This policy was updated 19/02/2024
We are dedicated to safeguarding the privacy and security of your personal information. Our commitment extends to implementing robust precautions to protect your data and ensuring transparency about how we handle it.
By engaging with our Services, you acknowledge and agree that:
- Your personal information will be processed in accordance with the General Data Protection Regulation (GDPR) and any applicable data protection laws. This includes respecting your rights to access, correct, delete, or limit the use of your personal data and providing mechanisms for you to exercise these rights.
2. Do Gooder Pty Ltd (“Do Gooder” also referred to as “we”) is an Australian company and is governed by Australian law, including in the handling of “personal information”.
5. The Website and Software is provided by Do Gooder to be used to provide a platform for Members to create and manage online campaigns and communications with the Public and third parties.
8. Members must also provide a Data Usage Notice on the Website to inform the Public how the Member collects and uses the data provided by the Public through their Campaign Sites including such data processed by Do Gooder for the Member or other processors or sub-processors.
9. Members must also agree to be bound by Do Gooder's Data Collection and Processing Addendum (“DCPA”).
11. If you are a Member and you do not agree to be bound by all variations in their entirety you must notify Do Gooder immediately and terminate your membership.
Information we collect (from the Public)
13. Do Gooder does not collect personal information about the Public other than: information that is specifically provided to us, such as if you communicate with us; or required to be kept for legal reasons; or cookie data as described below; or as otherwise set out below.
14. This information is collected so that Do Gooder can: effectively respond to enquiries and communications; notify members and the Public so that the Website can be used as a platform to communicate. Do Gooder needs to collect the information so that we can perform our contracts with Members; provide services requested; to protect our legal interests, such as where a dispute may arise; to prevent fraud and abuse; record-keeping; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and the Public.
What Are Cookies?
16. This policy outlines the types of information collected by the cookies we use, how we utilise this information, and the reasons behind storing these cookies. Additionally, we explain how you can manage your cookie preferences, including how to prevent the storage of non-essential cookies. It's important to note that disabling non-essential cookies may impact the functionality of the website, potentially degrading your experience or affecting the performance of certain features.
Types of Cookies Used
|Necessary for the site to work as intended, such as saving your cookie preferences, browser security & accessing secure areas.
|Personalisation & site statistics
|Provide an improved experience for the Public and Members including remembering settings and providing accurate impact statistics for Members.
|Analytics / Third Party Cookies
Provides campaigners with data so that they can understand their social impact and improve their work. These are provided by third parties including Google and Facebook.
Managing Your Cookie Preferences
18. You have the right to choose whether or not to accept non-essential cookies. Upon your first visit to our website, we will ask for your consent to use non-essential cookies via our cookie control pop up. You can manage your cookie preferences at any time by adjusting your browser settings. Please note that disabling certain types of cookies may affect your experience on our website and the services we are able to offer.
For instructions on how to manage your cookie preferences, please refer to the Manage Cookie Settings page on the Cookie Consent banner, or consult the Help section of your web browser
Our use of CAPTCHA
Information we collect (from Members)
(a) When a Member applies for membership, in order to establish the campaign Website. This may include personal information such as a member's Do Gooder site address, password, country and email address, billing address, credit card number, credit card expiration date and bank account details.
This information is collected so that Do Gooder can: provide and keep a Member's account secure; ensure that only the Member can access the Member's account; ensure that only a Member can control their campaign site; can properly communicate with a Member or the Public; to prevent fraud and abuse. Do Gooder needs to collect and process the information so that we can perform our contracts with Members; properly run the Website; to comply with legal requirements, including tax obligations; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and users.
(b) When the Public or Members communicate with Do Gooder, including communicating this information can include your name; post code/ zip; your address; email address; your telephone number; and other information you might communicate to us.
This information is collected and processed so that Do Gooder can: effectively respond to enquiries and communications; notify Members and the Public so that the Website can be used as a platform to communicate. Do Gooder needs to collect and process the information so that we can perform our contracts with Members; provide services requested; to protect our legal interests, such as where a dispute may arise; record-keeping; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and the Public.
(c) Data relating to the Members use of the Website including cookie data.
