Privacy Policy Draft

Privacy Policy

Effective date: September 1, 2020

At EverythingALS, (“CaringALS,” “Peter Cohen Foundation 501(c)(3), “we,” or “us”), our most important value is ‘Patients First’, which means that we are committed to protecting your privacy and we take great care with your personal information that we gather when you access or use CaringALS.com and related websites, applications, and services owned and operated by CaringALS and that link to this Privacy Policy (collectively, the “Services”). This Privacy Policy is meant to help consumers that use our Services to explore providers or book appointments (“Consumers”) and providers and health systems that use our marketing services (“Clients,” and collectively with Consumers, “you,” or “your”) understand how we treat your personal information. BY USING OR ACCESSING THE SERVICES IN ANY MANNER, YOU ACKNOWLEDGE THAT YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY, AND YOU HEREBY CONSENT THAT WE WILL COLLECT, USE, AND SHARE YOUR INFORMATION IN THE FOLLOWING WAYS. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU MAY NOT USE THE SERVICES. IF YOU USE THE SERVICES ON BEHALF OF SOMEONE ELSE (SUCH AS YOUR CHILD) OR AN ENTITY (SUCH AS YOUR EMPLOYER), YOU REPRESENT THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF. A Consumer’s use of CaringALS’s Services is at all times subject to the Agreement (as the term “Agreement” is defined in our Terms of Use, which incorporates this Privacy Policy). You may print a copy of this Privacy Policy by clicking here. You can also learn more at caringals.com/trust. Thank you so much for choosing CaringALS.

Privacy Policy Table of Contents

HIPAA and PHI

Personal Data

  • Consumer Personal Data
    • Categories of Personal Data We Collect
    • Categories of Sources of Personal Data
    • Commercial or Business Purposes for Collecting Data
    • How We Share Your Personal Data
  • Client Personal Data
    • Categories of Personal Data We Collect
    • Categories of Sources of Personal Data
    • Commercial or Business Purposes for Collecting Data
    • How We Share Your Personal Data

Tracking Tools, Advertising and Opt-Out

Data Security and Retention

Children’s Privacy

How We Use Information That is Neither Personal Data nor PHI

Controlling Your Personal Data & Notifications

California Rights

Changes to this Privacy Policy

Contact Information

HIPAA and PHI

Certain demographic, health and/or health-related information that CaringALS collects about Consumers as part of providing the Services to our Clients may be considered “protected health information” or “PHI” under the Health Insurance Portability and Accountability Act (“HIPAA”). Specifically, when CaringALS, acting as a “Business Associate” (as such term is defined in HIPAA) receives identifiable information about a Consumer from or on behalf of a Client, or Customer’s doctor, dentist, or other healthcare specialist, professional, provider, organization or agent or affiliate thereof (collectively, “Healthcare Providers”), this information is considered PHI. Personal data that a Consumer provides to CaringALS outside of the foregoing context is not PHI. For example, when you provide information directly to us, such as when creating an account or using our interactive tools and services, searching for Healthcare Providers or available appointments with Healthcare Providers, and completing medical history forms (“Medical History Forms”); or when you voluntarily provide information in free-form text boxes through the Services or through responses to surveys and questionnaires, or post reviews; or when you send us an email or otherwise contact us, that information is not PHI.

HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. CaringALS may only use and disclose PHI in the ways permitted by a Consumer’s Healthcare Provider(s) or authorized by a Consumer.

Personal Data

The following subsections detail the categories of Personal Data that we collect and have collected over the past twelve (12) months. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations. For each category of Personal Data, these subsections also set out the source of that Personal Data, our commercial or business purpose for collecting that Personal Data and the categories of third parties with whom we share that Personal Data. More information regarding those sources and categories are set forth below.

Consumer Personal Data

THE FOLLOWING SUBSECTIONS APPLY ONLY TO CONSUMERS. IF YOU ARE A CLIENT, PLEASE SEE THE CLIENT PERSONAL DATA SECTION BELOW.

Categories of Personal Data We Collect

  • Payment Information
    • Examples of Personal Data Collected:
      • Payment card type
      • Last four digits of payment card
      • Billing contact
      • Billing email
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
  • Device/IP Information
    • Examples of Personal Data Collected:
      • IP address
      • Device ID
      • Domain server
      • Type of device/operating system/browser used to access the Services
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Third-Party Business Partners You Access Through the Services
  • Web Analytics
  • Examples of Personal Data Collected:
    • Web page interactions
    • Referring webpage/source through which you access the Services
    • Non-identifiable request IDs
    • Statistics associated with the interaction between device or browser and the Services
  • Source:
    • You
    • Third Parties
  • Third Parties with Whom We Share Data for Business Purposes:
    • Service Providers
    • Ad Networks
    • Third-Party Business Partners You Access Through the Services
  • Geolocation Data
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Third-Party Business Partners You Access Through the Services
  • Other Identifying Information That You Voluntarily Choose to Provide
    • Examples of Personal Data Collected:
      • Unique identifiers such as passwords
      • Personal Data in emails or letters you send to us
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
  • Consumer Contact Data
    • Examples of Personal Data Collected:
      • First and last name
      • E-mail
      • Phone number
      • Mailing address
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Healthcare Providers
      • Insurance Providers
      • Health Information Exchanges
      • Parties You Authorize, Access or Authenticate
  • Consumer Demographic Data
    • Examples of Personal Data Collected:
      • Gender
      • Age
      • Date of birth
      • Zip code
      • Race
      • Ethnicity
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Healthcare Providers
      • Health Information Exchanges
      • Parties You Authorize, Access or Authenticate
  • Medical Data
    • Examples of Personal Data Collected:
      • Health conditions
      • Healthcare Providers visited
      • Reasons for visit
      • Dates of visit
      • Medical history and health information you provide us
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Healthcare Providers
      • Insurance Providers
      • Health Information Exchanges
      • Parties You Authorize, Access or Authenticate
  • Insurance Information
    • Examples of Personal Data Collected:
      • Insurance carrier
      • Insurance plan
      • Member ID
      • Group ID
      • Payer ID
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Healthcare Providers
      • Health Information Exchanges
      • Parties You Authorize, Access or Authenticate
  • Booking Appointment Data
    • Examples of Personal Data Collected:
      • Appointment date/time
      • Provider information
      • Appointment procedure
      • Whether or not user is a new patient for a particular provider
    • Source:
      • You
      • Healthcare Providers
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Healthcare Providers
      • Health Information Exchanges
  • Social Network Data
    • Examples of Personal Data Collected:
      • E-mail
      • Phone number
      • Username
      • IP address
      • Device ID
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Parties You Authorize, Access or Authenticate

