TapKat Solutions LLC Privacy Policy

Last Updated: 11/1/2019

TapKat Solutions LLC (referred to throughout as “us,” “we,” “our,” etc.), is the owner and operator of the tapkat.com Website, a fundraising platform for nonprofits. This Privacy Policy (“Privacy Policy”) applies to the tapkat.com Website, any sub-domains thereof, API integrations or widgets we offer, any email, messaging, applications, or any of the services or features accessible therein, and any other website or web pages we own or operate that include a link to this statement (all of which together are referred to as the “Website”). Although we provide shorter answers to privacy questions on the Website in order to be helpful, this Privacy Policy is the exclusive and authoritative source of our privacy practices. Please keep in mind that this Privacy Policy does not apply to other websites, which may be accessible from the Website. External websites may have data collection, storage and use practices and policies that differ materially from those contained here.

You acknowledge that this Privacy Policy is part of our Terms of Service. BY ACCESSING, BROWSING, SUBMITTING INFORMATION, TO, OR OTHERWISE USING THIS WEBSITE, YOU ACKNOWLEDGE AND AGREE TO THE FOLLOWING TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO THESE TERMS, PLEASE DO NOT ACCESS OR USE THE WEBSITE.

All personal data that is collected and used will be processed in compliance with the General Data Protection Regulation and other EU and Swiss data protection requirements for the European Economic Area (“EEA”). Users from the EEA please review the sections for EEA users below.

If you are registering for or participating in a sweepstakes, event, contest, drawing, or other contest (the “Contest”) participation is subject to our Official Rules and Regulations of that Contest and any other rules and regulations applicable to such Contest (collectively, “Rules”). If this Privacy Policy conflicts with or is inconsistent with a statement in the Rules concerning your privacy, the Rules will apply.

We may update this Privacy Policy from time to time. If we do so, we will notify our users (referred to throughout as “you,” “your,” etc.) by posting the date of the last change or amendment at the top of this page. You agree that this method of notice is sufficient and that you will regularly check this Privacy Policy to see if updates or changes have been made. Your continued use of the site after such amendments will constitute your acknowledgment of the modified Policy and agreement to abide and be bound by the modified Privacy Policy.

INFORMATION WE MAY COLLECT FROM YOU

Traffic Data. As is true of most websites, we automatically collect certain information when you visit our Website. This information includes:

(i) Location information. This is the geographic area where you use your computer and mobile devices (as indicated by an Internet Protocol [IP] address or similar identifier) when interacting with our Site, Software, and/or Services.

(ii) Log data. As with most websites and technology services delivered over the internet, our servers automatically collect data when you access or use our Site, Software, and/or Services and record it in log files. This log data may include the IP address, browser type and settings, the date and time of use, information about browser configuration, language preferences, and cookie data.

(iii) Usage information. This is information about the Website or services you use and how you use them. We may also obtain data from our third-party partners and service providers to analyze how users use our Website and services. For example, we will know how many users access a specific page on the Website and which links they clicked on. We use this aggregated information to better understand and optimize the Site.

(iv) Device information. These are data from your computer or mobile device, such as the type of hardware and software you are using (for example, your operating system and browser type), as well as unique device identifiers for devices that are using TapKat software.

(v) Cookies. Data obtained from cookies are described in the section titled Does TapKat Collect Cookie and Traffic Data below.

Information of this type (“Traffic Data”) is anonymous information that does not personally identify you but is helpful for us to improve the business performance and user experience of the Website.

Personal Data. In order for you to use our Website to create fundraising sites or for us to process transactions on our Website for your benefit or for you to take certain other actions on the Website (e.g. contacting us through forms, etc.) we require you to provide us with data that, alone or in combination with other data, could be used to personally identify you (“Personal Data”). Personal data includes the following types of data:

(i) Contact Data such as name, mailing address, e-mail address, TapKat user name, account number, and password.

(ii) Financial Data such as your bank account number or credit card number.

(iii) Demographic Data such as your zip code, age and gender.

(iv) Company Data such as your business name, size and business type.

(v) Activity Data such as your fundraising history, events attended, etc.

LINKS TO OTHER WEBSITES?

Our Website contains links to the sites of other companies and non-profit organizations. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those organizations.