This information is collected and processed so that Do Gooder can: properly provide the Website and services to Members and users; allow Members and users to communicate through the Website; and to prevent fraud and abuse. Do Gooder needs to collect and process information so that we can perform our contracts with Members; provide services requested; to protect our legal interests, for example where a Member or the Public inappropriately uses the Website; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and the Public.
Collection of Information by Do Gooder
21. The personal information of Members and the Public collected by Do Gooder may be held on our behalf outside Australia, by our third party service providers. Our third party service providers are bound by contract to only use personal information on our behalf, under our instructions.
22. We may store and transfer personal information outside of the EU/EEA. The privacy laws of the country in which personal information is stored or transferred may be different from those in the EU/EEA and may not have adequate data protection standards.
23. We will always have safeguards in place when storing or transferring personal information outside of the EEA, and you may ask us for a copy of these safeguards.
24. The personal information collected by Do Gooder is held subject to the DCPA between Do Gooder and Members.
Collection of Information by Members
25. Members collect information, including personal information from the Public, from the use of their Campaign Sites, including:
(a) Correspondence/Notification/Publication data – This information is collected by the Members and processed on their behalf so that Members can: effectively respond to enquiries and communications; notify users so that the Website can be used as a platform to communicate. Members need to collect and process the information so that they can provide services requested; to protect their legal interests, such as where a dispute may arise; for record-keeping purposes; and for our legitimate interests, such as providing better services, improving their Campaign Site and maintaining good relationships with the Public.
(b) Account/Profile/Transaction data – This information is collected by the Members and processed on their behalf so that Members can: effectively communicate with the Public; and to prevent abuse and fraud. Members need to collect and process the information. Members can provide information and services for the Public; properly run the Campaign Site; to comply with legal requirements, including tax obligations; and for their legitimate interests, such as providing better services, improving their Campaign Site and maintaining good relationships with the Public.
(c) Usage/Service data - This information is collected by the Members and processed on their behalf so that Members can: properly provide their Campaign Sites and services to the Public; allow the Public to communicate through their Campaign Sites ; and to prevent fraud and abuse. Members need to collect and process the information so that they can provide information and services for the Public; including services requested; to protect their legal interests, for example where a user inappropriately uses the Campaign Site; and for their legitimate interests, such as providing better services, improving their Campaign Sites and maintaining good relationships relationships with the Public.
26. Members must also provide a Data Usage Notice on their Campaign website to inform users how the member collects and uses the data provided by the Public through the Website including such data processed by Do Gooder for the Member or other processors or sub-processors.
27. Members may store and transfer personal information outside Australia. Members will ensure that any third party service providers are bound by contract to only use personal information on our behalf, under their instructions.
28. Members may store and transfer personal information outside of the EU/EEA. The privacy laws of the country in which personal information is stored or transferred may differ from those in the EU/EEA and may not have adequate data protection standards.
29. Members must have safeguards in place when storing or transferring personal information outside of the EEA, and you may ask us for a copy of these safeguards.
Age Verification and Consent for Minors
30. Persons under the age of consent in their country of residence are not permitted to become members of Do Gooder without the explicit consent of a parent or guardian. To ensure compliance with the General Data Protection Regulation (GDPR), we require new members to confirm that they are at or over the age of consent in their country of residence. Parents or guardians are required to provide consent before a minor can access our services. Parents or guardians have the right to review, modify, or request the deletion of their child's personal information by contacting us at [email protected]
Youth Privacy and Data Collection
31.Our services and digital platforms are designed for individuals who are of voting age in their respective jurisdictions and are not intended for use by individuals under this age without the approval of a parent or guardian. Consistent with our commitment to comply with the General Data Protection Regulation (GDPR), we do not target our services to individuals under the age of 13, nor do we knowingly collect or solicit personal data from anyone under the age of 13, regardless of parent or guardian approval.
32. By using our services, you affirm that you are at or over the age of consent in your jurisdiction or have received the necessary approval from a parent or guardian if under the required age. We encourage parents and guardians to actively monitor and participate in their children's online activities.
Processing of Information by Do Gooder
33. Members may provide data including personal information, as described above, to Do Gooder for processing.
(a) Personal information processed by Do Gooder is held subject to the DCPA between Do Gooder and Members. Do Gooder may engage sub-processors to process the data.
