Cookies and Related Technologies

We and our vendors, including service providers and third parties, use cookies, which are text files containing small amounts of information that are downloaded on your device, and related technologies such as web beacons, local shared objects, and tracking pixels to store or collect information for the purposes mentioned in this Privacy Policy including targeted advertising, monitoring performance, analytics, and improving our services and websites.

Our websites uses both session cookies (used to maintain authentication while clients are using our products) and advertising cookies (that help us serve you tailored ads). For more information on cookies, click here.

Ads for Our Products and services. We may also use third party services, such as Google, to serve tailored ads about our products and services to you on our services and elsewhere. We allow these third parties to use and access their own cookies on your computer or other device(s) you use to access our services. We do not have access to these cookies or related technologies, and this Privacy Policy does not govern the use of those cookies and related technologies.

How You Can Opt-Out of Cookies and Related Technology

You may opt out of our use of cookies and other related technology as follows:

  • Cookies and Other Related Technology. You can decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our services.
  • Geolocation Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
  • Google Opt-Out – To opt out of Google Analytics, please see here. To opt out of Google Ads, please see here.
  • Digital Advertising Alliance — You can also opt out from companies like Google and other participating companies through the Digital Advertising Alliance in the USA. You can also opt out of participating companies from the Digital Advertising Alliance of Canada in Canada or opt out using your mobile device settings.

In addition, all marketing messages we send contain an “unsubscribe” link in the email message, or you may unsubscribe here. Please note that we may send one message to confirm your opt out request. Transactional or business relationship messages may continue after you opt out of marketing messages.

With Whom We Share Personal Data

We share personal data with: (Visitors and/or Clients as indicated)

  • Service Providers. These are companies that we use to support our services such as intelligent search technology, intelligent analytics, authentication systems, bill collection, fraud detection, and vendors that provide the systems we use to run our sales cycle. We have contracts with our service providers that address the safeguarding and proper use of your personal data. “Visitors”
  • Public or Government Authorities. We may share personal data where government authorities have demonstrated their lawful authority to obtain the information or where there are threats to personal safety, violations of this Privacy Policy or other agreements, or to protect existing legal rights. “Both”
  • Business Transactions. We may share personal data where it is necessary in the context of a transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If this occurs, we will provide notification to the individuals concerned. “Both”
  • Third parties. Vendors, including social media platforms and advertising networks that we work with to communicate with you for our marketing efforts and to send advertisements that may be relevant to you. “Visitors”
  • Consent. We may share personal data with your consent and at your direction, for example, when we post testimonials on our websites or when individuals choose to post comments on our blogs. “Clients”

External Links and Third-Party Websites

This Privacy Policy does not apply to any third-party websites and apps that you may use, including any linked to our services and websites. Please note that such websites have their own privacy policies that are different from ours, and you should review their privacy policies to understand the privacy practices of their services before clicking on any links or submitting any personal data to such third parties. We are not responsible for any transactions that occur between you and a third-party website.

How Long We Keep Personal Data

For “visitors” we retain your personal data for 30 days to allow you to return to our websites and be recognized. This means that choices you made less than 30 days before still apply. For “clients”, we retain personal data for as long as the account is open, unless a longer retention period is required, for example under tax law. All prospect or potential donor names provided to us by clients are deleted 60 days after a client subscription ends. (30 Days from our production database and an additional 30 days to be removed from our backups)

PRIVACY PRACTICES RELATED TO INDIVIDUALS WHOSE PERSONAL DATA IS IN OUR PRODUCT DATABASES

How we collect

To constitute our databases, we collect information including personal data from third-party sources including publicly available records, data brokers, data aggregators, our clients, government entities, public registers, marketers, business alliances, researchers, service providers, and others, including open sources, where consent has been obtained to share personal data. This means that the source of personal data, whether open source or a third-party data provider, has obtained consent from individuals to have their data shared to be sold for charitable fundraising. This also means that those individuals have been given the opportunity to opt out of that sharing.

What We Collect

The type of data we collect about includes:

  • Personal Identifiers such as name, address, phone number, email address
  • Demographic Information/Characteristics of Protected Classes such as gender, age, occupation, education, ethnicity, etc.
  • Internet and Network Activity — IP address, Unique device identifiers, and device attributes, like operating system and browser type
  • Commercial Information such as records of personal and commercial property
  • User Provided Data – data entered into the application by a customer, such as giving history, custom records, notes and comments, etc.

