Last Updated: April 1, 2022
- Privacy Practices Related to Visitors and Clients
- Privacy Practices Related to Individuals whose personal data is in our Databases
- Your Rights (Visitors and Individuals in our Databases)
- How We Protect Personal Data
- Transfer of Personal Data
- Notice to California Residents
- Notice to Nevada Residents
- Notice to Canadian Residents
- Third Party Websites
- Children’s Privacy
PRIVACY PRACTICES RELATED TO VISITORS AND CLIENTS
How We Collect
iWave collects personal data from you directly when you express an interest in obtaining
additional information about our services, register to use the services, or purchase our services, register or log in to your account, create or edit your user profile, contact iWave’s customer support team, comment on our blogs or in community forums, or when you interact with us in any form. iWave also collects your personal data from other sources including third parties, clients, advertising networks, operating systems and platforms, data brokers, partner publishers, social media platforms, service providers, etc. iWave may combine information about you that it already has with the information it receives from other sources. iWave and its vendors, including third parties like Google, also collect personal data from you using automated technology through its websites (https://www.iwave.com; https://app.iwave.com; https://ca.iwave.com).
What We Collect
The type and manner of data that we and our vendors, including third parties like Google, collect includes the following:
- Personal Identifiers — When you sign up for our services such as name, company name, address, phone number, email address, billing information (name and address), number of employees or users and name of employees or users within your organization using our services. Please note that iWave does not collect credit card or other financial information — payment transactions are processed directly through Invoiced.com
- Internet and Network Activity —We and our vendors, including service providers and third parties, collect information about how you use our services and the computers or other devices, such as mobile phones or tablets, you use to access our services. Examples include: IP address, Unique device identifiers and device attributes, like operating system and browser type, Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our services, the frequency of your use of our services, error logs, and other similar information, transactional data, such as names and email addresses of parties to a transaction, subject line, history of actions that individuals take during a transaction (e.g., downloading an e-book, watching a webinar) and information about those individuals or their devices, such as name, email address, IP address, and authentication methods.
How We Use Your Personal Data
We use your personal data for the following purposes:
- To administer our websites, services and products, and internal operations, including to fix problems individuals may have with our services, such as answering support questions and resolving technical issues;
- Manage the services platform including support systems and security;
- Respond to your inquiries about your expression of interest in our services such as through iWave’s “Contact Me” or “Free Trial” web form;
- Send records of your subscription relationship;
- For marketing features, products, promotions or special events, research and advertising purposes, including to deliver tailored content and targeted advertising;
- To analyze and improve our products, business, services, and websites including to create and review data about our users and how they use our services;
- To test changes in our services and develop new features and products;
- To comply with our obligations including legal obligations, establishing, exercising, or defending legal claims, monitoring, and reporting compliance issues, records retention periods;
- To prevent, investigate and respond to fraud, unauthorized access to or use of our services, breaches of terms and policies, or other wrongful behavior;
- As otherwise disclosed or permitted by law, or as otherwise specified at the time of collection.
Cookies and Related Technologies
Our websites uses both session cookies (used to maintain authentication while clients are using our products) and advertising cookies (that help us serve you tailored ads). For more information on cookies, click here.
How You Can Opt-Out of Cookies and Related Technology
- Cookies and Other Related Technology. You can decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our services.
- Geolocation Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
- Google Opt-Out – To opt out of Google Analytics, please see here. To opt out of Google Ads, please see here.
- Digital Advertising Alliance — You can also opt out from companies like Google and other participating companies through the Digital Advertising Alliance in the USA. You can also opt out of participating companies from the Digital Advertising Alliance of Canada in Canada or opt out using your mobile device settings.
In addition, all marketing messages we send contain an “unsubscribe” link in the email message, or you may unsubscribe here. Please note that we may send one message to confirm your opt out request. Transactional or business relationship messages may continue after you opt out of marketing messages.
With Whom We Share Personal Data
We share personal data with: (Visitors and/or Clients as indicated)
- Service Providers. These are companies that we use to support our services such as intelligent search technology, intelligent analytics, authentication systems, bill collection, fraud detection, and vendors that provide the systems we use to run our sales cycle. We have contracts with our service providers that address the safeguarding and proper use of your personal data. “Visitors”
- Business Transactions. We may share personal data where it is necessary in the context of a transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If this occurs, we will provide notification to the individuals concerned. “Both”
- Third parties. Vendors, including social media platforms and advertising networks that we work with to communicate with you for our marketing efforts and to send advertisements that may be relevant to you. “Visitors”
- Consent. We may share personal data with your consent and at your direction, for example, when we post testimonials on our websites or when individuals choose to post comments on our blogs. “Clients”
External Links and Third-Party Websites
How Long We Keep Personal Data
For “visitors” we retain your personal data for 30 days to allow you to return to our websites and be recognized. This means that choices you made less than 30 days before still apply. For “clients”, we retain personal data for as long as the account is open, unless a longer retention period is required, for example under tax law. All prospect or potential donor names provided to us by clients are deleted 60 days after a client subscription ends. (30 Days from our production database and an additional 30 days to be removed from our backups)
PRIVACY PRACTICES RELATED TO INDIVIDUALS WHOSE PERSONAL DATA IS IN OUR PRODUCT DATABASES
How we collect
To constitute our databases, we collect information including personal data from third-party sources including publicly available records, data brokers, data aggregators, our clients, government entities, public registers, marketers, business alliances, researchers, service providers, and others, including open sources, where consent has been obtained to share personal data. This means that the source of personal data, whether open source or a third-party data provider, has obtained consent from individuals to have their data shared to be sold for charitable fundraising. This also means that those individuals have been given the opportunity to opt out of that sharing.
