Privacy Policy

This policy was updated 19/02/2024

We are dedicated to safeguarding the privacy and security of your personal information. Our commitment extends to implementing robust precautions to protect your data and ensuring transparency about how we handle it.

By engaging with our Services, you acknowledge and agree that:

• We will collect, use, and manage your personal information as outlined in this Privacy Policy.

• We commit to regularly reviewing and updating our Privacy Policy, with any modifications being promptly posted on this website.

• Your personal information will be processed in accordance with the General Data Protection Regulation (GDPR) and any applicable data protection laws. This includes respecting your rights to access, correct, delete, or limit the use of your personal data and providing mechanisms for you to exercise these rights.

This Privacy Policy aims to give you a clear understanding of how we process your information, the purposes for processing your data, the legal bases we rely on to do so, and your rights concerning your personal information.

1. This Privacy Policy together with the Terms and Conditions regulate the use of the Do Gooder Website located at dogooder.co, and Do Gooder member Websites (“Campaign Sites”) located at member-account-name.good.do (collectively referred to as "the Website") and the Do Gooder software ("the Software"). This Privacy Policy together with the Terms and Conditions apply to all users, (including their agents and assigns) of the Website and Software, including Do Gooder Members (“Members”) and users of the Website or Campaign Sites (“the Public”).

2. Do Gooder Pty Ltd (“Do Gooder” also referred to as “we”) is an Australian company and is governed by Australian law, including in the handling of “personal information”.

3. This Privacy Policy also explains how Do Gooder processes personal data about people in the European Union (EU), as required under the General Data Protection Regulation (GDPR), ensuring the rights and protections of EU data subjects are respected.

4. Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, directly or indirectly. This Privacy Policy applies to personal information collected or held or processed by Do Gooder.

Members

5. The Website and Software is provided by Do Gooder to be used to provide a platform for Members to create and manage online campaigns and communications with the Public and third parties.

6. Members will receive personal information through their Campaign Site and the Software. This Privacy Policy applies to personal information collected and/or held by Do Gooder Members.

7. In order to become a Member you must read this Privacy Policy and agree to be bound by it. You must also read and agree to be bound by the Terms and Conditions.

8. Members must also provide a Data Usage Notice on the Website to inform the Public how the Member collects and uses the data provided by the Public through their Campaign Sites including such data processed by Do Gooder for the Member or other processors or sub-processors.

9. Members must also agree to be bound by Do Gooder's Data Collection and Processing Addendum (“DCPA”).

10. This Privacy Policy and the Terms and Conditions may be varied from time to time. Such variations will be posted on the Website. It is a condition of membership that any Do Gooder Member accepts and agrees to be bound by this Privacy Policy and the Terms and Conditions from time to time, including variations.

11. If you are a Member and you do not agree to be bound by all variations in their entirety you must notify Do Gooder immediately and terminate your membership.

12. Do Gooder may terminate the membership of any Member who fails to comply with this Privacy Policy.

Information we collect (from the Public)

13. Do Gooder does not collect personal information about the Public other than: information that is specifically provided to us, such as if you communicate with us; or required to be kept for legal reasons; or cookie data as described below; or as otherwise set out below.

14. This information is collected so that Do Gooder can: effectively respond to enquiries and communications; notify members and the Public so that the Website can be used as a platform to communicate. Do Gooder needs to collect the information so that we can perform our contracts with Members; provide services requested; to protect our legal interests, such as where a dispute may arise; to prevent fraud and abuse; record-keeping; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and the Public.

Cookie Management

What Are Cookies?

15. Cookies are small text files downloaded to your computer or mobile device to enhance your browsing experience on our website.  A cookie is generated when your browser accesses our website, prompting the site to send information to the browser, which results in the creation of a cookie file. Do Gooder uses cookies to enhance your experience and enable functions on our website. Cookies play a pivotal role in facilitating or improving our website usability and processes.

16. This policy outlines the types of information collected by the cookies we use, how we utilise this information, and the reasons behind storing these cookies. Additionally, we explain how you can manage your cookie preferences, including how to prevent the storage of non-essential cookies. It's important to note that disabling non-essential cookies may impact the functionality of the website, potentially degrading your experience or affecting the performance of certain features.

Types of Cookies Used

17. We only use cookies for the reasons detailed below:

Managing Your Cookie Preferences

18. You have the right to choose whether or not to accept non-essential cookies. Upon your first visit to our website, we will ask for your consent to use non-essential cookies via our cookie control pop up. You can manage your cookie preferences at any time by adjusting your browser settings. Please note that disabling certain types of cookies may affect your experience on our website and the services we are able to offer.