Categories of Sources of Personal Data

  • You
    • When You Provide Information Directly to Us
      • When you create an account or use our interactive tools and services, such as searching for Healthcare Providers or available appointments with Healthcare Providers and completing Medical History Forms prior to Healthcare Provider appointments.
      • When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys and questionnaires, or post reviews.
      • When you send us an email or otherwise contact us.
    • When Personal Data is Automatically Collected When You Use the Services
      • Through Cookies (defined below).
      • If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices.
      • If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable.
  • Third Parties
    • Service Providers
      • We may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
      • We may use service providers to obtain information to generate leads and create user profiles.
    • Advertising Partners
      • We receive information about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications.
    • Healthcare Providers
      • We may receive certain data from your Healthcare Provider or Clients to facilitate Consumer booking of appointments.
    • Social Networks
      • If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, you understand some content and/or information in those accounts may be transmitted into your account with us.

Commercial or Business Purposes for Collecting Data

  • Providing, Customizing, and Improving the Services
    • Creating and managing your account or other user profiles, billing.
    • Providing you with the products, services and information you request.
    • Meeting or fulfilling the reason you provided the information to us.
    • Providing support and assistance for the Services.
    • Improving the Services, including testing, research, internal analytics, and product development.
    • Personalizing the Services, website content and communications based on your preferences.
    • Fraud protection, security and debugging.
  • Marketing the Services
    • Marketing and selling the Services.
    • Showing you advertisements, including interest-based or online behavioral advertising.
  • Corresponding with You
    • Responding to correspondence that we receive from you, contacting you when necessary or requested, including to remind you of an upcoming appointment, and sending you information about CaringALS or the Services.
    • Sending emails and other communications that display content that we think will interest you and according to your preferences including notifying you about certain resources, Healthcare Providers or services.
  • Legal Requirements
    • Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
    • Protecting the rights, property or safety of you, CaringALS or another party.
    • Enforcing any agreements with you.
    • Responding to claims that any posting or other content violates third-party rights.
    • Resolving disputes.

How We Share Your Personal Data

In certain circumstances, we may share your Personal Data with the following categories of service providers and other third parties for the indicated business purposes:

  • Service Providers
    • Payment Processors
      • Our payment processing partner (currently Stripe, Inc. (“Stripe”)) collects your voluntarily provided payment card information necessary to process your payment.
      • Please see Stripe’s terms of service and privacy policy for information on its use and storage of personal data.
    • Security and Fraud Prevention Consultants
      • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
    • Hosting, Technology and Communications Providers; Fulfillment Providers; Data Storage Providers; Analytics Providers; Insurance Verification Providers; Staff Augmentation Personnel
      • To perform operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, web service analytics) and/or make certain services, features or functionality available to our users.
      • Debugging to identify and repair errors that impair existing intended functionality.
      • Short-term, transient use of Personal Data that is not used by another party to build a consumer profile or otherwise alter your consumer experience outside the current interaction.
      • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
      • Undertaking internal research for technological development and demonstration.
      • Undertaking activities to verify or maintain the quality or safety of our services.
  • Selected Recipients
    • Ad Networks
      • Ad customizing and serving.
      • Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
    • Health Information Exchanges
      • Health Information Exchanges and related organizations that collect and organize Consumer information (such as Regional Health Information Organizations) to make your information more securely and easily accessible to your Healthcare Providers. The goal of such organizations is to facilitate access to health information to improve the safety, quality, and efficiency of patient-centered care. More information on Health Information Exchanges can be found here.
    • Healthcare Providers
      • Healthcare Providers with whom Consumers choose to schedule through the Services. For example, if you complete a Medical History Form using the Services in advance of an appointment and elect to share it with your selected Healthcare Provider.
      • If you choose to use the applicable Services, Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments.
      • In the event of an emergency.
    • Insurance Providers
      • To determine eligibility and cost-sharing obligations, and to otherwise obtain benefit plan information on your behalf.
  • Parties You Authorize, Access or Authenticate
    • Third-Party Business Partners You Access Through the Services
      • We will share certain Personal Data if you choose to use any service to log in to the Services.
      • To meet or fulfill the reason you provided the information to us.
    • Other Users
      • Any information that you may reveal in a review posting or online discussion or forum is intentionally open to the public and is not in any way private. We recommend that you carefully consider whether to disclose any Personal Data in any public posting or forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict. You can learn more about our reviews process at CaringALS.com/verifiedreviews.

Client Personal Data

THE FOLLOWING SUBSECTIONS APPLY ONLY TO CLIENTS. IF YOU ARE A CONSUMER, PLEASE SEE THE CONSUMER PERSONAL DATA SECTION ABOVE.

Categories of Personal Data We Collect

  • Payment Information
    • Examples of Personal Data Collected:
      • Payment card type
      • Last four digits of payment card
      • Billing contact
      • Billing email
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
  • Device/IP Information
    • Examples of Personal Data Collected:
      • IP address
      • Device ID
      • Domain server
      • Type of device/operating system/browser used to access the Services
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Third-Party Business Partners You Access Through the Services
  • Web Analytics
  • Examples of Personal Data Collected:
    • Web page interactions
    • Referring webpage/source through which you access the Services
    • Non-identifiable request IDs
    • Statistics associated with the interaction between device or browser and the Services
  • Source:
    • You
    • Third Parties
  • Third Parties with Whom We Share Data for Business Purposes:
    • Service Providers
    • Ad Networks
    • Third-Party Business Partners You Access Through the Services
  • Geolocation Data
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Third-Party Business Partners You Access Through the Services
  • Other Identifying Information That You Voluntarily Choose to Provide
    • Examples of Personal Data Collected:
      • Unique identifiers such as passwords
      • Personal Data in emails or letters you send to us
      • Personal information that you disclose over the phone
    • Source:
      • You
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
  • Client Contact Data
    • Examples of Personal Data Collected:
      • First and last name
      • E-mail
      • Phone number
      • Mailing address
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Healthcare Providers
      • Insurance Providers
      • Health Information Exchanges
      • Parties You Authorize, Access or Authenticate
  • Client Demographic Data
    • Examples of Personal Data Collected:
      • Gender
      • Age
      • Date of birth
      • Zip code
      • Race
      • Ethnicity
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers
      • Ad Networks
      • Healthcare Providers
      • Insurance Providers
      • Health Information Exchanges
      • Parties You Authorize, Access or Authenticate
  • Professional License Information
    • Examples of Personal Data Collected:
      • Professional licenses
      • Education history
      • Specialties and certifications
    • Source:
      • You
      • Third Parties
    • Third Parties with Whom We Share Data for Business Purposes:
      • Service Providers