What We Collect
The type of data we collect about includes:
- Personal Identifiers such as name, address, phone number, email address
- Demographic Information/Characteristics of Protected Classes such as gender, age, occupation, education, ethnicity, etc.
- Internet and Network Activity — IP address, Unique device identifiers, and device attributes, like operating system and browser type
- Commercial Information such as records of personal and commercial property
- User Provided Data – data entered into the application by a customer, such as giving history, custom records, notes and comments, etc.
How We Use Your Personal Data
We use your personal data for the following purposes:
- Through its proprietary databases and search tools, iWave allows our clients to conduct prospect research by searching wealth and philanthropic data to determine which prospective donors to ask, how much to ask for, and when to ask;
- To analyze and improve our products, business, services, and websites;
- To administer our services and products, websites, and internal operations;
- To comply with our obligations including legal obligations, establishing, exercising or defending legal claims, monitoring, and reporting compliance issues.
- User-provided data is not shared with other organizations and is only accessible by the organization that provided it.
With Whom We Share the Information
- Service Providers. We share personal data with companies we use to support our services like intelligent search technology, intelligent analytics, authentication systems, bill collection, and fraud detection. We have contracts with our service providers that address the safeguarding and proper use of personal data.
- Business Transactions. We may share personal data where it is necessary in the context of a transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If this occurs, we will provide notification to the individuals concerned.
- Consent. We may share personal data with your consent based on notice provided to you at collection or as permitted by law.
How You Can Opt-Out of the Databases
You may opt-out of certain databases using the following instructions:
- Personal Data from Third-Party Data Providers. If your personal data is provided to us from a third-party data provider that has obtained your consent to sell or license the use of your personal data to us, we will provide you with the name of the third-party data provider so that you may contact them directly to opt out. To request this search, please use this link.
- Data that We Collect from Open Sources. We collect personal information from open sources to include in our VeriGift subscription. This personal information does not include anything except for name, without contact information, and some details relating to donation history with specific charitable organizations related to that name. For our VeriGift database, we offer a search and opt-out function where you can request that we search our VeriGift database to find out if we have your personal data. If we do, you can opt-out. To verify that the information pertains to you, we will need you to provide your name, the year(s) of your gift(s), the range of your gift(s), the organization recipient of your gift, as well as the city and state of that organization. To request this search, please use this link.
In addition to our opt-out process, we will not knowingly include and make available in our database personal data that the individual has not consented to be collected and disclosed or that is not already publicly available.
This section does not apply to iWave clients, however, visitors or individuals who believe we may have your personal data in our databases, you have the following rights with respect to your personal information:
- Right to Access – You may request to have access to the personal data we have relating to you. We will reply within 30 days either to provide you your information if we have it, or let you know we do not, or if we have it but are not allowed to provide you access, for example if doing so would violate the privacy of another individual, we will provide you with justification.
- Right to Correct – If you find your information is inaccurate, you may have it corrected.
- Right to Withdraw Consent – If consent was a basis of collection of your personal information and you no longer consent to us retaining and using your personal data, you may request to have it deleted. We will do so immediately, unless legal requirements (for example, tax law in relation to clients) impose retention periods.
HOW WE PROTECT PERSONAL DATA
To keep your personal data safe, we use appropriate security safeguards to provide necessary protection. These include physical measures (e.g., restricting access to offices, and alarm systems), up-to-date technological tools (e.g., passwords, encryption, firewalls and security patches), and organizational controls (e.g., security clearances, limiting access, staff training, and agreements). We apply these measures, tools, and controls based on the sensitivity of the information we collect, use, and store, and the current state of technology.
We use AWS cloud services, certified under ISO/IEC 27018:2019 [ISO/IEC 27018: — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors]
As part of iWave’s security policy, we also follow best practices from the ISO 27001 Security Standards and we review security safeguards regularly to ensure they are up to date, and that we have addressed any known vulnerabilities through regular security audits and/or testing. While we make considerable efforts to protect our information systems, no data security measures can guarantee 100% security.