For instructions on how to manage your cookie preferences, please refer to the Manage Cookie Settings page on the Cookie Consent banner, or consult the Help section of your web browser

Our use of CAPTCHA

19. We may utilise Google reCAPTCHA as a measure to deter fraud and misuse. The data gathered by Google through reCAPTCHA contributes to its enhancement and supports general security initiatives. By employing reCAPTCHA, users are subject to the conditions outlined in Google’s Privacy Policy and Terms of Use.

Information we collect (from Members)

20. We collect and process your personal data as a necessary part of entering into and fulfilling our contractual obligations to you under the terms of your Member Subscription Agreement. When you subscribe to our services, you agree to our terms and conditions, which necessitates the processing of your personal data for the purposes set out in this privacy policy. We commit to processing your personal data solely for the purposes of fulfilling our contractual obligations to you and in accordance with our Privacy Policy, as well as applicable data protection laws.25. Do Gooder collects personal information about Members including:

(a) When a Member applies for membership, in order to establish the campaign Website. This may include personal information such as a member's Do Gooder site address, password, country and email address, billing address, credit card number, credit card expiration date and bank account details.

This information is collected so that Do Gooder can: provide and keep a Member's account secure; ensure that only the Member can access the Member's account; ensure that only a Member can control their campaign site; can properly communicate with a Member or the Public; to prevent fraud and abuse. Do Gooder needs to collect and process the information so that we can perform our contracts with Members; properly run the Website; to comply with legal requirements, including tax obligations; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and users.

(b) When the Public or Members communicate with Do Gooder, including communicating this information can include your name; post code/ zip; your address; email address; your telephone number; and other information you might communicate to us.

This information is collected and processed so that Do Gooder can: effectively respond to enquiries and communications; notify Members and the Public so that the Website can be used as a platform to communicate. Do Gooder needs to collect and process the information so that we can perform our contracts with Members; provide services requested; to protect our legal interests, such as where a dispute may arise; record-keeping; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and the Public.

(c) Data relating to the Members use of the Website including cookie data.

This information is collected and processed so that Do Gooder can: properly provide the Website and services to Members and users; allow Members and users to communicate through the Website; and to prevent fraud and abuse. Do Gooder needs to collect and process information so that we can perform our contracts with Members; provide services requested; to protect our legal interests, for example where a Member or the Public inappropriately uses the Website; and for our legitimate interests, such as providing better services, improving our Website and maintaining good relationships with Members and the Public.

Collection of Information by Do Gooder

21. The personal information of Members and the Public collected by Do Gooder may be held on our behalf outside Australia, by our third party service providers. Our third party service providers are bound by contract to only use personal information on our behalf, under our instructions.

22. We may store and transfer personal information outside of the EU/EEA. The privacy laws of the country in which personal information is stored or transferred may be different from those in the EU/EEA and may not have adequate data protection standards.

23. We will always have safeguards in place when storing or transferring personal information outside of the EEA, and you may ask us for a copy of these safeguards.

24. The personal information collected by Do Gooder is held subject to the DCPA between Do Gooder and Members.

Collection of Information by Members

25. Members collect information, including personal information from the Public, from the use of their Campaign Sites, including:

(a) Correspondence/Notification/Publication data – This information is collected by the Members and processed on their behalf so that Members can: effectively respond to enquiries and communications; notify users so that the Website can be used as a platform to communicate. Members need to collect and process the information so that they can provide services requested; to protect their legal interests, such as where a dispute may arise; for record-keeping purposes; and for our legitimate interests, such as providing better services, improving their Campaign Site and maintaining good relationships with the Public.

(b) Account/Profile/Transaction data – This information is collected by the Members and processed on their behalf so that Members can: effectively communicate with the Public; and to prevent abuse and fraud. Members need to collect and process the information. Members can provide information and services for the Public; properly run the Campaign Site; to comply with legal requirements, including tax obligations; and for their legitimate interests, such as providing better services, improving their Campaign Site and maintaining good relationships with the Public.

(c) Usage/Service data - This information is collected by the Members and processed on their behalf so that Members can: properly provide their Campaign Sites and services to the Public; allow the Public to communicate through their Campaign Sites ; and to prevent fraud and abuse. Members need to collect and process the information so that they can provide information and services for the Public; including services requested; to protect their legal interests, for example where a user inappropriately uses the Campaign Site; and for their legitimate interests, such as providing better services, improving their Campaign Sites and maintaining good relationships relationships with the Public.

