LAST UPDATED: September 5, 2023
For Bonterra’s Data Processing Addendum (“DPA”), please click here.
|How these individuals interact with Bonterra
|Our relationship with these individuals
|Individuals who interact directly with our Services
We have our own, direct relationship with Bonterra Users
|Representatives of our prospective and existing Customers
We have our own, direct relationship with Customers
|Customer End Users
|Individuals who are our Customers’ users
Bonterra processes the personal information of Customer End Users pursuant to agreements with our Customers – as a “services provider” or “processor.” Our Customers’ use and sharing of this information is governed by their own privacy policies.
Personal information we collect
Information you provide to us. Personal information you may provide to us through the Services or otherwise includes:
Contact information, such as your first and last name, professional title, business affiliation and address, email address, and phone number. First and last name, and email address, are required to access Bonterra’s Services.
Biographical information, such as your age and gender, political and professional affiliations, interests in charitable causes, and occupation. This information is not required to access Bonterra’s Services.
Event information, including where and when the event you sign up for through our Services is taking place, when you signed up for the event, the organizations affiliated with the event, the organization promoting the event, whether or not you actually attended the event, and any feedback you provide about the event.
Payment and transaction data that our payment service providers collect to process your payments, such as your donations or contributions to the political candidate or nonprofit cause of your choice. We do not store payment card numbers on our systems. The information you provide in connection with your purchases is handled by our third-party payment processors, such as Stripe or Plaid, in accordance with their terms of service and privacy policies.
Transaction history, including your donations or other engagement history.
Communications that we retain from any support requests you submit, and questions you may send us about marketing, job opportunities, etc.
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with those communications.
Other information about Customer End Users that we may collect which is not specifically listed here, but which we contractually agreed to collect with each Customer. If applicable, please contact your employer or the organization that contracts with Bonterra to request a full list of personal information that we collect on their behalf, in addition to the information described above.
Third party sources. In certain cases, we combine personal information we receive from you with personal information we obtain from other sources, including:
Third parties, such as business data providers and public databases. For example, we may obtain information from corporate partners if you are using our Services through a corporate partner program, or from advocacy organizations that use our Services to manage their events. We also may obtain information from public records in order to conduct due diligence or fraud prevention checks, or to supplement your profile (i.e., to complete your zip code).
Social media platforms. We may receive information about your activity when you follow us on social media and networking platforms such as Facebook or Twitter. Additionally, if you access our Services through a social networking site or a third-party login service (such as Single Sign-On (SSO) or Google), we may collect information about you from that third party that you have made available via your privacy settings.
Third-party integrations. Should you choose to integrate a third-party product within our Services, such as Google Sheets or Google Drive, we will ask you to grant us permission to view and/or download, as applicable, your Google Sheets or Google Drive. This allows us to configure your integration(s) in accordance with your preferences. We do not use this information for any other purpose.
How we use personal information
Below is a description of all the possibilities of how Bonterra Services use personal information, which may be limited under the applicable agreements signed directly by Bonterra with its Customers.
A. Bonterra Users
To fulfill our contractual obligations to you, we use personal information to:
Facilitate your engagement with us and our organizations; and
Process your donations and complete your other transactions.
We may also use personal information for the following legitimate business interests:
Recommend opportunities to engage with organizations and campaigns that use our Services;
Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;
Personalize your experiences within the Services; and
Provide support, and respond to requests, questions, and feedback.
To fulfill our contractual obligations to you, we use personal information to:
Provide you with our Services; and
Complete your transactions.
We may also use personal information for the following legitimate business interests:
Recommend opportunities to engage with other organizations and campaigns that use our Services;
Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
Provide support, and respond to requests, questions, and feedback.
C. Customer End Users
On behalf of our Customers, we use personal information to:
Enable our Customers to recruit and engage with Bonterra Users;
Provide our Customers with information relating to our products, events, or other business information;
Enable Customer End Users to complete transactions and make donations through the Services;
Communicate with Customers and Customer End Users about our Services and your account, including by sending announcements, updates, security alerts, and support and administrative messages;
Provide support, and respond to requests, questions, and feedback;
Provide marketing and advertising on behalf of our Customers, including interest-based online advertising; and
Build donor profiles for our Customers’ internal use through our Social Matching Feature. As directed by our Customers, we enrich our Customers’ email contact lists by appending Customer End Users’ email addresses with social media account information that we obtain from third-party data providers.
