This privacy policy describes the collection, use, protection, disclosure, correction, and deletion of your personal information by Subsplash. Please take a moment to read the following to learn more about our information practices, including what type of information is gathered, how the information is used and for what purposes, to whom we disclose the information, and how we safeguard your personal information. Your privacy is a priority at Subsplash, and we go to great lengths to protect it.
This privacy policy applies to the websites located at subsplash.com and thechurchapp.com, including all subpages and successor pages, as well as all software and services that we offer, including but not limited to those services that we offer through our websites when you register for a Subsplash account (collectively referred to as the “Subsplash Account Services”).
Subsplash may update its privacy policy from time to time. When we change the policy in a material way a notice will be posted on our website along with the updated privacy policy.
WHY WE COLLECT PERSONAL INFORMATION
We collect your personal information because:
If you wish to utilize Subsplash Account Services, Subsplash needs your information for purposes of processing and transmitting information to drive the correct data and content between servers and apps for your experience.
Also, there are a number of situations in which your personal information may help us give you better service. For example:
If you use a bulletin board, streaming service, messaging service, or chat room on a Subsplash website or Service you should be aware that any information you share is visible to other users. Personally identifiable information you submit to one of these forums can be read, collected, or used by other individuals to send you unsolicited messages. Subsplash is not responsible for the personally identifiable information you choose to submit in these forums. For example, if you choose to make information, which was previously non-public, available by disclosing it in such forms or by enabling certain user features, Subsplash will collect that information from your interaction and the information will become publicly available.
WHEN WE DISCLOSE YOUR INFORMATION
Subsplash takes your privacy very seriously. Subsplash does not sell or rent your contact information to other marketers or any other third party. If you wish to utilize the Subsplash Account Services, Subsplash discloses your information to third-party service providers and institutions for purposes of processing and transmitting information to drive the correct data and content between servers and apps for your experience. If you invite other users to one of our services, we may inform the person(s) you invite of who has invited them. Subsplash may share aggregated and anonymized forms of personal information with third parties, in which case, the information shared will be shared in a deidentified and non-identifiable form.
WITHIN THE SUBSPLASH GROUP
Subsplash, Inc. and Subsplash Wallet, LLC both operate under the name “Subsplash” and they operate as a group. To help us provide superior service, your personal information may be shared with legal entities within the Subsplash group globally who will take reasonable steps to safeguard it in accordance with Subsplash’s privacy policy.
WITH OUR SERVICE PROVIDERS, VENDORS, AND STRATEGIC PARTNERS
There are also times when it may be advantageous for Subsplash to make certain personal information about you available to companies that Subsplash has a strategic relationship with or that perform work for Subsplash to provide products and services to you on our behalf. These companies may help us process information, extend credit, fulfill customer orders, deliver products to you, manage and enhance customer data, provide customer service, assess your interest in our products and services, or conduct customer research or satisfaction surveys. These companies are also obligated to protect your personal information in strict accordance with Subsplash’s policies, except if we inform you otherwise at the time of collection. Without such information being made available, it would be difficult for you to purchase products, have products delivered to you, receive customer service, provide us feedback to improve our products and services, or access certain services, offers, and content on the Subsplash website.
BUSINESS TRANSFERS
We may choose to buy or sell assets and may share and/or transfer customer information, including Personal Information, in connection with the evaluation of and entry into such transactions and based on our legitimate interests. Also, if we or our assets are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be one of the assets transferred to or acquired by a third party.
LAWFUL REQUESTS
At times we may be required by law or litigation to disclose your personal information. We may also disclose information about you if we reasonably determine that for national security, law enforcement, or other issues of public importance, disclosure is necessary.
SUBSPLASH GIVING
Subsplash Giving is web-enabled functionality that can be used with a web browser and on mobile devices. It was developed by Subsplash to enable donors to donate money to third-party organizations. If you choose to use the Subsplash Giving functionality to donate money, Subsplash and the payment processor will collect personal information from you, including your name, contact information, the donation amounts, and the payment processor receives certain payment information (e.g. credit card number, billing address, security code) and will use that information to process payments and provide you records of the transactions. Donor information will be shared with the Gift Recipient.
When you send a text message to Subsplash or Subsplash Wallet for purposes of utilizing text-to-give functionality, you will be disclosing your cell phone number to Subsplash, Inc., and you thereby consent to receiving a hyperlink to the Subsplash Wallet donation portal via text message. In order to stop receiving texts from Subsplash or Subsplash Wallet, respond to the text message by typing, “STOP.”
