Effective Date: January 1, 2020

Last Updated: May 1, 2020

This Privacy Policy will change periodically to comply with privacy law requirements. If the changes are significant, we will provide notice.

We at iWave Information Systems Inc. (“iWave”, “us,” “our”, or “we”) are committed to protecting the privacy of individuals who visit our websites, individuals who subscribe to use our services (“clients”) and individuals whose personal data are provided to us by clients and other sources. This Privacy Policy describes how we protect that personal data.

We recommend that you read this Privacy Policy to ensure you are fully informed about the types of personal data we collect, why and how we collect and protect it, where it is stored, and to ensure you are fully informed about your rights relating to any of this data that applies to you. If you wish to access a particular section of this Privacy Policy, please click on the links below:

  1. To find out how we protect your privacy when you visit our websites, click here.
  2. To find out how we protect your privacy when you subscribe to use our services as client, click here.
  3. To find out how we protect the privacy of individuals whose names and information are provided to us by clients and other sources to our database, click here.
  4. To find out whether we have your personal data in our database, and to opt out of allowing this personal data to remain in our database, click here.

Other topic headings in this Privacy Policy include:

  1. How we Protect Personal Data
  2. Where Personal Data is Stored
  3. Your Rights
  4. Your California Privacy Rights
  5. Children’s Privacy
  6. Questions?

Click here to contact us.

All the personal data we collect directly, whether on our website or through our services, is through consent of the individual. All the personal data that we collect indirectly, either through open sources or through data providers, is with the assurance that the individuals have provided consent for that sharing of their personal data.

1. PRIVACY ON OUR WEBSITE

What We Collect

iWave automatically collects personal data through its websites (https://www.iwave.com; https://pro.iwave.com; https://verigift.iwave.com); and through its mobile applications (https://api.iwave.com). The type and manner of data that we collect automatically includes the following:

  • Device, Usage Information, and Transactional Data. We collect information about how you use our services and the computers or other devices, such as mobile phones or tablets, you use to access our services. Some examples include:
    • IP address.
    • Unique device identifiers and device attributes, like operating system and browser type.
    • Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our services, the frequency of your use of our services, error logs, and other similar information.
    • Transactional data, such as names and email addresses of parties to a transaction, subject line, history of actions that individuals take during a transaction (e.g. downloading an e-book, watching a webinar) and information about those individuals or their devices, such as name, email address, IP address, and authentication methods.
  • Cookies and Related Technologies. We may use session cookies, which are text files containing small amounts of information that are downloaded on your device, or related technologies, such as web beacons, local shared objects and tracking pixels to store or collect information. Session cookies are used to maintain authentication while clients are using our products. For more information on session cookies, click here: https://www.allaboutcookies.org/cookies/session-cookies-used-for.html.
  • Ads for Our Products and services. We may also use third party services, such as Google, to serve tailored ads about our products and services to you on our services and elsewhere. We allow these third parties to use and access their own cookies on your computer or other device(s) you use to access our services. We do not have access to these cookies or related technologies, and this Privacy Policy does not govern the use of those cookies and related technologies.
How You Can Opt Out

The processing of your personal data through the use of cookies and other related technology and your device and usage information, is based on consent. You have the right to withdraw your consent to these processing activities at any time by choosing any of the following options:

  • Cookies and Other Related Technology. You can decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our services.
  • Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
  • Do Not Track. Some devices and browsers support a “Do Not Track” or “DNT” privacy preference feature which you can set to signal websites and online services that you do not wish to be tracked across the different websites or online services you visit. Our website does not currently change the way it operates upon detection of a Do Not Track or similar signal.

With Whom We Share the Information

We share personal data only with service providers that support our services. These companies provide services such as the systems we use to run our sales cycle. We have contracts with our service providers that address the safeguarding and proper use of your personal data. With your consent we allow third party cookies to send you advertisements that may be relevant to you.

Click here for the list of companies with whom we share personal data when you use our websites.

Other Websites

This Privacy Policy does not apply to any third-party websites and apps that you may use, including any linked to our services and websites. You should review the terms and policies for third-party websites and apps before clicking on any links.

How Long We Keep the Information

The personal data collected through iWave’s website that is listed above is retained for 30 days to allow you to return to our websites and be recognized. This means that choices you made less than 30 days before still apply.