How We Use Your Personal Data

We use your personal data for the following purposes:

  • Through its proprietary databases and search tools, iWave allows our clients to conduct prospect research by searching wealth and philanthropic data to determine which prospective donors to ask, how much to ask for, and when to ask;
  • To analyze and improve our products, business, services, and websites;
  • To administer our services and products, websites, and internal operations;
  • To comply with our obligations including legal obligations, establishing, exercising or defending legal claims, monitoring, and reporting compliance issues.
  • User-provided data is not shared with other organizations and is only accessible by the organization that provided it.

With Whom We Share the Information

  • Service Providers. We share personal data with companies we use to support our services like intelligent search technology, intelligent analytics, authentication systems, bill collection, and fraud detection. We have contracts with our service providers that address the safeguarding and proper use of personal data.
  • Public or Government Authorities. We may share personal data where government authorities have demonstrated their lawful authority to obtain the information or where there are threats to personal safety, violations of this Privacy Policy or other agreements, or to protect existing legal rights.
  • Business Transactions. We may share personal data where it is necessary in the context of a transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If this occurs, we will provide notification to the individuals concerned.
  • Consent. We may share personal data with your consent based on notice provided to you at collection or as permitted by law.

How You Can Opt-Out of the Databases

You may opt-out of certain databases using the following instructions:

  • Personal Data from Third-Party Data Providers. If your personal data is provided to us from a third-party data provider that has obtained your consent to sell or license the use of your personal data to us, we will provide you with the name of the third-party data provider so that you may contact them directly to opt out. To request this search, please use this link.
  • Data that We Collect from Open Sources. We collect personal information from open sources to include in our VeriGift subscription. This personal information does not include anything except for name, without contact information, and some details relating to donation history with specific charitable organizations related to that name. For our VeriGift database, we offer a search and opt-out function where you can request that we search our VeriGift database to find out if we have your personal data. If we do, you can opt-out. To verify that the information pertains to you, we will need you to provide your name, the year(s) of your gift(s), the range of your gift(s), the organization recipient of your gift, as well as the city and state of that organization. To request this search, please use this link.

In addition to our opt-out process, we will not knowingly include and make available in our database personal data that the individual has not consented to be collected and disclosed or that is not already publicly available.

YOUR RIGHTS

This section does not apply to iWave clients, however, visitors or individuals who believe we may have your personal data in our databases, you have the following rights with respect to your personal information:

  • Right to Access – You may request to have access to the personal data we have relating to you. We will reply within 30 days either to provide you your information if we have it, or let you know we do not, or if we have it but are not allowed to provide you access, for example if doing so would violate the privacy of another individual, we will provide you with justification.
  • Right to Correct – If you find your information is inaccurate, you may have it corrected.
  • Right to Withdraw Consent – If consent was a basis of collection of your personal information and you no longer consent to us retaining and using your personal data, you may request to have it deleted. We will do so immediately, unless legal requirements (for example, tax law in relation to clients) impose retention periods.

HOW WE PROTECT PERSONAL DATA

To keep your personal data safe, we use appropriate security safeguards to provide necessary protection. These include physical measures (e.g., restricting access to offices, and alarm systems), up-to-date technological tools (e.g., passwords, encryption, firewalls and security patches), and organizational controls (e.g., security clearances, limiting access, staff training, and agreements). We apply these measures, tools, and controls based on the sensitivity of the information we collect, use, and store, and the current state of technology.

We use AWS cloud services, certified under ISO/IEC 27018:2019 [ISO/IEC 27018: — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors]

As part of iWave’s security policy, we also follow best practices from the ISO 27001 Security Standards and we review security safeguards regularly to ensure they are up to date, and that we have addressed any known vulnerabilities through regular security audits and/or testing. While we make considerable efforts to protect our information systems, no data security measures can guarantee 100% security.

TRANSFER OF PERSONAL DATA

If you are located outside the United States, please be aware that information we collect or obtain about you may be transferred to and processed in the United States or other jurisdictions outside your own. By interacting with our websites, applications and using our services, you consent to such transfers and acknowledge that the data protection laws and regulations that may apply to your personal information transferred to the United States or other countries may be different from the laws in your country of residence including such that the governments, courts, law enforcement or regulatory agencies of the other countries may be able to obtain access to your personal information through the laws of that country.

NOTICE TO CALIFORNIA RESIDENTS

As a supplement to other information provided throughout this Privacy Policy, we provide the following additional information as a notice to residents of California (“California consumers”) in accordance with the California Consumer Privacy Act (“CCPA”). Please note this section may not apply to you if you are an iWave client.

California Consumer Privacy Rights:

  • Right to Know – You have the right to request that we disclose to you the following information about Personal Information we collect from you:
    • categories of personal information collected;
    • categories of sources of personal information collected;
    • the business or commercial purpose for collecting or selling personal information;
    • the categories of third parties with whom we share personal information; and
    • the specific pieces of personal information we have collected about you over the past 12 months.

