2. When we say ‘we’, ‘us’ or ‘Bootstrap’ it’s because that’s who we are and we own and run the Site.
The type of personal information we collect
1. We collect certain personal information about visitors and users of our Site.
2. The most common types of information we collect include things like: names, email addresses, IP addresses, other contact details, survey responses, payment information such as payment agent details, transactional details, tax information, support queries, and web analytics data. We will also collect personal information from potential volunteers (such as the application form itself, cover letter and interview notes, and volunteer liability waivers).
3. Bootstrap is eternally grateful for the donations that help us continue helping the homeless. It is very important to us that your personal information remains secure. When you donate to Bootstrap online, your credit card information is processed by these reputable companies: PayPay or Square. Bootstrap does not have access to your credit card number, which is used only for that particular transaction, and therefore is not collected or stored by us.
How we collect personal information
1. We collect personal information directly when you provide it to us, automatically as you navigate through the Site, or through other people when you use services associated with the Site (like donations through PayPal).
2. We collect your personal information when you provide it to us when you subscribe to a newsletter, email list, or send us a communication.
Personal information we collect about you from others
1. Although we generally collect personal information directly from you, on occasion, we also collect certain categories of personal information about you from other sources. In particular:
A. financial and/or transaction details from payment providers to process a transaction;
B. third party service providers (like Google, Facebook) who are located in the US or UK, which may provide information about you when you link, connect, or login to your account with the third party provider and they send us information such as your registration and profile from that service; and
C. other third party sources/ and or partners, whereby we receive additional information about you (to the extent permitted by applicable law), such as demographic data or fraud detection information, and combine it with information we have about you.
How we use personal information
1. Broadly speaking, we use personal information for the purpose of administering and expanding our service and charitable activities. We will use your personal information:
A. To complete a donation.
C. Where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests include:
1. updating you with operational news and information about our Site and services e.g. to notify you about changes to our Site, website disruptions or security updates;
2. carrying out technical analysis to determine how to improve the Site and services we provide;
3. monitoring activity on the Site, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the Site;
4. managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the Site or asking for your feedback or whether you want to participate in a survey;
5. managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
6. training Bootstrap staff about how to best serve our community;
7. improving our program and services.
8. providing general administrative and performance functions and activities.
9. processing your job application to Bootstrap;
10. processing your resident application to Bootstrap.
3. Where you give us consent:
A. providing you with marketing information about products and services which we feel may interest you; and
4. For purposes which are required by law.
5. For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
When we disclose your personal information
1. Bootstrap will not sell or trade donor’s or Resident information with any organization, nor will we send mailings on behalf of other organizations. We will disclose personal information to the following recipients:
1. authors of any services made available to you, so they can facilitate support;
2. service providers who assist us in connection with the ways we use personal information (as set out above), in particular: website hosting providers; marketing and analytics services; security and fraud prevention services; subscription management services (we use MailChimp); payment processing services (we use PayPal and Square).
3. our professional advisers (lawyers, accountants, financial advisers etc.) which are located in the USA;
4. regulators and government authorities in connection with our compliance procedures and obligations;
5. a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
6. a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
7. a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
8. other recipients where we are authorized or required by law to do so.
Where we transfer and/or store your personal information
1. We are based in the USA so your data will be processed in the US. In order to protect your information, we take care where possible to work with service providers who we believe maintain a high standard of data security compliance.
How we keep your personal information secure
1. Email is not recognized as a secure communication. For this reason, we request that you do not send private information to us by email.
2. We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location in the US. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
3. Please note, often links to other sites are provided solely as reference to information that may be useful to users. We are not responsible for the practices of other sites linked to or from our Site nor their information or content.
How you can access your personal information
1. You can access some of the personal information that we collect about you by clicking on “update your preferences” at the bottom of our email communications. You also have the right to make a request to access other personal information we hold about you and to request corrections of any errors in that data. To make an access or correction request, contact our privacy champion using the contact details at the end of this policy.
Marketing Choices regarding your personal information
1. Where we have your consent to do so (e.g. if you have subscribed to one of our e-mail lists or have indicated that you are interested in receiving offers or information from us), we send you marketing communications by email about programs and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
2. You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our Site may not work properly in your case.
Cookies (not the type you eat!) and web analytics
1. For general information on cookies, see http://www.allaboutcookies.org.
2. When you visit our Sites, there’s certain information that’s recorded which is generally anonymous information and does not reveal your identity. For example:
1. your IP address or proxy server IP address’;
2. the domain name you requested;
3. the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
4. the date and time of your visit to the website;
5. the length of your session;
6. the pages which you have accessed;
7. the number of times you access our site within any month;
8. the file URL you look at and information relating to it;
9. the website which referred you to our Site; and
10. the operating system which your computer uses.
Information about children
1. Our Site is not suitable for children under the age of 16 years, so if you are under 16 we ask that you do not use our Site or give us your personal information. If you are from 16 to 18 years, you can browse the Site but you’ll need the supervision of a parent or guardian to make a donation. It’s the responsibility of parents or guardians to monitor their children’s use of our Site. You can only volunteer for an event if you are 18 or over.
Information you make public or give to others
How long we keep your personal information
When we need to update this policy
1. We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
2. When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.
How you can contact us
1. If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact our privacy champion in writing at firstname.lastname@example.org.
If you’re a user or visitor in the European Economic Area these rights also apply to you:
1. For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ of your personal information.
How you can access your personal information
1. You are also entitled to ask us to port your personal information (i.e. to transfer in a structured, commonly used and machine-readable format, to you), to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described below.
2. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data even if you withdraw your consent.
3. Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.
4. If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.