(b) Personal information processed by Do Gooder or its sub-processors is processed subject to the DCPA between Do Gooder and Members.
36. Sub-processors are bound by contract only to use personal information on the Member's behalf, and under instruction.
37. The personal information may be processed outside Australia by our third party service providers. Our third party service providers are bound by contract to only use personal information on our behalf, under our instructions.
38. We may store and transfer personal information outside of the EU/EEA. The privacy laws of the country in which personal information is stored or transferred may differ from those in the EU/EEA and may not have adequate data protection standards.
39. We will always have safeguards in place when storing or transferring personal information outside of the EEA, and you may ask us for a copy of these safeguards.
40. Members are required to comply with any applicable laws including relevant laws including Australian law and the GDPR in respect of any transfer or processing of personal information.
Cross-Border Processing of Personal Information
41. Do Gooder operates globally, with our operations based in Australia and our hosting infrastructure located in the United States. Due to the nature of our services, we may need to transfer and process your personal information across international borders. This section explains our practices and your rights regarding the cross-border processing of your personal information.
(a) Transfer of Personal Information: When we transfer your personal information internationally, including to our servers or third-party service providers in the United States, we do so in compliance with applicable laws and regulations. Our aim is to ensure that your personal information is protected regardless of where it is processed.
(b) Safeguards: We implement appropriate safeguards to protect your personal information during cross-border transfers. This includes entering into data transfer agreements with recipients that require them to provide a level of protection consistent with Australian privacy laws and, where applicable, the GDPR. We may rely on various mechanisms for international transfers of personal information, such as standard contractual clauses approved by the European Commission, consent, or other legal bases permitted under relevant laws.
(c) Your Rights: You have certain rights regarding your personal information, including the right to access, correct, and request the deletion of your personal data. Depending on your location, you may also have rights to object to certain processing activities and to request restrictions on the processing of your personal information. We are committed to honouring these rights in accordance with applicable laws.
For the sake of transparency, we have appended a detailed list of these services to this Policy, complete with references to their respective policies. It is important to note, though, that we do not bear responsibility for the privacy practises or policies of any third-party entities.
Disclosure of personal information
42. We may disclose your personal information to third parties for the following purposes:
(b) if necessary to provide the service you have requested.
(c) if otherwise required by law; or
(d) for other purposes with your consent.
43. This includes: the disclosure of transaction data with our payment services providers, only as required to process payments, refunds, queries and disputes; the disclosure of your personal information as required to meet our legal, financial obligations and to protect our legitimate interests; the disclosure of your personal information to protect the vital interests of you or another person.
GDPR Roles and Responsibilities
44. In compliance with the General Data Protection Regulation (GDPR), Do Gooder acknowledges its role as both a Data Controller and Data Processor as defined by the regulation:
(a) As a Data Controller, we are responsible for determining the purposes and means by which your personal data is processed. We decide why and how to process your data and are committed to doing so in accordance with GDPR requirements and ensuring the protection of your rights and privacy.
(b) As a Data Processor, when we process personal data on behalf of another data controller, we act under their instructions and in compliance with GDPR to ensure the confidentiality and security of your data.
We engage with third-party data processors to perform certain processing activities on our behalf. These processors are carefully selected to ensure they meet GDPR standards for data protection and security.
Third Party Personal Data Subprocessors
45. In the course of providing our services, we may need to share your personal data with third-party subprocessors. These subprocessors are carefully selected partners or service providers that perform certain functions on our behalf, including but not limited to data hosting, analytics, customer service operations, and marketing support.
(a) Selection and Compliance: We ensure that all our sub processors are compliant with the General Data Protection Regulation (GDPR) and adhere to the same standards of data protection and security that we uphold. Before engaging any subprocessor, we conduct a thorough evaluation of their data protection practices and require them to enter into a data processing agreement that mandates compliance with GDPR and protects the rights and privacy of our users.
(b) Transparency and Notification: A list of our current third-party subprocessors, along with a description of their processing activities and locations, can be found [insert link or location where the list is accessible]. We commit to updating this list and notifying our users of any changes to our sun processors that may affect the processing of their personal data.