26. Members must also provide a Data Usage Notice on their Campaign website to inform users how the member collects and uses the data provided by the Public through the Website including such data processed by Do Gooder for the Member or other processors or sub-processors.

27. Members may store and transfer personal information outside Australia. Members will ensure that any third party service providers are bound by contract to only use personal information on our behalf, under their instructions.

28. Members may store and transfer personal information outside of the EU/EEA. The privacy laws of the country in which personal information is stored or transferred may differ from those in the EU/EEA and may not have adequate data protection standards.

29. Members must have safeguards in place when storing or transferring personal information outside of the EEA, and you may ask us for a copy of these safeguards.

Age Verification and Consent for Minors

30. Persons under the age of consent in their country of residence are not permitted to become members of Do Gooder without the explicit consent of a parent or guardian. To ensure compliance with the General Data Protection Regulation (GDPR), we require new members to confirm that they are at or over the age of consent in their country of residence. Parents or guardians are required to provide consent before a minor can access our services. Parents or guardians have the right to review, modify, or request the deletion of their child's personal information by contacting us at [email protected]

Youth Privacy and Data Collection

31.Our services and digital platforms are designed for individuals who are of voting age in their respective jurisdictions and are not intended for use by individuals under this age without the approval of a parent or guardian. Consistent with our commitment to comply with the General Data Protection Regulation (GDPR), we do not target our services to individuals under the age of 13, nor do we knowingly collect or solicit personal data from anyone under the age of 13, regardless of parent or guardian approval.

32. By using our services, you affirm that you are at or over the age of consent in your jurisdiction or have received the necessary approval from a parent or guardian if under the required age. We encourage parents and guardians to actively monitor and participate in their children's online activities.

Processing of Information by Do Gooder

33. Members may provide data including personal information, as described above, to Do Gooder for processing.

(a) Personal information processed by Do Gooder is held subject to the DCPA between Do Gooder and Members. Do Gooder may engage sub-processors to process the data.

(b) Personal information processed by Do Gooder or its sub-processors is processed subject to the DCPA between Do Gooder and Members.

36. Sub-processors are bound by contract only to use personal information on the Member's behalf, and under instruction.

37. The personal information may be processed outside Australia by our third party service providers. Our third party service providers are bound by contract to only use personal information on our behalf, under our instructions.

38. We may store and transfer personal information outside of the EU/EEA. The privacy laws of the country in which personal information is stored or transferred may differ from those in the EU/EEA and may not have adequate data protection standards.

39. We will always have safeguards in place when storing or transferring personal information outside of the EEA, and you may ask us for a copy of these safeguards.

40. Members are required to comply with any applicable laws including relevant laws including Australian law and the GDPR in respect of any transfer or processing of personal information.

Cross-Border Processing of Personal Information

41. Do Gooder operates globally, with our operations based in Australia and our hosting infrastructure located in the United States. Due to the nature of our services, we may need to transfer and process your personal information across international borders. This section explains our practices and your rights regarding the cross-border processing of your personal information.

(a) Transfer of Personal Information: When we transfer your personal information internationally, including to our servers or third-party service providers in the United States, we do so in compliance with applicable laws and regulations. Our aim is to ensure that your personal information is protected regardless of where it is processed.

(b) Safeguards: We implement appropriate safeguards to protect your personal information during cross-border transfers. This includes entering into data transfer agreements with recipients that require them to provide a level of protection consistent with Australian privacy laws and, where applicable, the GDPR. We may rely on various mechanisms for international transfers of personal information, such as standard contractual clauses approved by the European Commission, consent, or other legal bases permitted under relevant laws.

(c) Your Rights: You have certain rights regarding your personal information, including the right to access, correct, and request the deletion of your personal data. Depending on your location, you may also have rights to object to certain processing activities and to request restrictions on the processing of your personal information. We are committed to honouring these rights in accordance with applicable laws.

(d) Consent to Transfer: By using our platform and providing us with your personal information, you consent to the transfer and processing of your personal information as described in this policy. If you have concerns about the cross-border transfer of your personal information, please contact us using the details provided in our privacy policy.

For the sake of transparency, we have appended a detailed list of these services to this Policy, complete with references to their respective policies. It is important to note, though, that we do not bear responsibility for the privacy practises or policies of any third-party entities.

Disclosure of personal information

42. We may disclose your personal information to third parties for the following purposes:

(a) As described in this Privacy Policy;

(b) if necessary to provide the service you have requested.

(c) if otherwise required by law; or

(d) for other purposes with your consent.

43. This includes: the disclosure of transaction data with our payment services providers, only as required to process payments, refunds, queries and disputes; the disclosure of your personal information as required to meet our legal, financial obligations and to protect our legitimate interests; the disclosure of your personal information to protect the vital interests of you or another person.