SUBSPLASH LIVE
Subsplash Live uses YouTube API Services, governed by the Google Privacy Policy (http://www.google.com/policies/privacy), to access your organization’s YouTube channel name and ID, and to create live streams and live broadcasts on your organization’s behalf. We do this to display the linked channel in your Subsplash Dashboard and to create syndicated live broadcasts in that channel. In addition to Subsplash’s normal procedure for deleting stored data, your organization may revoke Subsplash Live’s access to your YouTube data via the Google security settings page (https://security.google.com/settings/security/permissions). Please contact Subsplash with any questions or complaints about Subsplash Live’s privacy practices.
COOKIES AND OTHER TECHNOLOGIES
As is standard practice on many corporate websites, Subsplash’s websites use “cookies” and other technologies to help us understand which parts of our websites are the most popular, where our visitors are going, and how much time they spend there. We also use cookies and other technologies to make sure that our online advertising is bringing customers to our products and services. Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.
If, however, you prefer not to enable cookies, you can disable them in your browser. Please note that certain features of the Subsplash websites and Subsplash online products will not be available once cookies are disabled.
As is true of most websites, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We may also track usage data, such as how frequently you visit our site or use our applications, how many messages you send, and how you engage with our content.
We also use Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website.
Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site.
We also may use other Google Analytics tools, such as Demographics and Interest Reporting, which enable us to learn more about the characteristics and interests of the users who visit our Site, and Remarketing with Google Analytics, which enables us to provide relevant advertising on different websites and online services.
Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across websites you use, visit this Google page.
We use this information, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
In some of our email messages we use a “click-through URL” linked to content on the Subsplash website. When customers click one of these URLs, they pass through our web server before arriving at the destination web page. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked simply avoid clicking text or graphic links in the email. In addition, we use pixel tags — tiny graphic images — to tell us what parts of our website customers have visited or to measure the effectiveness of searches customers perform on our site.
Pixel tags also enable us to send email messages in a format customers can read. And they tell us whether emails have been opened to ensure that we’re sending only messages that are of interest to our customers. We may use this information to reduce or eliminate messages sent to a customer.
HOW WE PROTECT YOUR PERSONAL INFORMATION
Subsplash takes precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction. The Subsplash websites use Secure Sockets Layer (SSL) encryption on all web pages where personal information is required. To make purchases from the Subsplash online store, or through your Subsplash accounts, you must use an SSL-enabled browser such as Safari, Google, or Internet Explorer. Doing so protects the confidentiality of your personal and credit card information while it’s transmitted over the Internet. You can help us by also taking precautions to protect your personal data when you are on the Internet. Change your passwords often using a combination of letters and numbers, and make sure you use a secure web browser like Safari or Google.
INTEGRITY OF YOUR PERSONAL INFORMATION
Subsplash allows you to keep your personal information accurate, complete, and up to date. Naturally, you have the right to access, correct and delete the personal information you have provided, though you may not delete all information if you wish to maintain an account with Subsplash and Subsplash is required to retain some information with regard to Subsplash Giving transactions and donors. Despite our best efforts, errors sometimes do occur. If you identify any personal information that is out-of-date, incorrect or incomplete, let us know and we will make the corrections promptly and use every reasonable effort to communicate these changes to other parties who may have inadvertently received incorrect or out-of-date personal information from us. In the event that you delete your information, such deletion may make it impossible for Subsplash to continue offering you some or all of the Subsplash Account Services.
Subsplash retains personal information only as long as we are required to for our business relationship or as required by Federal or Provincial laws, subject to reasonable industry practices for records retention. Subsplash has appropriate procedures in place with respect to the destruction, deletion and disposition of personal information when it is no longer required by Subsplash, subject to applicable law.
CHILDREN
Subsplash recognizes that parents, guardians, or other adults often purchase our products for family use, including use by minors. We do not knowingly collect personal information from children under the age of 13 for marketing purposes, but because some information is collected electronically, it can appear to be the personal information of the Subsplash purchaser of the product, and will be treated as such by this privacy policy. If a child under the age of 13 submits personal information to Subsplash without the consent of their parent or guardian and we learn that that personal information is the information of a child under the age of 13, we will delete the information as soon as possible.