Categories of Sources of Personal Data

  • You
    • When You Provide Information Directly to Us
      • When you create an account.
      • When you send us an email or otherwise contact us.
    • When Personal Data is Automatically Collected When You Use the Services
      • Through Cookies (defined below).
      • If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices.
      • If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable.
  • Third Parties
    • Service Providers
      • We may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
      • We may use service providers to obtain information to generate leads and create user profiles.
    • Advertising Partners
      • We receive information about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications.
    • Government or Public Records
      • We may use government or other public records for onboarding or verifying Clients.

Commercial or Business Purposes for Collecting Data

  • Providing, Customizing, and Improving the Services
    • Creating and managing your account or other user profiles, billing.
    • Providing you with the products, services and information you request.
    • Meeting or fulfilling the reason you provided the information to us.
    • Providing support and assistance for the Services.
    • Improving the Services, including testing, research, internal analytics, and product development.
    • Personalizing the Services, website content and communications based on your preferences.
    • Fraud protection, security and debugging.
  • Marketing the Services
    • Marketing and selling the Services.
    • Showing you advertisements, including interest-based or online behavioral advertising.
  • Corresponding with You
    • Responding to correspondence that we receive from you, contacting you when necessary or requested, including to remind you of an upcoming appointment, and sending you information about CaringALS or the Services.
    • Sending emails and other communications that display content that we think will interest you and according to your preferences including notifying you about certain resources, Healthcare Providers or services.
  • Legal Requirements
    • Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
    • Protecting the rights, property or safety of you, CaringALS or another party.
    • Enforcing any agreements with you.
    • Responding to claims that any posting or other content violates third-party rights.
    • Resolving disputes.
  • Onboarding Verification
    • Confirming providers have necessary credentials to practice in the state where advertised.

How We Share Your Personal Data

In certain circumstances, we may share your Personal Data with the following categories of service providers and other third parties for the indicated business purposes:

  • Service Providers
    • Payment Processors
      • Our payment processing partner (currently Stripe, Inc. (“Stripe”)) collects your voluntarily provided payment card information necessary to process your payment.
      • Please see Stripe’s terms of service and privacy policy for information on its use and storage of personal data.
    • Security and Fraud Prevention Consultants
      • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
    • Hosting, Technology and Communications Providers; Fulfillment Providers; Data Storage Providers; Analytics Providers; Insurance Verification Providers; Staff Augmentation Personnel
      • To perform operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, web service analytics) and/or make certain services, features or functionality available to our users.
      • Debugging to identify and repair errors that impair existing intended functionality.
      • Short-term, transient use of Personal Data that is not used by another party to build a consumer profile or otherwise alter your consumer experience outside the current interaction.
      • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
      • Undertaking internal research for technological development and demonstration.
      • Undertaking activities to verify or maintain the quality or safety of our services.
  • Selected Recipients
    • Ad Networks
      • Ad customizing and serving.
      • Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
    • Health Information Exchanges
      • Health Information Exchanges and related organizations that collect and organize Consumer information (such as Regional Health Information Organizations) to make your information more securely and easily accessible to your Healthcare Providers. The goal of such organizations is to facilitate access to health information to improve the safety, quality, and efficiency of patient-centered care. More information on Health Information Exchanges can be found here.
  • Parties You Authorize, Access or Authenticate
    • Third-Party Business Partners You Access Through the Services
      • We will share certain Personal Data if you choose to use any service to log in to the Services.
      • To meet or fulfill the reason you provided the information to us.

THE FOLLOWING SECTIONS APPLY TO BOTH CONSUMERS AND CLIENTS.

Business Transfers

All Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Tracking Tools, Advertising and Opt-Out

The following sections provide additional information about how we collect your Personal Data.

Information Collected Automatically

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, mobile identifiers, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services. We do this to analyze trends, learn about and advertise to our user base, and operate and improve our Services. For example, we use Cookies to tailor the Services or customize advertisements by tracking navigation habits, measuring performance, storing authentication status so re-entering credentials is not required, customizing user experiences with the Services and for analytics and fraud prevention. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).

We use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into the secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
  • Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services such as by collecting information about the number of visitors to the Services, what pages visitors view on our Services, how long visitors are viewing pages on the Services, mouse clicks, mouse movements, scrolling activity, and text typed into the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google Inc. (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
  • Retargeting/Advertising Cookies. Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you. For more information about this, please see the section below titled “Information about Interest-Based Advertisements.”
  • Web Beacons. Web Beacons (e.g., clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect information about the use of our Services, the web services of selected advertisers and the emails, special promotions or newsletters that we send. The information collected by Web Beacons allows us to analyze how many people are using the Services, using selected publishers’ web services or opening emails, and for what purpose, and also allows us to enhance our interest-based advertising (discussed further below).
  • Mobile Device Identifiers. Mobile device identifiers help CaringALS learn more about our users’ demographics and internet behaviors. Mobile device identifiers are data stored on mobile devices that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Data (such as media access control, address and location, and tracking data, including without limitation IP address, domain server, type of device(s) used to access the Services, web browser(s) used to access the Services, referring webpage or other source through which you accessed the Services, other statistics and information associated with the interaction between your browser or device and the Services).
  • Cross Device Matching. To determine if users have interacted with content across multiple devices and to match such devices, we may work with partners who analyze device activity data and/or rely on your information (including demographic, geographic and interest-based data). To supplement this analysis, we may also provide de-identified data to these partners. Based on this data, we may then display targeted advertisements across devices that we believe are associated or use this data to further analyze usage of Services across devices.