(c) Rights and Choices: You have certain rights regarding your personal data, including the right to object to the processing of your data by third parties. If you wish to exercise this right or have any questions about the sub processors we use, please contact us directly at [insert contact information].
(d) Safeguards and Transfer: When our sun processors are located outside the European Economic Area (EEA), we ensure that there are adequate safeguards in place to protect your personal data. This may include the use of Standard Contractual Clauses approved by the European Commission, adherence to an adequacy decision, or other mechanisms deemed suitable under GDPR.
(e) Liability: We remain fully liable for any acts or omissions of our sub processors that may result in the breach of our obligations under this agreement or under applicable data protection laws.
46. By using our services, you acknowledge and agree to the processing of your personal data by third-party sub processors as described in this clause.
Personal Data Retention
47. We will hold your Personal Information for the duration necessary to achieve the specified purpose, or as long as the law allows or mandates. Should there be no continued legitimate business reason to keep your Personal Information, we will either erase it, render it anonymous, or securely retain it until erasure becomes feasible.
Social Media Use in Campaign Actions
48. Do Gooder leverages social media platforms, including Facebook and Twitter, as part of our campaign actions to engage with our community and broaden our outreach. When you interact with our campaigns through these social media platforms, your personal data may be processed both by us and the respective social media platform.
(a) Data Processing by Social Media Platforms: Please be aware that interacting with our content on social media platforms can result in the collection and processing of your personal data by the platform providers. This includes information such as your user ID, your interactions with our content, and other data you provide through these platforms. The processing of this data is governed by the privacy policies of the respective social media platforms:
We encourage you to review these policies to understand how Facebook and Twitter use your information and how you can exercise your rights under GDPR, including your right to access, rectify, or erase your personal data held by them.
(b) Our Use of Data: The data we collect through social media platforms may be used to monitor the effectiveness of our campaigns, to interact with participants, and to further our organisation's goals. We process this data based on our legitimate interest in engaging with our audience and advancing our mission.
49. By participating in our campaigns on social media platforms, you acknowledge and consent to the processing of your personal data as described above and in accordance with the privacy policies of the respective social media platforms.
50. In our efforts to continually improve our services and the user experience, we may collect and use data in a form that does not, on its own, permit direct association with any specific individual. We refer to this data as "anonymous data".
(a) Definition and Anonymisation Process: Anonymous data is information that has been processed in such a way that it can no longer be used to identify a natural person. Our anonymisation process is designed to ensure that individuals cannot be re-identified, in compliance with GDPR guidelines.
(b) Usage: We utilise anonymous data for analytical and statistical purposes, which helps us better understand trends and user needs, leading to improved services and features. This data may include aggregated usage information or data that is not linked to any personal identity.
(c) Sharing: Anonymous data may be shared with partners or third parties for the purposes of research, analysis, or service enhancement. However, this data is shared in a way that does not compromise individual privacy, as it cannot be used to identify any person.
Exercising your rights, personal information
51. As Members and the Public, you have a right to be informed by Do Gooder about: how we process your personal information; the reasons why we process your data; and where that data is processed.
52. You have the right to request access to the personal information Do Gooder holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you.
53. You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date. Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period. We do not charge for making corrections.
54. You have the right to seek human review of automated decision-making or profiling.
55. In certain circumstances, you have a right to object to the processing of your personal information or request the restriction or suppression of your personal information. When we are required to stop processing your personal information, we will do so. When we are required to restrict or suppress your personal information, Do Gooder is permitted to store the personal data, but not use it.
56. You have the right to opt-out of direct marketing, and profiling for marketing; and processing for research statistical purposes.
57. In some circumstances you have the right to the erasure of your personal information without undue delay. You may not have that right where processing is necessary. Such as for compliance with legal obligations; or for the establishment, dealing with legal claims.
58. In some circumstances, you have a right to request that Do Gooder transmit to another data controller, personal information that you have provided to Do Gooder, where this is technically feasible. You may be required to pay a reasonable fee for us to comply with such a request.
59. If you are within the EU/UK, you are afforded certain rights regarding your personal information, under relevant data protection laws:
(a) Right to Access: You have the right to request information about how we process your personal data and to obtain a copy of that data.