GDPR Roles and Responsibilities

44. In compliance with the General Data Protection Regulation (GDPR),  Do Gooder acknowledges its role as both a Data Controller and Data Processor as defined by the regulation:

(a) As a Data Controller, we are responsible for determining the purposes and means by which your personal data is processed. We decide why and how to process your data and are committed to doing so in accordance with GDPR requirements and ensuring the protection of your rights and privacy.

(b) As a Data Processor, when we process personal data on behalf of another data controller, we act under their instructions and in compliance with GDPR to ensure the confidentiality and security of your data.

We engage with third-party data processors to perform certain processing activities on our behalf. These processors are carefully selected to ensure they meet GDPR standards for data protection and security.

Third Party Personal Data Subprocessors

45. In the course of providing our services, we may need to share your personal data with third-party subprocessors. These subprocessors are carefully selected partners or service providers that perform certain functions on our behalf, including but not limited to data hosting, analytics, customer service operations, and marketing support.

(a) Selection and Compliance: We ensure that all our sub processors are compliant with the General Data Protection Regulation (GDPR) and adhere to the same standards of data protection and security that we uphold. Before engaging any subprocessor, we conduct a thorough evaluation of their data protection practices and require them to enter into a data processing agreement that mandates compliance with GDPR and protects the rights and privacy of our users.

(b) Transparency and Notification: A list of our current third-party subprocessors, along with a description of their processing activities and locations, can be found [insert link or location where the list is accessible]. We commit to updating this list and notifying our users of any changes to our sun processors that may affect the processing of their personal data.

(c) Rights and Choices: You have certain rights regarding your personal data, including the right to object to the processing of your data by third parties. If you wish to exercise this right or have any questions about the sub processors we use, please contact us directly at [insert contact information].

(d) Safeguards and Transfer: When our sun processors are located outside the European Economic Area (EEA), we ensure that there are adequate safeguards in place to protect your personal data. This may include the use of Standard Contractual Clauses approved by the European Commission, adherence to an adequacy decision, or other mechanisms deemed suitable under GDPR.

(e) Liability: We remain fully liable for any acts or omissions of our sub processors that may result in the breach of our obligations under this agreement or under applicable data protection laws.

46. By using our services, you acknowledge and agree to the processing of your personal data by third-party sub processors as described in this clause.

Personal Data Retention

47. We will hold your Personal Information for the duration necessary to achieve the specified purpose, or as long as the law allows or mandates. Should there be no continued legitimate business reason to keep your Personal Information, we will either erase it, render it anonymous, or securely retain it until erasure becomes feasible.

Social Media Use in Campaign Actions

48. Do Gooder  leverages social media platforms, including Facebook and Twitter, as part of our campaign actions to engage with our community and broaden our outreach. When you interact with our campaigns through these social media platforms, your personal data may be processed both by us and the respective social media platform.

(a) Data Processing by Social Media Platforms: Please be aware that interacting with our content on social media platforms can result in the collection and processing of your personal data by the platform providers. This includes information such as your user ID, your interactions with our content, and other data you provide through these platforms. The processing of this data is governed by the privacy policies of the respective social media platforms:

• Facebook’s Privacy Policy

• Twitter/X’s Privacy Policy

We encourage you to review these policies to understand how Facebook and Twitter use your information and how you can exercise your rights under GDPR, including your right to access, rectify, or erase your personal data held by them.

(b) Our Use of Data: The data we collect through social media platforms may be used to monitor the effectiveness of our campaigns, to interact with participants, and to further our organisation's goals. We process this data based on our legitimate interest in engaging with our audience and advancing our mission.

49. By participating in our campaigns on social media platforms, you acknowledge and consent to the processing of your personal data as described above and in accordance with the privacy policies of the respective social media platforms.

Anonymous Data

50. In our efforts to continually improve our services and the user experience, we may collect and use data in a form that does not, on its own, permit direct association with any specific individual. We refer to this data as "anonymous data".

(a) Definition and Anonymisation Process: Anonymous data is information that has been processed in such a way that it can no longer be used to identify a natural person. Our anonymisation process is designed to ensure that individuals cannot be re-identified, in compliance with GDPR guidelines.

(b) Usage: We utilise anonymous data for analytical and statistical purposes, which helps us better understand trends and user needs, leading to improved services and features. This data may include aggregated usage information or data that is not linked to any personal identity.

