What is GDPR
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). GDPR came into effect across the EU on May 25, 2018.
If your organization is based in the EU or you process the personal data of individuals in the EU, then the GDPR affects you.
Key points regarding the GDPR:
- Consent: Donors must freely give consent for the gathering and processing of their data and reserve the right to withdraw their consent at any time.
- Right to access: Donors have the right to access any personal information that has been collected from them. They can ask for confirmation if personal data concerning them is being processed, as well as where and for what reason, and they can be provided with a copy of that data.
- Right to be forgotten: Donors can request that their personal information be erased.
How we help you with compliance
Custom Donations forms can easily be configured to gain consent and so your constituents can opt-in to your email marketing.
- Click on "GDPR and Email Consent" from your Account tab at my.customdonations.com
Enable the GDPR option. This enables you to set the GDPR toggle on any giving form (when the GDPR option is not enabled, you will not see the toggles on the Giving Form page). Enabling the GDPR option for a giving form will present a checkbox on the Gift Review step so that the user can give their consent. Edit the GDPR Consent Label to set the text that appears with the checkbox.
Additionally, you can add up to two links to your specific policies. These links will appear with the consent checkbox on your giving forms.
Once you have enabled GDPR and/or set your Email Consent options, you can enable those options on each Giving Form where you want them to appear.
The options will now show up on your giving form, right before the payment button. That's it -- any form can now gain consent!
Our compliance with GDPR
Custom Donations [we] collects personal information about users [you] who conduct transactions through our forms. At a minimum, this includes your IP and email address. Additional information, beyond IP and email address, is determined by the organization with whom you are conducting the transaction [our clients].
The information collected on behalf of our clients allows them to conduct and manage that transaction.
The information is securely passed to our clients through the payment processor (Stripe). Please visit their site for more information on their policies.
Additionally, certain information may be passed to our clients' data processors if the client has opted to do so. Please refer to their policies for more detail. Links to this information should be available, when relevant, on our donation forms (see How we help you with compliance section). This may include:
- Mass email clients, assuming you have given permission to join their email list. If you have not given consent, no information will be sent.
- Their CRM database (where they store your donor record).
Personal information is encrypted and securely stored on our servers.
Outside of passing your information to our clients and their data processors, we do not leverage or share your personal information. It is strictly used to manage your transaction or recurring payment.
At any time, you may request that your information be removed.
You may request a copy of the data we have on file at any time.
We do not store credit card numbers or financial data.