We will never share, sell, rent, or transfer children’s personal information other than as described in this section.
We may disclose aggregated information about many of our users which may include aggregated information that does not identify a particular person. In addition, we may disclose children’s personal information:
You can review, change or delete your child’s personal information by:
CANADA CUSTOMERS
Our policies and practices have been designed to comply with the Personal Information Protection and Electronic Documents Act (Canada), the Privacy Act (Canada) and all provincial statutes that regulate the treatment of personal information in the private and public sectors.
Depending on the location of users of the Subsplash Account Services, information on the Subsplash Account Services including the Subsplash website may be accessed from outside of Canada or sent to others outside of Canada. Please note that any personal information that is sent outside of Canada may be subject to access by law enforcement and government authorities having jurisdiction in those countries in which the information is located.
If the event that any dispute between you and Subsplash regarding your personal information or this policy is not resolved pursuant to the “Dispute Resolution” section below within thirty (30) days, either party may consult the Privacy Commissioner of Canada or a relevant provincial privacy commissioner.
PRIVACY NOTICE FOR EU RESIDENTS
This Section [•] governs personal data, information relating to an identified or identifiable natural person, gathered from data subjects located in the EU only.
General Data Protection Regulation (“GDPR”) Information
The following information describes our commitments to you under EU General Data Protection Regulation (“GDPR”).
The GDPR makes a distinction between organizations that process personal data for their own purposes (known as "Data Controllers") and organizations that process personal data on behalf of other organizations (known as "Data Processors"). Subsplash only acts as a Data Controller for very limited types of data, such as the information you enter when you register an account with us or the information you submit when purchasing our software. Subsplash is the Data Controller for information provided by our users when we provide our Services. Subsplash is the Data Processor for information provided by our third party partners when they provide us with services, such as our payment partners processing payments on behalf of our users.
When We Act as a Data Controller
When we process your data as a Data Controller, the following applies.
We collect, use, and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:
We ask that you please attempt to resolve any issues regarding your data protection or requests with us first before contacting the relevant supervisory authority. If you would like to exercise any of the rights described above, please send a request to privacy@subsplash.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the requested personal data.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
When Subsplash Acts as a Data Processor
Where we process your data in our capacity as a Data Processor, the processing of your data will not be governed by the foregoing provisions (“When We Act As Data Controller”), but you can contact the Data Controller directly to learn about their processing of your information and to exercise your rights, or we will forward your request directly to them at your request.
Subsplash’s “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Subsplash will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.
EU-US DATA PRIVACY FRAMEWORK
The following provisions govern information collected in reliance on the EU-U.S. Data Privacy Framework Principles for transfers of personal data from the EU to the United States. Subsplash adheres to the Data Privacy Framework Principles (“Principles”) and is committed to subject to the Principles all personal data received from the EU in reliance on the Data Privacy Framework. Individuals from whom Subsplash collects personal information under the Data Privacy Framework have the right to access their personal data by contacting Subsplash here or at privacy@subsplash.com. As a result of certification to the Data Privacy Framework, Subsplash is subject to the investigatory and enforcement powers of the Federal Trade Commission or any other U.S. authorized statutory body.
You may access the Data Privacy Framework Participant List here.
Notice and Choice
When Subsplash collects personal information from individuals, it may share this information with its client organizations or third parties as described above in the Privacy Policy. Individuals should review the privacy policy of the client organization. Individuals will have the choice of signing up for Subsplash services or not. A link to the Subsplash privacy policy will be provided when individuals are first asked to provide personal information when opting in to Subsplash services.
In instances in which Subsplash is not the controller or collector of the personal information, but only a processor, it has no means of providing individuals with the choice and means for limiting the use and disclosure of their personal information or providing notices when individuals are first asked to provide personal information to Subsplash. In such instances, Subsplash will comply with the instructions of the controller of such information; provide appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the controller in responding to individuals exercising their rights under the Principles.