2. PRIVACY WHEN YOU USE OUR SERVICES

What We Collect

When expressing an interest in obtaining additional information about our services or registering to use the services, iWave collects information directly from you by requiring you to provide personal contact information, such as name, company name, address, phone number, and email address. When purchasing the services, iWave may require you to provide billing information, such as billing name and address, and the number of employees or users and name of employees or users within your organization that will be using the services. Please note that iWave does not collect credit card or other financial information – payment transactions are processed directly through Moneris (https://www.moneris.com/).

In addition, we collect personal data directly when you:

  • Register or log in to your account
  • Create or edit your user profile
  • Contact iWave’s customer support team
  • Comment on our blogs or in community forums

You may also provide us with information about others when you use parts of our services, such as when you provide prospective donor names. For choices you may have regarding the provision of donor information, please see Section 6 of this Privacy Policy.

We Use the Personal Data to:

  • Contact individuals about their expression of interest in our services through iWave’s “Contact Me” or “Free Trial” web form
  • Market features, products, promotions or special events using email addresses
  • Choose and deliver content and tailored advertising
  • Send individuals records of their subscription relationship
  • Create and review data about our users and how they use our services
  • Test changes in our services and develop new features and products
  • Fix problems individuals may have with our services, including answering support questions and resolving technical issues
  • Manage the services platform including support systems and security
  • Prevent, investigate and respond to fraud, unauthorized access to or use of our services, breaches of terms and policies, or other wrongful behavior
  • Comply with legal obligations, including records retention periods

We Do Not Share Personal Data Except in the Following Circumstances:

  • Service Providers. We share personal data with companies we use to support our services like intelligent search technology, intelligent analytics, authentication systems, bill collection, fraud detection. We have contracts with our service providers that address the safeguarding and proper use of personal data.
  • Public or Government Authorities. We may share personal data where government authorities have demonstrated their lawful authority to obtain the information or where there are threats to personal safety, violations of this Privacy Policy or other agreements, or to protect existing legal rights.
  • Business Transactions. We may share personal data where it is necessary in the context of a transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If this occurs, we will provide notification to the individuals concerned.
  • Consent. We may share personal data with consent, for example, when we post testimonials on our websites or when individuals choose to post comments on our blogs.

Click here for the list of companies with whom we share personal data when you use our services.

How Long We Keep Information

We retain personal data for as long as the account is open, unless a longer retention period is required, for example under tax law. All prospect or potential donor names provided to us by clients are deleted 30 days after a client subscription ends.

Your Options

The processing of your personal data for the purposes listed in this Section 2 is based on your consent. You have the right to withdraw your consent to these processing activities at any time by notifying us here.

At any time, you may also change or limit the collection or use of your information for the purposes listed in this Section 2 by clicking here.

In addition, all marketing messages we send contain an “unsubscribe” link in the email message, or you may unsubscribe here: https://go.iwave.com/hs/manage-preferences/unsubscribe. Please note that we may send one message to confirm your opt out request. Transactional or business relationship messages may continue after you opt out of marketing messages.

3. PRIVACY IN OUR DATABASES

Through its proprietary databases and search tools, iWave allows our clients to conduct prospect research by searching wealth and philanthropic data to determine which prospective donors to ask, how much to ask for, and when to ask. As part of our services, users need to be assured that the information provided to our clients by iWave complies with the privacy rights of these individuals.

To constitute our databases, we collect information, including personal data, from third-party sources that include data providers, marketers, business alliances, researchers, service providers, and others, including open sources, where consent has been obtained to share personal data. This means that the source of personal data, whether open source or a third party data provider, has obtained consent from individuals to have their data shared to be sold for charitable fundraising. This also means that those individuals have been given the opportunity to opt out of that sharing.

To facilitate the search and opt out process as it relates to your information in our databases, see the following three choices:

  • Personal Data from Third Party Data Providers. If your personal data is provided to us from a third party data provider that has obtained your consent to sell or license the use of your personal data to us, we will provide you with the name of the third party data provider so that you may contact them directly to opt out. To request this search, click here. See also Section 6 of this Privacy Policy.
  • Personal Data that we Collect from Open Sources. We collect personal information from open sources to include in our VeriGift subscription. This personal information does not include anything except for name, without contact information, and some details relating to donation history with specific charitable organizations related to that name. For our VeriGift database, we offer a search and opt-out function where you can request that we search our Verigift database to find out if we have your personal data. If we do, you can opt-out. To verify that the information pertains to you, we will need you to provide your name, the year(s) of your gift(s), the range of your gift(s), the organization recipient of your gift, as well as the city and state of that organization. To request this search, click here. See also Section 6 of this Privacy Policy.
  • Personal Data Pertaining to Our Users. Our user or client database includes personal data of users that subscribe to the use of our services. Please see “Your Options” in Section 2 above to find out how to search and opt out of being part of this database and Section 6 to find out more about your rights in this regard.