HOW DOES TAPKAT USE MY PERSONAL Data?

We use, process, and store your information as necessary to perform our contract with you and for our legitimate business interests, including:

(i) to help us administer our Website and services, authenticate users for security purposes, provide personalized user features and access, process transactions, conduct research, develop new features, and improve the features, algorithms, and usability of our Website or services.

(ii) to communicate with you about your use of our Website, product announcements, and software updates, as well as respond to your requests for assistance, including providing account verification support if you’re having difficulty accessing your account.

(iii) to send you direct marketing emails and special offers through TapKat, from which you can unsubscribe at any time. For more information, please see the section entitled, “How do email communications work?” If you are located in the European Economic Area (EEA), we will only send you marketing information if you consent to us doing so at the time you create your account or any point thereafter.

(iv) to display user content and information associated with your account and make sure it is available to you when you use our services.

(v) To administer the promotions and marketing events you have entered in order to serve you and connect you with our events.

DOES TAPKAT COLLECT COOKIE AND TRAFFIC DATA?

As is true of most websites, we use cookies to collect Traffic Data related to the Website. We use another company to place cookies on your computer to compile this non-personally identifiable information so we can aggregate statistical information about usage of the Website.

The Website also contains web beacons, which are electronic images that are used along with cookies to compile statistics so we can analyze how the Website is being used. Our e-mails may also contain web beacons so we can track how many people open the message or click on links within the message. This information helps us improve our communication and marketing efforts.

We use a third party to gather information on how you and others are using the Website. By using this service we are able (for example) to see how many people visited a given page or clicked on a given link. This information helps us optimize the performance of the Website. We also use cookies to serve ads through third-party ad-network services to people who have visited our Website (“Retargeting Ads”). These Retargeting Ads will be viewable on other websites that are part of the ad network. Your browser likely contains controls for deleting or disabling cookies; however, your experience on the Website may be impacted if cookies are disabled.

IS MY PERSONAL DATA KEPT CONFIDENTIAL?

Except as otherwise provided in this Privacy Policy, we will keep your Personal Data private and only share it with other third parties when: '

(i) Service Providers. We use service providers who assist us in meeting business operations needs, including hosting, delivering, and improving our services. For more information see the section on, “Who Has Access to my client’s Personal Data below.” We also use service providers for specific services and functions, including email communication, customer support services, and analytics. These service providers may only access, process, or store Personal Data pursuant to our instructions and to perform their duties to us.

(ii) Consent. We have your explicit consent to share your Personal Data.

(iii) Law Enforcement. Occasionally we may be required by law enforcement or judicial authorities to provide Personal Data to the appropriate governmental authorities. We will disclose Personal Data upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.

(iv) Safety. We determine that the access, preservation, or disclosure of your Personal Data is required by law to protect the rights, property, or personal safety of TapKat and users of our Website, or to respond to lawful requests by public authorities, including national security or law enforcement requests.

(v) Business Transaction. We need to do so in connection with a merger, acquisition, bankruptcy, reorganization, sale of some or all of our assets or stock, public offering of securities, or steps in consideration of such activities (e.g., due diligence). In these cases some or all of your Personal Data may be shared with or transferred to another entity, subject to this Privacy Policy.

(vi) Marketing Companies. We may provide general location data (e.g., the city, or the state, in which a device is located) and information about your search or posting history to third parties that want to provide you with information, products, or services. Unless we have your permission, we will only provide such companies with non-personally identifiable information. In other words, while this information may be provided in conjunction with a randomly assigned number, or a number assigned to your TapKat account, it will not be provided in conjunction with your name.

(vii) With a Charity or Prize Provider. If you enter a sweepstakes, whether by making a donation or using an alternate method of entry, make a donation in connection with entering into a sweepstakes, you agree that we may share your name and contact information with the charity we designate as the benefiting charity for such sweepstakes and with any entity providing prizes for that sweepstakes, who may use your information for marketing purposes.

(viii) Sweepstakes Winners. As further explained in our Rules, by entering into a sweepstakes, you grant us the right to disclose name, biographical information, pictures/portraits, video images, likenesses and/or voice to the general public if you are a sweepstakes winner.

HOW SECURE IS MY INFORMATION?