You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. You can also delete all Cookies that are already on your computer. Although you are not required to accept CaringALS’s Cookies, if you block, reject, or delete them, you may have to manually adjust some preferences every time you visit a site and some of the Services and functionalities may not work.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Not all browsers offer a Do Not Track option and there is currently no industry consensus as to what constitutes a Do Not Track signal. Please note that, for these reasons and because of our use of Cookies, our Services, like many website operators, do not support “Do Not Track” requests sent from a browser at this time. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.

Information about Interest-Based Advertisements:

We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, or derived or inferred from the online activity or usage patterns of particular users on the Services and/or services of third parties. Such information may include IP address, mobile device ID, operating system, browser, web page interactions, geographic location and demographic information, such as gender and age range. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including Web Beacons, from an ad network to you through the Services. Web Beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. This information helps CaringALS learn more about our users’ demographics and internet behaviors. Web Beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web Beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.

We comply with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. Through the DAA and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of, and greater control over, ads that are customized based a consumer’s online behavior across different websites and properties. To make choices about Interest-Based Ads from participating third parties, including to opt-out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt-out pages, which are located at http://www.networkadvertising.org/choices/ or www.aboutads.info/choices, or install the DAA’s AppChoice app (for iOS; for Android) on your mobile computing device. When you use these opt-out features, an “opt-out” Cookie will be placed on your computer, tablet or mobile computing device indicating that you do not want to receive Interest-Based Ads from NAI or DAA member companies. If you delete Cookies on your computer, tablet or mobile computing device, you may need to opt out again. For information about how to opt out of Interest-Based Ads on mobile devices, please visit http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device. You will need to opt out of each browser and device for which you desire to apply these opt-out features.

Please note that even after opting out of Interest-Based Ads, you may still see CaringALS advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that CaringALS is no longer using tracking tools — CaringALS still may collect information about your use of the Services even after you have opted out of Interest-Based Ads and may still serve advertisements to you via the Services based on information collected via the Services.

Data Security and Retention

The security of your Personal Data is important to us. We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. We endeavor to follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and in storage. For example, the Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data. We store and process your information on our servers in the United States and abroad. We maintain what we consider industry standard backup and archival systems. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, for example, by making good faith efforts to store Personal Data in a secure operating environment that is not open to the public, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot and do not guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.

If at any time during or after our relationship we believe that the security of your Personal Data may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances.  If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us in your account profile. Please keep your e-mail address in your account up to date. You can update that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software. You consent to our use of e-mail as a means of such notification. If you prefer for us to use the U.S. Postal Service to notify you in this situation, please e-mail us at Privacy@CaringALS.com. Please include your address when you submit your request. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this e-mail address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your Personal Data.

We retain Personal Data about you consistent with all internal policies and procedures. We may retain Personal Data to comply with our legal obligations, resolve disputes or collect fees owed, or as is otherwise permitted or required by our data retention policies and procedures.

Children’s Privacy

The Services are not directed to or intended for use by children under 13 years of age. If you are a child under the age of 13, please do not attempt to register for or otherwise use the Services or send us any Personal Data. By accessing, using and/or submitting information to or through the Services, you represent that you are not under the age of 13. As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data from children under the age of 13. If we learn that we have received any Personal Data directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that Personal Data only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s Personal Data. If you believe that a child under 13 may have provided us with Personal Data, please contact us at Privacy@CaringALS.com.

If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Data as otherwise provided herein.

If you use the Services on behalf of another person, regardless of age, you agree that CaringALS may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.

How We Use Information That is Neither Personal Data nor PHI 

We may use information that is neither Personal Data nor PHI (including non-PHI Personal Data that has been de-identified and/or aggregated) to better understand who uses CaringALS and how we can deliver a better digital healthcare experience, or otherwise at our discretion.

Controlling Your Personal Data & Notifications

If you are a registered user of the Services, you can modify certain Personal Data or account information by logging in and accessing your account. If you wish to close your account, please email us at Privacy@CaringALS.com. CaringALS will use reasonable efforts to delete your account as soon as reasonably possible. Please note, however, that CaringALS reserves the right to retain information from closed accounts consistent with all internal data retention policies and procedures.

You must promptly notify us if any of your account data is lost, stolen or used without permission.

California Rights

The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. If you have any questions about this section or whether any of the following applies to you, please contact us at Privacy@CaringALS.com and indicate “California Rights” in the subject line of your communication.

Access

You have the right to request certain information about our collection and use of your Personal Data over the past 12 months, including the following:

  • The categories of Personal Data that we have collected about you.
  • The categories of sources from which that Personal Data was collected.
  • The business or commercial purpose for collecting or selling your Personal Data.
  • The categories of third parties with whom we have shared your Personal Data.
  • The specific pieces of Personal Data that we have collected about you.

If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient.

If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data purchased by each category of third-party recipient.

Deletion

You have the right to request that we delete the Personal Data that we have collected from you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

Exercising Your Rights

To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request using the following methods:

Personal Data Sales Opt-Out

In this section, we use the term ‘sell’ as it is defined in the CCPA. We sell your Personal Data, subject to your right to opt-out of these sales.

We sell your Personal Data to the following categories of third parties:

  • Advertisers

Over the past twelve months, we have sold the following categories of your Personal Data to third parties:

  • Demographic Data
  • Web analytics or other similar network activity information

You have the right to opt-out of the sale of your Personal Data. You can opt-out using the following methods:

We do not sell the Personal Data of minors under 16 years of age without affirmative authorization.

We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA

We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.

Other California Resident Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at Consumer-Privacy@CaringALS.com.

Changes to this Privacy Policy

We reserve the right to amend our Privacy Policy at our discretion and at any time. When we make changes to the Privacy Policy, we will notify you by email or through a notice on our website homepage. Use of the information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, your choices and rights regarding such use, please do not hesitate to contact us at:

The below needs to be merged and incorporated into the above

INFORMATION WE COLLECT

As further described below, when you use or otherwise access the Services, we collect information in multiple ways, including when you provide information directly to us, and when we passively collect information from your browser or device (e.g., by logging how you interact with our Services).