D. Marketing and advertising, including for:
Direct marketing. We use personal information to market our Services to you, and we can do so through websites, events, programs, and other means. We may send you direct marketing communications promoting our Services, events, programs, or other services that we believe are of interest. Recipients can opt out of our marketing communications as described in the Opt out of marketing communications section below.
Where required by law, we will only send users marketing communications with your consent. Otherwise, we will market and advertise our Services on the basis of our legitimate business interests.
E. Research and development. It is in our legitimate business interests to engage in research and development, including to:
Develop new features, products, and services; and
Create aggregated, de-identified, or other anonymous data or analytics.
F. Compliance with law, including to:
Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Enforce the terms and conditions that govern our Services; and
Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
Disclosure of personal information
How we disclose personal information. Below is a description of all the possibilities of how and to whom Bonterra Services disclose personal information, which may be limited under the applicable agreements signed directly by Bonterra with its Customers.
We may disclose personal information to:
Organizations and campaigns. Charities, nonprofits, and other organizations, including when you seek to engage with opportunities on our platform or when you engage with a specific organization that uses our platform for its causes.
Service providers. Companies and individuals that provide services on our behalf or help us operate our Services (such as hosting, information technology, customer support, email delivery, and website analytics services).
Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
How Customers may direct us to disclose social media matching data.
As directed by our Customers, we enrich our Customers’ email contact lists by appending Customer End Users’ email addresses with social media account information that we obtain from third-party data providers. In addition, Customers and Customer End Users may direct us to make the donor profiles that we build using this feature available to other Customers. Customer End Users who do not want their information to be disclosed to other Customers through this feature can opt out by canceling the Social Matching Feature.
How you may disclose personal information through the Services. You may disclose personal information to:
The public. If you decide to participate in one of our Services’ features, such as our online blogs, you make this information available to other Bonterra Users, Customer End Users, and/or the general public.
Privacy rights and choices
Access to account information. You may update, correct, or delete your account information by accessing the account you have established with us on the Services.
Opt out of marketing communications. You can opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the emails you receive from us. If you do so, you will continue to receive service-related and other non-marketing emails until you cease using our Services linked to those service updates. Please note that Bonterra is not responsible for our Customers’ communications sent to you; to opt out of communications you receive from our Customers, please follow the opt-out or unsubscribe options contained in our Customers’ communications.
Opt out of data sharing among Bonterra affiliates. You may opt out of data sharing among our affiliate organizations (such as EveryAction and CyberGrants) by contacting us at email@example.com.
Privacy rights. You have the right to submit requests about your personal information, depending on your location and the nature of your interactions with our Services:
Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
Correction of personal information that is inaccurate or out of date.
Deletion of personal information that we no longer need to provide the services or for other lawful purposes.
Appeal our denial of your personal information request by contacting us as set out below.
Additional rights, such as to object to and request that we restrict our use of personal information.
NOTE: WE DO NOT SELL YOUR PERSONAL INFORMATION.
To make privacy-related requests, please contact us at firstname.lastname@example.org. We reserve the right to confirm the identity of the individual making a request before we respond to the request and to assess whether these rights apply to you.
To enable us to match our records with your personal information to respond to your request, you must include the following details in your request. If you do not include this information, we may be unable to complete your request:
The name of the Bonterra Services you have used -- EveryAction, Mobilize, NGP VAN, CyberGrants, Network for Good, and/or Social Solutions
The first and last name you used to access the Services
The email address you used to access the Services
California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws.
Additionally, applicable law can limit these rights, for example, by prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request. If we decline a request, we will explain why we took that action, subject to legal restrictions.
You are entitled to exercise all rights described in the Privacy Rights and Choices section free from discrimination.
Our Services can contain links to websites and other online services operated by third parties. In addition, our content can be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of or representation that we are affiliated with any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.