(c) Sharing: Anonymous data may be shared with partners or third parties for the purposes of research, analysis, or service enhancement. However, this data is shared in a way that does not compromise individual privacy, as it cannot be used to identify any person.

d) By using our services, you acknowledge and agree to the collection and use of anonymous data as described in this policy. Please note that our use of anonymous data is distinct from our practices related to personal data, which are detailed elsewhere in this privacy policy.

Exercising your rights, personal information

51. As Members and the Public, you have a right to be informed by Do Gooder about: how we process your personal information; the reasons why we process your data; and where that data is processed.

52. You have the right to request access to the personal information Do Gooder holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you.

53. You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date. Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period. We do not charge for making corrections.

54. You have the right to seek human review of automated decision-making or profiling.

55. In certain circumstances, you have a right to object to the processing of your personal information or request the restriction or suppression of your personal information. When we are required to stop processing your personal information, we will do so. When we are required to restrict or suppress your personal information, Do Gooder is permitted to store the personal data, but not use it.

56. You have the right to opt-out of direct marketing, and profiling for marketing; and processing for research statistical purposes.

57. In some circumstances you have the right to the erasure of your personal information without undue delay. You may not have that right where processing is necessary. Such as for compliance with legal obligations; or for the establishment, dealing with legal claims.

58. In some circumstances, you have a right to request that Do Gooder transmit to another data controller, personal information that you have provided to Do Gooder, where this is technically feasible. You may be required to pay a reasonable fee for us to comply with such a request.

59. If you are within the EU/UK, you are afforded certain rights regarding your personal information, under relevant data protection laws:

(a) Right to Access: You have the right to request information about how we process your personal data and to obtain a copy of that data.

(b) Right to Rectification: Should any personal data we hold about you be incorrect or incomplete, you have the right to have it corrected.

(c) Right to Erasure: Under certain conditions, you may request the deletion of your personal data, such as when the data is no longer necessary for its original purpose, following a successful objection to its processing, if it was processed unlawfully, or if erasure is mandated by law. We will fulfil your request unless we are bound by legal obligations or legitimate grounds that necessitate retaining your data, in which case you will be informed accordingly.

(d) Right to Restrict Processing: You may request that we temporarily halt the processing of your personal data if you contest its accuracy, believe our processing to be unlawful, require the data for legal claims, or have objected to our processing pending verification of our legitimate grounds.

(e) Right to Object: You have the right to oppose our processing of your personal data based on our legitimate interests if you believe it affects your fundamental rights and freedoms.

(f) Right to Data Portability: In certain situations, you can request that we transfer your personal data either to you or a party you nominate, in a structured, commonly used, and machine-readable format. This right applies exclusively to data you have provided to us, either with your consent or for the execution of a contract.

(g) Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw this consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

(h) Right to Opt Out of Marketing Communications: You can unsubscribe from our marketing communications at any time by following the unsubscribe link in any marketing email, adjusting your preferences in your account or by contacting our Support Team.

Regular Policy Review and Updates

60. Our Privacy Policy may be updated to reflect new practises, legal changes, or technological advancements. The "effective date" will be adjusted accordingly. For significant changes, we aim to notify you in advance through our website or direct communication, and, where required by law, we'll seek your consent. We recommend regularly reviewing this policy to stay informed about our collection, processing and sharing of your Personal Data.

How to contact us?

61. We are committed to protecting your personal data and ensuring your privacy rights are respected. If you have any questions about how we handle your personal data, wish to exercise any of your rights under the General Data Protection Regulation (GDPR), or have any concerns regarding our data protection practices, please do not hesitate to get in touch with us.

62. If you have an enquiry or a complaint about the way we handle your personal information, or if you wish to exercise your privacy rights concerning the personal information we hold about you, you may contact our Privacy Officer via email at [email protected].

Please include:

• your contact information,

• a description of your request or concern,

• the country and/or state in which you reside

• any specific details that would help us address your enquiry or complaint effectively

63. While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by email. We will acknowledge your formal complaint within 30 days of receiving the complaint.

64.If you are in the European Union and believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of DPAs can be found on the European Data Protection Board's website at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Applicable Law

65. This Agreement shall be governed in all respects by the substantive laws of Australia. Any controversy, claim, or dispute arising out of or relating to the Agreement shall be subject to the jurisdiction of the competent courts of Australia, the jurisdiction of the Australian Federal Court being expressly reserved.

List of Subprocessors - Addendum 01

We engage the services of the following companies to assist us in gathering, analysing, storing, managing, and processing your personal data. In their agreements with us, each company is bound to handle the personal data strictly in accordance with our directives and contractual terms, ensuring their use of your information aligns with our platform requirements.