Please keep in mind that while we take reasonable precautions to safeguard your Personal Data no amount of protection can guarantee its security. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.

To safeguard against unauthorized access to Personal Data by third parties, all electronic Personal Data held by TapKat is maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The Personal Data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access restricted to unauthorized personnel, fire detection and response systems. We employ reasonable physical and administrative safeguards to protect your Personal Data.

If TapKat learns of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on the Site. Depending on where you live, you may have a legal right to receive such notices in writing.

HOW DO EMAIL COMMUNICATIONS WORK?

We send out various emails to clients and others who interact with the Website, such as emails about new blog posts, product releases or special events or promotions (“Marketing Emails”). Nonprofits that register with the Website will automatically be subscribed to receive certain Marketing Emails.

Aside from those registering with the Website, you must opt in to receive Marketing Emails. Marketing Emails contain an unsubscribe option which you can follow at any point if you wish to stop receiving some or all of the Marketing Emails. If you have received our Marketing Emails mistakenly, or wish to stop receiving them, you can also contact us at support@tapkat.com and we will remove you from our list.

The Website also allows nonprofit clients to send various transactional (e.g. automated sweepstakes receipts, etc.) and outreach emails (together “Client Emails”). Unless such Client Emails are subject to an exception as part of an ongoing commercial relationship, or otherwise, as required by CANSPAM, they will contain an unsubscribe link.

For EEA users: We only send marketing communications to users located in the EEA with your prior consent. Please see the section “For EEA users” below.

WHO HAS ACCESS TO MY OR MY CLIENT’S CREDIT CARD NUMBERS?

We do not process any underlying payments facilitated by the Website; payments are processed by our partner internet payment service providers, (a “Payments Partner”). Financial data you input to consummate a transaction is encrypted using SSL technology and sent to a Payments Partner.

For recurring transactions your Financial and Contact data is stored by a Payment Partner in accordance with industry standards. Only the Payment Partner has access to your credit card number. We do not have access to your credit card number. Data handled by a Payment Partner is subject to that Payments Partner’s terms and privacy policy.

We use a Payment Partner to process monthly payments made by nonprofits that purchase subscription plans or upgrades from us. If you purchase a subscription plan, your purchase will be made on an SSL encrypted page or widget hosted by a Payment Partner and the payment information you submit will be submitted directly to and stored by a Payment Partner in accordance with industry standards. Data handled by a Payment Partner is subject to their terms and privacy policy.

We use a Payment Partner to process one-time donation payments made by your clients. When your client makes a one- time donation payment the transaction will be made on an SSL encrypted page or widget hosted by a Payment Partner and the payment information your client submits will be submitted directly to and stored by a Payment Partner in accordance with industry standards. Data handled by a Payment Partner is subject to their terms and privacy policy.

WHO HAS ACCESS TO MY OR MY CLIENTS PERSONAL DATA (EXCEPT FOR CREDIT CARD NUMBERS)?

We share your Personal Data with other business partners who assist us in performing core services (such as hosting, data storage and security) related to the operation of the Website. These business partners only use your Personal Data to perform these core services, which are necessary for the orderly operation of the Website.

WHAT’S AN INDIVIDUAL CLIENT PROFILE?

When your clients make a transaction through the Website, we automatically index it for you in your client database under an individual client profile. That information is accessible to you through your account.

ARE PAGES I CREATE PRIVATE?

In general, no. If you create a fundraising page, an event page, campaign page or other webpage on the Website, it is not private. For some types of pages you may be able to deactivate the page which will make the page private to your account or some pages may require you to activate the page before they become public. Pages created on the Website are indexed by search engines and accessible to the public.

WHAT OTHER INFORMATION IS PUBLIC?

Information you post on event pages, campaign pages, personal fundraising pages, a nonprofit profile, blog posts or other public pages on the Website can be accessed by other people. You should exercise caution when deciding to share information on public pages. We cannot control who accesses shared information or how other parties will use that information.

WHAT ARE ACTIVITY FEEDS?

Activity feeds are streamed displays of actions occurring on the Website. There are various public activity feeds on the Website. Nonprofit profiles have activity feeds that display activity relevant to each respective nonprofit (e.g. donations to, or ticket purchases from, that organization).