(b) Right to Rectification: Should any personal data we hold about you be incorrect or incomplete, you have the right to have it corrected.
(c) Right to Erasure: Under certain conditions, you may request the deletion of your personal data, such as when the data is no longer necessary for its original purpose, following a successful objection to its processing, if it was processed unlawfully, or if erasure is mandated by law. We will fulfil your request unless we are bound by legal obligations or legitimate grounds that necessitate retaining your data, in which case you will be informed accordingly.
(d) Right to Restrict Processing: You may request that we temporarily halt the processing of your personal data if you contest its accuracy, believe our processing to be unlawful, require the data for legal claims, or have objected to our processing pending verification of our legitimate grounds.
(e) Right to Object: You have the right to oppose our processing of your personal data based on our legitimate interests if you believe it affects your fundamental rights and freedoms.
(f) Right to Data Portability: In certain situations, you can request that we transfer your personal data either to you or a party you nominate, in a structured, commonly used, and machine-readable format. This right applies exclusively to data you have provided to us, either with your consent or for the execution of a contract.
(g) Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw this consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
(h) Right to Opt Out of Marketing Communications: You can unsubscribe from our marketing communications at any time by following the unsubscribe link in any marketing email, adjusting your preferences in your account or by contacting our Support Team.
Regular Policy Review and Updates
How to contact us?
61. We are committed to protecting your personal data and ensuring your privacy rights are respected. If you have any questions about how we handle your personal data, wish to exercise any of your rights under the General Data Protection Regulation (GDPR), or have any concerns regarding our data protection practices, please do not hesitate to get in touch with us.
62. If you have an enquiry or a complaint about the way we handle your personal information, or if you wish to exercise your privacy rights concerning the personal information we hold about you, you may contact our Privacy Officer via email at [email protected].
- your contact information,
- a description of your request or concern,
- the country and/or state in which you reside
- any specific details that would help us address your enquiry or complaint effectively
63. While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by email. We will acknowledge your formal complaint within 30 days of receiving the complaint.
64.If you are in the European Union and believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of DPAs can be found on the European Data Protection Board's website at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
65. This Agreement shall be governed in all respects by the substantive laws of Australia. Any controversy, claim, or dispute arising out of or relating to the Agreement shall be subject to the jurisdiction of the competent courts of Australia, the jurisdiction of the Australian Federal Court being expressly reserved.
List of Subprocessors - Addendum 01
We engage the services of the following companies to assist us in gathering, analysing, storing, managing, and processing your personal data. In their agreements with us, each company is bound to handle the personal data strictly in accordance with our directives and contractual terms, ensuring their use of your information aligns with our platform requirements.
|NAME OF ENTITY
|PRIVACY PROTECTION GDPR INFORMATION
|Content Delivery Network
|Cloud Computing / Hostingy
|Infrastructure provider, Data Storage
|GDPR - Amazon Web Services (AWS)
|Email Delivery Service
|Maps and Places APIs
|Google has data centers in various locations across the Americas, Europe, Asia, and more.
|Google has data centres in various locations across the Americas, Europe, Asia, and more.
|Address Verification Services
PayPal (Payment Processing)
GDPR Info: PayPal Privacy Statement
|Social Media Services
|Facebook outlines its commitment to GDPR and offers resources for businesses on how to manage privacy.
Facebook GDPR Resource
|Customer Messaging Platform
|Intercom has detailed GDPR compliance information, including data processing agreements and privacy policies.
Intercom GDPR Resource
|Web Testing Platform
BrowserStack GDPR Resource
|Community Organising Software
|NationBuilder provides specific details on GDPR compliance, including data processing and protection measures.
NationBuilder GDPR Resource
|Stripe offers extensive GDPR-related documentation, focusing on data protection and privacy.
Stripe GDPR Resource
|File Upload Service
Filestack GDPR Resource -
|Matomo, being privacy-focused analytics, provides detailed GDPR compliance information for users wanting to use analytics without compromising user privacy.
Matomo GDPR Resource
|online video-sharing platform
|Google has data centers in various locations across the Americas, Europe, Asia, and more.
|YouTube Privacy Statement
|online video-sharing platform
|Vimeo Privacy Statement