In addition to our opt-out process, to provide assurance that we never share information except where the donor has expressly consented, we commit to never include and make available in our database, personal data that the individual has not consented to be collected and disclosed.

4. HOW WE PROTECT PERSONAL DATA

To keep your personal data safe, we use appropriate security safeguards to provide necessary protection. These include physical measures (e.g., restricting access to offices, and alarm systems), up-to-date technological tools (e.g., passwords, encryption, firewalls and security patches), and organizational controls (e.g., security clearances, limiting access, staff training and agreements). We apply these measures, tools and controls based on the sensitivity of the information we collect, use, and store, and the current state of technology.

We use AWS cloud services, certified under ISO/IEC 27018:2019 [ISO/IEC 27018: — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors]

As part of iWave’s security policy, we also follow best practices from the ISO 27001 Security Standards (https://www.iso.org/iso/home/standards/management-standards/iso27001.htm) and we review security safeguards regularly to ensure they are up to date, and that we have addressed any known vulnerabilities through regular security audits and/or testing.

5. WHERE PERSONAL DATA IS STORED

Personal data is stored on AWS cloud services, which means data will primarily be stored in Canada but may at times also be stored on servers in the United States. Personal data becomes subject to the laws of the country where it is stored.

6. YOUR RIGHTS

Whether you are a visitor on our website, or a client, or a donor who believes we may have your personal data, you have the following rights:

  • You may request to have access to the personal data we have relating to you. We will reply within 30 days either to provide you your information if we have it, or let you know we do not, or if we have it but are not allowed to provide you access, for example if doing so would violate the privacy of another individual, we will provide you with justification.
  • If you find your information is inaccurate, you may have it corrected.
  • If you no longer consent to us retaining your personal data, you may request to have it deleted. We will do so immediately, unless legal requirements (for example, tax law in relation to clients) impose minimum retention periods.
  • You may also complain if you have concerns about the protection of your personal data at iWave by contacting 1-800-655-7729 or iWave Information Services Inc., Attention: Privacy Team, 2nd Level, Confederation Court Mall 134 Kent Street Charlottetown, PE C1A 8R8

If you still have concerns, you may file a complaint with the privacy authority of your country.

7. YOUR CALIFORNIA PRIVACY RIGHTS

We do not share personal data with third parties for their own direct marketing purposes without your consent. Under California Law, you provide consent when you accept Cookies. We only share personal data when there is evidence of that consent. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal data by iWave to a third party for the third party’s direct marketing purposes. This right only applies to activities within California. To make any request to exercise your California privacy rights please contact dataprotection@districtm.net.

California residents under 18 years old, in certain circumstances, may request and obtain removal of personal data or content about you that you posted on our website or services. Please be mindful that this would not ensure complete removal of the content posted on our website or services by you. To make any request to exercise your California privacy rights please contact dataprotection@districtm.net.

In addition to the rights described above in Section 6, California residents have the right to not receive discriminatory treatment for exercising their privacy rights. To make any request to exercise your privacy rights described in this Section or Section 6, or to designate an authorizing agent to make a request, please contact dataprotection@districtm.net.

8. THIRD PARTY WEBSITES

Our website may include links to and from our business alliances if you follow a link to any of their websites. Please note that these websites have their own privacy policies that are different from ours and you should review their privacy policies to understand the privacy practices of their services.

9. CHILDREN’S PRIVACY

Our services are not designed for and are not marketed to people under the age of 16 (“minors”). We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our services. If you are a minor, please do not use our services or send us your information. We delete information that we learn is collected from a minor without verified parental consent. Please contact us at 1-800-655-7729 if you believe we might have information from or about a minor.

10. QUESTIONS?

For questions or complaints regarding our use of your information or Privacy Policy, please contact us at 1-800-655-7729 or:

iWave, Attention: Privacy Team
2nd Level, Confederation Court Mall
134 Kent Street
Charlottetown, PE C1A 8R8

If you still have concerns, you may file a complaint with the privacy authority of your country.