  1. Information That You Provide Directly to Us:

    1. Registration information:

      When you register for our Services or open an account, we collect your contact and login details, your zip code, your country and any information you choose to provide us (such as a profile picture).

      If you are a charity or nonprofit organization and established as such under the applicable laws of incorporation (“Charity”) and you establish an account with the GFM Charity Platform, we will collect the name, tax ID, physical address, email address, birthday and phone number of the person who establishes a Charity account and claims your Charity (the "Charity Contact") and any other information that is provided to us by GuideStar about your Charity. We also may collect, if the Charity Contact chooses to provide it, the Charity Contact’s sex, or any photos uploaded to the Site. You can edit your information by logging into your account and making changes at any time.

      If you have any questions about, or wish to review or correct the information we maintain about you (a) on the GoFundMe Platform, please visit this page, and (b) on the GFM Charity Platform, you may send an email to nposupport@gofundme.com.

      If you have any questions about, or wish to review or correct the information we maintain about you (a) on the GoFundMe Platform, please visit this page, and (b) on the GFM Charity Platform, you may send an email to nposupport@gofundme.com.

    2. Creation of a fundraising campaign:

      When you create a campaign on either Platform , we collect the information you choose to provide us in relation to your campaign. For example, you can provide a campaign title, choose a campaign category, upload images and describe your campaign goal(s).

      Our payment processors collect and maintain information related to your withdrawal of funds from any campaign.

    3. Donation information:

      On the GoFundMe Platform, when you donate to a fundraising campaign, we collect your contact details (such as name and email address), zip code, country, and any information you choose to provide us (such as a description of why you have donated). If you make a donation on the GFM Charity Platform, in addition to the above, we will also collect your address.

      Our payment processors collect your credit card details and other information necessary to process the donation.

    4. Communications:

      You can post comments, leave feedback, send thank-you notes or otherwise communicate with other users through our Platform. Any content, including such comments, feedback, and notes are you choose to post through our Platform are available to the public by default. You may also contact us via a contact form, email, or by other means (for example, with questions about our Services, for customer support, or to let us know your ideas for new products or modifications to existing products). When you do so, we collect the information you choose to provide us, such as your contact details, any images you choose to upload and the contents and nature of your message.

      Please remember that any information that is disclosed in these areas becomes public information for both us and other users to use and share. Please be considerate and respectful of others while using the community to share your opinions. We reserve the right, but do not have the obligation, to review and monitor such posting or any other content on our Services, and to remove postings or content that may be viewed as inappropriate or offensive to others.

    5. Information relating to third parties:

      You can choose to provide us with information relating to third parties. For example, if you choose to share your campaign on the Platform with family and friends, we request access to information stored in your email and mobile device address books, such as names, email addresses, or phone numbers of your contacts (collectively, “Third-Party Data”).

      If you use any feature of the Services that allows you to communicate with third parties (such as to refer a third party to the Services or to communicate with them regarding a campaign or a donation), either by submitting Third-Party Data to the Services or otherwise permitting the Services to automatically access Third-Party Data in your possession, you acknowledge and agree that you have the authority of the relevant third party for us to access and use the relevant Third-Party Data and that you have notified these third parties and informed them how their information is collected and used by GoFundMe to provide the Services.

      We reserve the right to identify you as the person who has made the referral in any messages that are sent to them. We use Third-Party Data to (1) contact such third party using the Third-Party Data provided, and/or (2) provide you with an editable template message designed to facilitate communication between you and such third party through the Services. In addition to sending the foregoing communications, we may also send reminders or related messages to you and to third parties on your behalf from time to time where permitted by applicable law. In each case, any such communications sent to third parties using Third-Party Data will provide a means to "opt out" of receiving further communication of the same nature.

    6. Sensitive information:

      You can also provide us with information about yourself or third parties that is considered sensitive, such as political opinions, health information or religious beliefs. When you provide such information to us directly, we may seek your consent, where appropriate, to process this information, unless you choose to provide such information to be published publicly in relation to your campaign or donation or otherwise.

      We collect the information listed in this section for the purposes described below in the section “ Our Use of Information Collected ”. While you are under no obligation to provide us with such information, should you choose to withhold such information, we may not be able to provide you with some or all of the Services.

    7. Other Information

      On the GFM Charity Platform, GoFundMe may provide a Charity with the ability to run a promotion, like a sweepstakes, or set up an event. If you enter a sweepstakes, we collect your name, address and contact information so that the Charity or other entity associated with the sweepstakes may administer the sweepstakes and fulfill prizes and, to the extent permitted by law, to provide you with information on upcoming events, announcements, and other promotions. Likewise, if you register for an event, we collect your information for the purposes of the event.

  2. Information That is Passively or Automatically Collected:

    1. Device & Usage Information:

      When you interact with GoFundMe through the Services, we automatically receive and store certain information from devices that you use to access the Services. This information is collected passively by using various technologies, and includes the type of internet browser or mobile device you use, any website from which you have come to the Services, your operating system, and location data through an IP address that identifies the city and state where you logged into the Platform or your precise geo-location if you have permitted your mobile device to provide that information to us. GoFundMe either stores such information itself or such information is included in databases owned and maintained by GoFundMe, or its agents or service providers.

    2. Aggregated Data:

      In an ongoing effort to better understand the use of our Services and serve you, GoFundMe often conducts research on its customer demographics, interests and behavior based on information we collect. We can de-identify and aggregate the information collected through the Services for research purposes or any other purposes, and we can share this information with our affiliates, agents, business partners, or other third parties (e.g., Google Analytics).

    3. Location Information:

      When you use the Services to organize a fundraising campaign, the Services request that you provide your city or town and state or province of residence. Please keep in mind that other users of the Services can view your city or town and state or province of residence in connection with the campaign, if it is made available within GoFundMe's Public Search Directory. We also use your location information as described above under “Device & Usage Information”, and in an aggregate way, as described above in the "Aggregated Data" section.