TRANSFER OF PERSONAL DATA
If you are located outside the United States, please be aware that information we collect or obtain about you may be transferred to and processed in the United States or other jurisdictions outside your own. By interacting with our websites, applications and using our services, you consent to such transfers and acknowledge that the data protection laws and regulations that may apply to your personal information transferred to the United States or other countries may be different from the laws in your country of residence including such that the governments, courts, law enforcement or regulatory agencies of the other countries may be able to obtain access to your personal information through the laws of that country.
NOTICE TO CALIFORNIA RESIDENTS
California Consumer Privacy Rights:
- Right to Know – You have the right to request that we disclose to you the following information about Personal Information we collect from you:
- categories of personal information collected;
- categories of sources of personal information collected;
- the business or commercial purpose for collecting or selling personal information;
- the categories of third parties with whom we share personal information; and
- the specific pieces of personal information we have collected about you over the past 12 months.
In the preceding 12 months, iWave has disclosed the following categories of personal data for a business purpose.
|Category of Personal Information||Categories of Recipients|
|Personal Identifiers such as name, address, phone number, email address||Service Providers|
|Demographic Information/Characteristics of Protected Classes such as gender, age, occupation, education, ethnicity, etc.||Service Providers|
|Internet and Network Activity — IP address, Unique device identifiers, and device attributes, like operating system and browser type||Service Providers|
|Commercial Information such as records of personal and commercial property||Service Providers|
|User Provided Data||Service Providers|
We do not knowingly sell the personal data of consumers under 16 years of age.
- Right to Delete — You have the right to request the deletion of your personal data collected or maintained by us subject to certain exceptions permitted by law.
- Right to Opt-Out of Sale of Personal Information — You have the right to opt out of the sale of your personal data.
- Right to Non-Discrimination — You have the right to not receive discriminatory treatment for exercising your CCPA privacy rights. We do not use the fact that you have exercised or requested to exercise any CCPA rights for any purpose other than facilitating a response to your request.
Making a CCPA Request
You may make a CCPA request by:
- Via our online webform available here
- by email to firstname.lastname@example.org
Once we receive your request, we are required to verify that you are the person that is the subject of the request (the “Verification Process”). The Verification Process consists of matching identifying information provided by you with the information we have about you in our records. Upon making a request, you will be asked to provide certain information to identify you and verify your information which may include your first and last name, spouse name, full mailing address, email address, phone number, employment history, donation / giving history and possibly other request details. If we cannot verify your identity, we will not be able to respond to your request. Information collected through verification will only be used for verification.
You may designate an authorized agent to exercise any of the above California privacy rights on your behalf, subject to the agent request requirements of the CCPA. Authorized Agents may make requests under the CCPA on behalf of California Consumers by contacting us at email@example.com.
California’s Shine the Light Law. We do not share personal data with third parties for their own direct marketing purposes without your consent. Under California Law, you provide consent when you accept Cookies. We only share personal data when there is evidence of that consent.
Once a year, free of charge, you are entitled to request and obtain certain information regarding iWave’s disclosure of your personal data to third parties for their direct marketing purposes. This right only applies to activities within California. To make any request to exercise your California privacy rights please contact firstname.lastname@example.org or write to us at iWave Information Systems Inc., 2nd Level, Confederation Court Mall, 134 Kent Street, Charlottetown, PE C1A 8R8, with a reference to CA Shine The Light Disclosure.
Do Not Track Signals — California law requires us to let you know how we respond to web browser Do Not Track (“DNT”) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.
NOTICE TO NEVADA RESIDENTS
Nevada law allows consumers to direct certain businesses to not sell their personally identifiable information to third parties. If you are a Nevada resident, you may submit such opt-out requests to email@example.com.
NOTICE TO CANADIAN RESIDENTS
Your Privacy Rights. Please note this notice may not apply to you if you are an iWave client. You may ask us to take the following actions with respect to your personal information:
- access your personal information;
- verify or correct inaccuracies in your personal information;
- where you have provided your consent to the collection, use and transfer of your personal information, withdraw your consent under certain circumstances.
You may submit these requests by email to firstname.lastname@example.org. We may require specific information from you to help us verify your identity prior to processing your request.
Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to any legal or regulatory restrictions on disclosing this information. Please note, if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.
Our websites, apps and services are not designed for and are not marketed to people under the age of 16 (“minors”). We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our services. If you are a minor, please do not use our services or send us your information. We delete information that we learn is collected from a minor without verified parental consent. Please contact us at 1-800-655-7729 if you believe we might have information from or about a minor.
iWave, Attention: Privacy Team
2nd Level, Confederation Court Mall
134 Kent Street
Charlottetown, PE C1A 8R8