Nonprofits using the Website also have access to certain widgets (widgets are small snippets of code we generate that the nonprofit can then put into another website). These widgets allow a nonprofit to display activity occurring on the Website on the nonprofit’s own website, blog or another website. Please keep in mind that we cannot control where a given non- profit will embed the widgets we make accessible to it.

WHAT ARE APIs AND HOW CAN MY INFORMATION BE SHARED?

We make an application programming interface (an “API”) available to nonprofit clients. An API (in non technical terms) allows a nonprofit to automatically retrieve information from our site, for use/display elsewhere (e.g. on the nonprofit’s web- site). That being said, the information that we make available through our API is (generally) information that is otherwise available on the Website (e.g. already posted on an event page, campaign page, available through search results, etc.).

WHAT CHOICES DO I HAVE?

It’s up to you whether or not you want to provide us with Personal Data. You can still visit the Website without providing us with Personal Data, but you will be unable to take certain actions without doing so.

HOW LONG WILL WE HOLD YOUR DATA?

We will retain your information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

HOW CAN I DELETE OR CORRECT MY PERSONAL DATA?

If you have created a profile you can update your information by clicking on “Account Settings” which is accessible at the top of your screen once you’ve logged in. You can remove your Personal Data from TapKat at any time by logging into your account, accessing the “Account Settings” page, and then deleting your account.

FOR EEA USERS

This Privacy Policy is intended to provide adequate and consistent safeguards for the handling of personal information TapKat uses, processes, and stores Personal Data, including those listed in the “Information TapKat May Collect From You” section, as necessary to perform our contract with you, and based on our legitimate interests in order to provide the Website services. We rely on your clear and unequivocal consent for the processing, collection and transfer of Personal Data. Personal Data may be used to send promotional emails and to place cookies on your devices. In some cases, TapKat may process Personal Data pursuant to legal obligation or to protect your vital interests or those of another person.

WHAT RIGHTS DO EEA USERS HAVE, AND HOW TO EXERCISE THEM?

Individuals located in the EEA have certain rights in respect to their personal information, including the right to access, correct, or delete Personal Data we process through your use of the Website. If you’re a user based in the EEA, you can:

(i) Request a Personal Data report by submitting an email to support@tapkat.com. This report will include the Personal Data we have about you, provided to you in a structured, commonly used, and portable format. Please note that TapKat may request additional information from you to verify your identity before we disclose any information.

(ii) Have your Personal Data corrected or deleted. Some Personal Data can be updated by you: You can update your name and email address, as well as language preference, through your TapKat account settings. You can also remove your Personal Data from TapKat by deleting your account.

(iii) Object to us processing your Personal Data. You can ask us to stop using your Personal Data, including when we use your Personal Data to send you marketing emails. We only send marketing communications to users located in the EEA with your prior consent, and you may withdraw your consent at any time by clicking the “unsubscribe” link found within TapKat emails and changing your contact preferences. Please note you will continue to receive transactional messages related to our services, even if you unsubscribe from marketing emails.

(iv) Complain to a regulator. If you’re based in the EEA and think that we haven’t complied with data protection laws, you have a right to lodge a complaint with your local supervisory authority.

If you have other questions or do not have a TapKat account, contact us by email: support@tapkat.com. If you believe that TapKat has not adhered to this Privacy Policy in connection with the transfer of your personal information to the United States, please contact TapKat by e-mail at support@tapkat.com. We will do our best to address your concerns. If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation.

WHAT DO I DO IF MY DATA IS LOST OR STOLEN?

If you know, or suspect, that your credit card, user name, or password has been lost, stolen or used without your authorization you need to contact us immediately (support@tapkat.com). Upon notification, we will take reasonable steps to mitigate any damage, which may have been caused. You are responsible for the safety and security of your user name and pass- word. You should logout after each session you have with the Website and you shouldn’t share this information.

CAN CHILDREN USE THIS WEBSITE?

Our Website is for a general audience and is not targeted towards children. Children under 18 years of age are prohibited from using the Website per our Terms of Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Privacy Policy by instructing their children never to provide personal information through the Website without their permission. If your child has used the Website and submitted Personal Data to us, please contact us and we will take reasonable measures to remove that information from the Website and our database.