    4. Cookies and Other Electronic Technologies:

      When you interact with the Services, we try to make that experience simple and meaningful. When you visit our Platform, our web server, third party business providers, and/or the social networking services integrated into the Service, use cookies or other electronic technologies (such as web beacons or pixel tags) for various purposes. Cookies are small pieces of information that are issued to your computer or mobile device when you visit a website or access or use a mobile application, and that store and sometimes track information about your use of the Platform. Web beacons are transparent image files, which enable the Platform to track website usage information. Unlike cookies, web beacons are not placed on your computers. Pixel tags are tiny graphic images with unique identifiers that track online movements of our users. Unlike cookies, pixel tags are embedded in web pages. We will refer to the cookies and other technologies identified here as Cookies for purposes of this Policy.

      1. Type of Cookies

        Some Cookies are strictly necessary to make our Services available to you (“Essential cookies”). For example, to provide the chat and login functionality and to remember your consent and privacy choices. We cannot provide our Services without these Essential Cookies.

        We also use Cookies for functional purposes in order to maintain and improve our Services or improve your experiences, and for marketing purposes (collectively “Non-Essential Ccookies”). Some of the Non-Essential Cookies used are set by us, to collect and process certain data on our behalf, and some are set by third parties and our Social Networking Services.

      2. Information to and from Social Networking Services

        Non-essential Cookies include Cookies we use in conjunction with the Social Networking Services. One of the special features of the Services is that it allows you to enable or log into the Services via various social networking services like Facebook or Twitter, or upload videos using YouTube APIs ("Social Networking Service(s)"). By directly integrating these services, we aim to make your online experiences richer and more personalized. To take advantage of these features, we will ask you to provide your credentials for the applicable Social Networking Service in order to log in to our Services. When you add a Social Networking Services account to the Services or log into the Services using your Social Networking Services account, we will collect relevant information necessary to enable the Services to access that Social Networking Service. As part of such integration, the Social Networking Service will provide us with access to certain information that you have provided to the Social Networking Service (for example, your name and photograph, as well as other information that you permit the Social Networking Service to share with us).

        We will use, store, and disclose such information in accordance with this Policy. However, please remember that the manner in which Social Networking Services use, store, and disclose your information is governed by the policies of such third parties, and GoFundMe shall have no liability or responsibility for the privacy practices or other actions of any Social Networking Services that may be enabled within the Services. For example, if you upload a video onto your fundraiser using the mobile application for the GoFundMe Platform, your video will be uploaded using YouTube and subject to Google’s Privacy Policy and Google’s Security Settings. You also have the option of using single sign on or posting your activities to Social Networking Services when you access content through the Services. By proceeding, you are allowing the Social Networking Service to access your information on the Platform and you are agreeing to the Social Networking Service’s terms of use and privacy policy in your use of the Service. You further acknowledge that if you choose to use this feature, your friends, followers, and subscribers on any Social Networking Services you have enabled will be able to view such activity. For example, if you sign on using Facebook, Facebook’s privacy policy and Terms of Service would apply to the data Facebook might obtain from your activities on GoFundMe. Please visit the terms of use and privacy policy of the relevant Social Networking Service to learn more about your rights and choices, and to exercise your choice about those technologies.

      3. Analytics

        We use third-party web analytics services on our Services, such as those of Google Analytics, to help us analyze how users use the Services, including by noting the third-party website from which you arrive, and provide certain features to you. The information (including your IP address) collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services. This information can be used to place interest-based advertisements on the Platform. This may result in you seeing advertisements for our Platform when you visit other websites. To prevent Google Analytics from using your information for analytics, you can install the Google Analytics Opt out Browser Add-on by clicking here. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.

      4. Why we use Cookies

        We use Cookies to collect information about your access to and use of the Platform: including to: (1) allow you to navigate and use all the features provided by our Platform; (2) customize elements of the layout and/or content within the Platform and remember that you have visited us before; (3) identify the number of unique visitors we receive; (4) improve the Platform and learn which functions of the Platform are most popular with users; and (5) how you use the Platform (e.g., by learning how long you spend on the Platform and where you have come to the Platform from. As we adopt additional technologies, we may gather additional information through other methods. We will notify you of such changes with updates to this Privacy Policy.)

      5. Your Cookie preferences

        Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies using different types of browsers or mobile devices.

        You can also consult the "Help" section of your browser for more information (e.g., Internet ExplorerGoogle ChromeMozilla Firefox; or Apple Safari). If you receive tailored advertising on your computer, you can generally control Cookies from being put on your computer to deliver tailored advertising by visiting, for advertising based in the United States either the Network Advertising Initiative’s Consumer opt-out link or the Digital Advertising Alliance’s Consumer opt-out link, or for advertising in Europe, the Digital Advertising Alliance Consumer Ad Choices opt-out link. You can also manage the use of Flash technologies, including Cookies and local storage objects with the Flash management tools available at Adobe's website. Please note that by blocking any or all Cookies, you may not have access to certain features or offerings of the Services.

        If you are accessing our Services through a mobile device, you can also update your privacy settings on your device by setting the “Limit Ad Tracking” and Diagnostics and Usage setting property located in the settings screen of your Apple iPhone or iPad, or by resetting your Android ID through apps that are available in the Play Store. You can also limit information collection by uninstalling the App on your device and you can use the standard uninstall process available as part of your device for this purpose. Finally, and in connection with the Social Networking Services, you can visit your settings with each of the Social Networking Services to exercise your choice about those technologies.

OUR USE OF INFORMATION COLLECTED

GoFundMe uses the information collected from the Services in a manner that is consistent with this Policy. We use the information that you provide (or otherwise permit the Services to access) for the following purposes:

  1. Communicating With You

    We use the information we collect to contact you for administrative purposes (e.g., to provide services and information that you request or to respond to comments and questions). For instance, if you contact us by email, we will use the information you provide to answer your question or resolve your problem.

    We also use the information we collect to send you communications relating to the Services, such as updates on promotions and events, communications relating to products and services offered by us and by third parties, and communications about services we believe will be of interest to you. For example, we can send periodic emails to registered users of the Services relating to their recent interactions with the Services, such as donating to a campaign or "hearting" a campaign.