We employ current industry standard and legally required technical, organizational, and physical safeguards designed to protect the personal information we collect.
Data Privacy Framework
Bonterra complies with the EU-U.S. Data Privacy Framework and the UK Extension of the EU-U.S. DataPrivacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the DPF Frameworks”) asset forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to Bonterra’s subsidiaries CyberGrants LLC and EveryAction Inc. in the United States. For more information regarding Bonterra's adherence to the General Data Protection Regulation (“GDPR”) and other Data Protection Laws of the European Union, the European Economic Area (“EEA”), and their respective Member States, Switzerland, and the United Kingdom (“UK”), please see Bonterra’s Data Processing Addendum (“DPA”) at here.
Pursuant to the DPF Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF Frameworks, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents or Customers, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a request as set out in the Privacy Rights and Choices section above or by written request to firstname.lastname@example.org.
In compliance with the Principles, we commit to resolve complaints about our collection or use of your personal information. European individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us at: email@example.com.
We have further committed to refer unresolved privacy complaints under the Principles to an independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel. Additional information on the arbitration process is available on the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
Bonterra may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Bonterra’s commitments under the Principles are subject to the investigatory and enforcement powers of the
Federal Trade Commission.
Our Services are not intended for use by children under 13 years of age in the U.S., and under 16 years of age in the EEA/UK. If we learn that we or a Customer has collected personal information through our Services from a child under 13 in the U.S. or under 16 in the EEA/UK without the consent of the child’s parent or guardian as required by law, we will delete it.
We retain personal information for as long as appropriate to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. If applicable, we will retain personal information as agreed upon in the Customer’s signed agreement.
Cross-border processing of personal information
If you provide us with your personal information when using the Services, then please note that we are headquartered in the United States. To provide and operate our Services, it is necessary for us to process personal information in the United States.
If we transfer personal information across borders such that we are required to apply appropriate safeguards to personal information under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.
How to contact us
You can reach us by email at firstname.lastname@example.org or at the following mailing address:
10801 North MoPac Expressway, Suite 400
Austin, TX 78759 USA
Notice to EU, UK and Swiss residents
EU and UK Representatives.
We have appointed a representative in the EU and the UK. For the EU, please contact our representative by email at email@example.com. In the UK, please contact our representative by email at firstname.lastname@example.org. Visit www.VeraSafe.com for more information.
If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you can contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
What are cookies and similar technologies?
Cookies are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand activity and patterns, and facilitating online advertising.
Local storage technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
We, our service providers, and our advertising partners automatically log information about individuals’ interactions with our Services and communications, such as:
Device information, such as computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state, or geographic area.
Online activity information, such as pages or screens viewed, how long individuals spend on a page or screen, the website they visited before browsing to our website, navigation paths between pages or screens, information about activity on a page or screen, access times and duration of access, and whether individuals open our marketing emails or click links within them.
We may also allow our advertising partners to collect this information through our website.
What types of cookies and similar technologies does Bonterra use?
We use the following categories of cookies:
Essential. These cookies are necessary to allow the technical operation of our Services (e.g., they enable you to move around on a website and to use its features).
Functionality / performance. We use these cookies to enhance the functionality and performance of the Services.
Analytics. We use these cookies to help us understand how our Services are performing and being used. For example, we use Google Analytics to collect information about how users use our Services, which we then use to compile reports that disclose trends without identifying individual visitors, and help us improve our Services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
Advertising. We and our third-party advertising partners use these cookies to collect information about how you use our website and use that information to serve online ads that may be relevant to your interests. Please find examples of the third-party advertising cookies we use and links to their platform opt-out pages in the following section.
You can also limit online tracking by:
Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Use the following links to learn more about how to control cookies and online tracking through your browser:
o Firefox; Chrome; Microsoft Edge; Safari
Blocking advertising ID use in your mobile settings. Your mobile device settings can provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.
Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
o Digital Advertising Alliance for Websites: outout.aboutads.info
o Network Advertising Initiative: optout.networkadvertising.org
Platform opt-outs. Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Do Not Track. Some Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://allaboutdnt.com/.