In the preceding 12 months, iWave has disclosed the following categories of personal data for a business purpose.

Category of Personal Information Categories of Recipients
Personal Identifiers such as name, address, phone number, email address Service Providers
Demographic Information/Characteristics of Protected Classes such as gender, age, occupation, education, ethnicity, etc. Service Providers
Internet and Network Activity — IP address, Unique device identifiers, and device attributes, like operating system and browser type Service Providers
Commercial Information such as records of personal and commercial property Service Providers
User Provided Data Service Providers

We do not knowingly sell the personal data of consumers under 16 years of age.

  • Right to Delete — You have the right to request the deletion of your personal data collected or maintained by us subject to certain exceptions permitted by law.
  • Right to Opt-Out of Sale of Personal Information — You have the right to opt out of the sale of your personal data.
  • Right to Non-Discrimination — You have the right to not receive discriminatory treatment for exercising your CCPA privacy rights. We do not use the fact that you have exercised or requested to exercise any CCPA rights for any purpose other than facilitating a response to your request.

Making a CCPA Request

You may make a CCPA request by:

Once we receive your request, we are required to verify that you are the person that is the subject of the request (the “Verification Process”). The Verification Process consists of matching identifying information provided by you with the information we have about you in our records. Upon making a request, you will be asked to provide certain information to identify you and verify your information which may include your first and last name, spouse name, full mailing address, email address, phone number, employment history, donation / giving history and possibly other request details. If we cannot verify your identity, we will not be able to respond to your request. Information collected through verification will only be used for verification.

Authorized Agent

You may designate an authorized agent to exercise any of the above California privacy rights on your behalf, subject to the agent request requirements of the CCPA. Authorized Agents may make requests under the CCPA on behalf of California Consumers by contacting us at privacy@iwave.com.

California’s Shine the Light Law. We do not share personal data with third parties for their own direct marketing purposes without your consent. Under California Law, you provide consent when you accept Cookies. We only share personal data when there is evidence of that consent.

Once a year, free of charge, you are entitled to request and obtain certain information regarding iWave’s disclosure of your personal data to third parties for their direct marketing purposes. This right only applies to activities within California. To make any request to exercise your California privacy rights please contact privacy@iwave.com or write to us at iWave Information Systems Inc., 2nd Level, Confederation Court Mall, 134 Kent Street, Charlottetown, PE C1A 8R8, with a reference to CA Shine The Light Disclosure.

Do Not Track Signals — California law requires us to let you know how we respond to web browser Do Not Track (“DNT”) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

NOTICE TO NEVADA RESIDENTS

Nevada law allows consumers to direct certain businesses to not sell their personally identifiable information to third parties. If you are a Nevada resident, you may submit such opt-out requests to privacy@iwave.com.

NOTICE TO CANADIAN RESIDENTS

All the personal data we collect directly from consumers, whether on our websites, apps or through our services, is through consent. All the personal data that we collect from other sources as disclosed in this Privacy Policy is with the assurance that the individuals have provided consent for that sharing of their personal data.

Your Privacy Rights. Please note this notice may not apply to you if you are an iWave client. You may ask us to take the following actions with respect to your personal information:

  • access your personal information;
  • verify or correct inaccuracies in your personal information;
  • where you have provided your consent to the collection, use and transfer of your personal information, withdraw your consent under certain circumstances.

You may submit these requests by email to privacy@iwave.com. We may require specific information from you to help us verify your identity prior to processing your request.

Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to any legal or regulatory restrictions on disclosing this information. Please note, if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.

CHILDREN’S PRIVACY

Our websites, apps and services are not designed for and are not marketed to people under the age of 16 (“minors”). We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our services. If you are a minor, please do not use our services or send us your information. We delete information that we learn is collected from a minor without verified parental consent. Please contact us at 1-800-655-7729 if you believe we might have information from or about a minor.

CHANGES TO THE PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy from time to time at our discretion. We will indicate changes to this Privacy Policy by updating the “Effective Date” at the beginning of the Privacy Policy. Please review this Privacy Policy periodically and especially before you provide any personal information to us. Your continued use of our Services after any update will constitute your acceptance of our changes.

QUESTIONS?

For questions, concerns, or complaints regarding our data handling practices, compliance with laws or this Privacy Policy, please contact us by phone at 1-800-655-7729, or via webform or by writing to us at:

iWave, Attention: Privacy Team
2nd Level, Confederation Court Mall
134 Kent Street
Charlottetown, PE C1A 8R8