    Mobile Services: If you access the Services through a mobile device and if you have chosen to provide us with your mobile number, or other electronic means to your mobile device, you agree that we can communicate with you regarding GoFundMe by SMS, MMS, text message. In the event you change or deactivate your mobile telephone number, you agree to promptly update your GoFundMe account information to ensure that your messages are not misdirected. Please note that your wireless service carrier’s standard charges, data rates, and other fees may apply where you access the Services through a mobile device. In addition, downloading, installing, or using certain Services on a mobile device may be prohibited or restricted by your carrier, and not all Services may work with all carriers or devices.

  2. Providing the Services

    We use the information we collect to operate, maintain, and provide our Services such as enabling access to the Platform, customer support or to complete transactions. And, as part of the GFM Charity Service unique to the GFM Charity Platform, we also may provide (i) a report to campaign or event organizers that tells them who responded to a particular offer or to facilitate the fulfillment of an order that you have made; or (ii) our gift registry partners with all the necessary data to accurately update their gift registries, including data related to the establishment of a donation registry and the applicable charities, campaigns on the GFM Charity Platform that established the donation registry.

  3. Analytics and Product Development

    We use the information we collect to analyze data usage trends and preferences in order to improve the accuracy, effectiveness, security, usability or popularity of our Services.

    If you are located in Europe, we process information as listed under A, B and C as necessary (i) to fulfill our obligations under our contract with you or in order to take steps at your request prior to entering into a contract, or (ii) for our legitimate interest, such as, to maintain our relationship with you or to protect you and us against fraud.

  4. Customization

    We use the information we collect, such as device identifiers, to learn how users interact with our Services in order to personalize the content of our Services, such as customizing the language and campaigns on our homepage based on your location.

    If you are located in Europe, we process information as listed under D as necessary for our legitimate interest.

  5. Legal

    We use information we collect to defend our legal rights, comply with state, local, federal or international laws, and enforce our  Terms of Service  and this Policy.

    If you are located in Europe, we process information as listed under E (i) to fulfill our obligations under our contract with you or in order to take steps at your request prior to entering into a contract; (ii) for our legitimate interest to maintain our relationship with you, (iii) to protect our business or protect you and us against fraud; or (iv) to comply with legal obligations.

OUR DISCLOSURE OF INFORMATION COLLECTED THROUGH THE SERVICES

There are certain circumstances in which we share information collected through the Services with certain third parties without further notice to you, as set forth below.

  1. Business Transfers:

    As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, similar event, or steps taken in anticipation of such events (e.g., due diligence in a transaction), user information may be part of the transferred assets.

  2. Affiliates and Subsidiaries:

    We share your personal information among the GoFundMe entities, including our affiliates and subsidiaries, in order to provide our Services including: hosting, marketing and publicising campaigns; providing you with customer support; administering funds in connection with campaigns, sweepstakes, challenges or games; authenticating donors; sending you communications; and conducting the other activities described in this Policy.

  3. Agents, Consultants, Vendors and Related Third Parties:

    GoFundMe sometimes hires other companies to perform certain business-related functions on GoFundMe's behalf, and we provide access to or share your information with these companies so they can perform services for us. Examples of such functions include marketing, mailing information, data storage, security, fraud prevention, payment processing, legal services, and maintaining databases. For example, if you are a donor in Australia, GoFundMe’s Australian entity, GoFundMe Australia Pty Ltd (ACN 627 702 630) contracts with Adyen Australia for payment processing. Adyen Australia, therefore, will collect, process and store your information on behalf of GoFundMe. We limit the personal information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.

  4. Legal Requirements:

    GoFundMe can access, disclose, transfer and preserve your information when we have a good faith belief that doing so is necessary to: (i) comply with the law including with subpoenas, search warrants, court orders, and other legal process; and respond to inquiries or requests from government, regulatory, law enforcement, public authorities, or content protection organizations; (ii) protect and defend the legal rights, privacy, safety or property of GoFundMe, its affiliates, subsidiaries, employees, agents, contractors, or its users; (iii) permit us to pursue available remedies, commence, participate in, or defend litigation, or limit the damages we may sustain; or (iv) enforce this Policy or any applicable Terms of Service.

  5. Campaign Organizers and beneficiaries of campaigns:

    We share your information with campaign organizers and, if not the same, the beneficiaries of the campaign. For example, if you donate to a fundraising campaign, we share your name, email address and other information you’ve provided in connection with your donation with the campaign organizer or beneficiary, who may contact you. For example, if an individual starts a campaign for a Charity and you donate to that campaign, then if the information is requested, (i) the Charity can receive information about both the campaign organizer, if not the same, and donors, and (ii) campaign organizer can receive donor information. In addition, if the beneficiary of a GoFundMe Platform fundraiser is a Charity with a Charity Contact account on the GFM Charity Platform, Charity will have access to all donor information, regardless of the platform on which donors made the donations. On the GFM Charity Platform, the information is accessible to the Charity through the GFM Charity Platform records center. In the same scenario, beneficiary may communicate with you about your donation and/or may rely on your information in order to comply with its legal and auditing requirements.

  6. Your consent

    We may share your information in the event that you consent to the sharing of your information. For example, we may partner with third party organizations to arrange for specific campaigns. If you consent to our delivering your contact information to a specific partner, we share, with the partner organization, your name, email address and other information you’ve provided in connection with your donation to the specific campaign.

    On the GFM Charity Platform, if you enter a sweepstakes or register for an event, we will share your information with the people who are running the sweepstakes or conducting the event.

  7. Aggregate and/or De-Identified Information

    We aggregate and/or de-identify your information so that the information no longer relates to you individually. We may use and disclose aggregate and de-identified data for any lawful purpose.

  8. Cookies and Other Electronic Technologies

    Information is shared as stated in the Section entitled “Cookies and Other Electronic Technologies”.

  9. Other Users of Our Services

    We provide your information to other users of our Services if you choose to make your information publicly available in a publicly accessible area of the Services, such as in your campaign or in the comments.

UNSOLICITED INFORMATION

Please be advised that some information you provide may be publicly accessible, such as information posted in forums or comment sections. We also collect information through customer support communications, your communication to us of ideas for new products or modifications to existing products, feedback and other unsolicited submissions (collectively, with publicly-accessible information, "Unsolicited Information"). By sending us Unsolicited Information, you further (a) agree that we are under no obligation of confidentiality, express or implied, with respect to the Unsolicited Information, (b) acknowledge that we may have something similar to the Unsolicited Information already under consideration or in development, (c) grant us an irrevocable, non-exclusive, royalty-free, perpetual, worldwide license to use, modify, prepare derivative works, publish, distribute and sublicense the Unsolicited Information, and (d) irrevocably waive, and cause to be waived, against GoFundMe and its users any claims and assertions of any moral rights contained in such Unsolicited Information. This Unsolicited Information section shall survive any termination of your account or the Services.

CHILDREN

Our Services are not designed for use by individuals under the age of 13(or 16 for children located in Europe). If you are under the age of 13(or 16 for children located in Europe), please do not use the Services and/or submit any information through the Services. If you have reason to believe that a child under the age of 13(or 16 for children located in Europe) has provided personal information to GoFundMe through the Services, please contact us at GFMlegal@gofundme.com, and we will delete that information from our databases to the extent required by law.

LINKS TO OTHER WEB SITES

This Policy applies only to the Services. The Services can contain links to other web sites not operated or controlled by GoFundMe (the "Third-Party Sites"). The policies and procedures we described here do not apply to the Third-Party Sites. The links from the Services do not imply that GoFundMe endorses or has reviewed the Third-Party Sites. We suggest contacting those sites directly for information on their respective privacy policies.

SECURITY

GoFundMe has implemented technical and organizational security measures to protect the information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, limiting access to information only to employees and authorized service providers who need to know such information for the purposes described in this Policy. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any information to GoFundMe via the Internet.

DO-NOT-TRACK SIGNALS

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not recognize or respond to browser-initiated DNT signals, as the Internet industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT. To learn more about Do Not Track, you can do so here.

RETENTION OF YOUR INFORMATION

We will only retain the information for as long as necessary for the purpose for which that information was collected and to the extent permitted or required by applicable laws. When we no longer need to use your information, we will remove it from our systems and records and/or take step to anonymize it so that you can no longer be identified from it in accordance with our internal document retention policies.

When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information about you, mandatory retention periods provided by law and the statute of limitations.

PRIVACY SHIELD

GoFundMe has certified with the EU-U.S. and Swiss-U.S. Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of “personal data” (as defined under the Privacy Shield principles) from Europe. GoFundMe has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for such personal data. To learn more about the Privacy Shield Framework, visit the Department of Commerce’s Privacy Shield list by clicking here.

As required under the principles, when GoFundMe receives information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on GoFundMe’s behalf, GoFundMe has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) GoFundMe is responsible for the event giving rise to the damage.

If you have any questions or complaints about GoFundMe’s privacy practices, including questions related to the Privacy Shield, you can contact us at the email address or mailing address set forth under “Contacting GoFundMe.” We will work with you to resolve your issue.

If you are in Europe and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you can seek further assistance, at no cost to you, from our designated Privacy Shield independent recourse mechanism, the JAMS Privacy Shield Program, which you can learn more about by visiting https://www.jamsadr.com/eu-us-privacy-shield.

Residents of Europe can elect to arbitrate unresolved complaints but prior to initiating such arbitration, you must: (1) contact GoFundMe and afford us the opportunity to resolve the issue; (2) seek assistance from GoFundMe’s designated independent recourse mechanism above; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. Each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) can only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual. GoFundMe is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

YOUR RIGHTS AND CHOICES

You can access and correct certain information about you by visiting the “Account Settings” portion of our Platform. You can control whether certain information you post to the Services is publicly available to others by adjusting the settings in your account. You can also request in writing copies of personal information about you held by us. If that information is inaccurate, please let us know and we will endeavor to make the necessary amendments, erase, or block the relevant information as you request. For more information on your rights if you are in Europe, please see the "Users in Europe" section below.

USERS FROM OUTSIDE THE UNITED STATES

The Platform is hosted in the United States. If you are visiting the Platform from outside the United States, please be aware that your information may be transferred to, stored and processed in the United States where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. By using the Platform, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share it as described in this Policy.

USERS IN EUROPE

If you are located in Europe, you have the right to ask for an overview of the information we process about you, and for a copy of your information. In addition, you may request us to update and correct inaccuracies, delete your information, restrict processing of your information, or exercise your right to data portability to easily transfer your information to another company. In some cases, you may object to the processing of your information and where we have asked you for your consent to process your information, you can withdraw it at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal. The above rights may be limited under applicable law.

Marketing opt out. Each marketing communication we send you will contain instructions permitting you to "opt out" of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us at the email address or mailing address set forth under “Contacting GoFundMe”. If you opt out of receiving marketing communications or other information we think may interest you, we can still send you emails about your account or any Services you have requested or received from us.

You can make a request to exercise any of these rights in relation to your information by sending the request to us at the email address or mailing address set forth under "Contacting GoFundMe". For your own privacy and security, at our discretion, we may require you to provide your identity before providing the requested information. Please note that GoFundMe may take up to 30 days to fulfill such requests.

The above rights can be limited under applicable law. You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. You also have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place.

OTHER TERMS

Your access to and use of the Services is subject to the Terms of Service and such other terms, which may be made available to you in connection with your use of the Services.

CHANGES TO GOFUNDME'S PRIVACY POLICY

GoFundMe reserves the right to update or modify this Policy at any time and from time to time. We will notify you of any updates or changes we make to this Policy. If you disagree with our revisions to the Policy, you can deactivate your account or discontinue the use of our Services. Please review this Policy periodically for any updates or changes to this Policy.

If you are in Europe, you will not be required to agree to any changes to this Policy, but you do acknowledge that you have read and understood its terms.

CONTACTING GOFUNDME

Please also feel free to contact us if you have any questions about GoFundMe's Policy or the information practices of the Services.

You can contact us as follows:

Legal Department
855 Jefferson Avenue
P.O. Box 1329
Redwood City, CA 94063

For the GoFundMe Platform, please contact us through here.

For the GFM Charity Platform, please contact nposupport@gofundme.com

For the purposes of the GDPR, you can contact our Data Protection Officer: here.

Enter the verification code

A verification code has been sent to the phone number you provided Enter the verification code to verify your phone number and continue