In the context of an onward transfer Subsplash has responsibility for the processing of personal information it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. Subsplash shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Disclosures to Third Parties
Subsplash will not make disclosures of personal information to third parties without notifying individuals that such disclosure may be made. In those instances in which Subsplash collects personal information from individuals, prior to disclosing personal information to a third party, Subsplash shall notify the individual of the fact that their information may be disclosed. If individuals do not wish to have their personal information disclosed to any third parties, the individual should not register for such Subsplash services. With regard to Subsplash Giving, donor information will be shared with the Gift Recipient. The Gift Recipient may utilize a third party for purposes of receipt and management of such information and donors should review the privacy policies of Gift Recipient in this regard. In the case of third parties (e.g., churches) for whom Subsplash gathers personal information, Subsplash shall enter into a contract that provides that such data may only be processed for limited and specified purposes consistent with consent provided and that such third party will provide the same level of protection as is required by the Principles. For third party agent recipients (e.g., payment processors) of personal information, Subsplash shall: transfer only such data for limited and specified purposes; ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles, and; upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing.
Data Security
Subsplash shall take reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Subsplash has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Subsplash cannot guarantee the security of information on or transmitted via the Internet.
Data Integrity
Subsplash shall only process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, Subsplash shall take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use.
Access
In those instances in which Subsplash collects personal information directly from individuals, Subsplash shall allow those individuals access to their personal information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. As noted above, you may not delete all information if you wish to maintain an account with Subsplash and Subsplash is required to retain some information with regard to Subsplash Giving transactions and the applicable users.
Recourse, Enforcement, and Liability
A) Dispute Resolution
If you filed a complaint with Subsplash and it has not been properly addressed, JAMS is designated by Subsplash as the independent dispute resolution body to address complaints regarding Subsplash’s collection of personal information and provide appropriate recourse. Such body will not charge the complaining party for its services. Follow this link to the complaint submission form for the above referenced independent dispute resolution body.
B) Binding Arbitration
If your claims as to data covered by the EU-U.S. Data Privacy Framework have not been remedied through dispute resolution directly with Subsplash or through independent dispute resolution as described above, such “residual claims” may be heard by a “Data Privacy Framework Panel” composed of one or three arbitrators as agreed upon by the parties. The Panel may only award individual-specific, non-monetary equitable relief (e.g. access, correction, deletion of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual. Damages, costs, fees and other remedies may not be awarded, and each party bears its own attorney’s fees. This arbitration option is only available for an individual to determine for such “residual claims” whether Subsplash has violated its obligations under the Principles as to that individual and whether any such violation remains fully or partially unremedied.
C) GDPR (General Data Protection Regulation)
The GDPR replaces Directive 95/46/EC and becomes enforceable on May 25, 2018. The following statement is intended to supplement the preceding discussion of the EU-U.S. Data Privacy Framework. As to personal data collected and controlled by Subsplash, subject to the qualifications and limitations stated in the preceding discussion, EU data subjects retain their full rights to be informed of the purposes of our processing activities at collection; to withdraw consent; to access, rectify, transport, and erase their personal data; to object to processing for direct marketing efforts; and to object when subjected to automated processing decisions. As to personal data collected by third parties, and as to which Subsplash is a mere processor, EU data subjects should contact the controller (e.g., church or ministry) with regard to their rights to be informed of the purposes of our processing activities at collection; to withdraw consent; to access, rectify, transport, and erase their personal data; to object to processing for direct marketing efforts; and to object when subjected to automated processing decisions. Such rights may be subject to certain qualifications and limitations as stated in the discussion of EU-US Data Privacy Framework.
Our Data Protection Officers will assist EU residents with these requests free of charge and may be contacted at privacy@subsplash.com.
Subsplash understands that the adoption of global data security practices is not a one-time activity. Subsplash’s “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Subsplash will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.
We do not intentionally collect personal data from, and do not tailor any services to, children.
VeraSafe has been appointed as Subsplash's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to the Privacy Officer, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at: +420 228 881 031.
DATA PRIVACY FOR CALIFORNIA RESIDENTS
This section applies solely to visitors and users of our Site and Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.
For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.
Information We Collect
Subsplash collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device ("personal information"). In particular, Subsplash has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:
SPECIALIZED PARTNER CAMPAIGNS
From time-to-time, Subsplash may work with partner organizations to develop and distribute specialized content. Users who participate in the specialized marketing campaigns by completing our lead form and downloading the applicable content will be subject to the Supplemental Privacy Notice in addition to this Privacy Policy.
OUR COMPANY-WIDE COMMITMENT TO YOUR PRIVACY
To make sure your personal information is secure, we communicate these privacy guidelines to Subsplash employees and strictly enforce privacy safeguards within the company.
FREEDOM OF INFORMATION REQUESTS
If you are communicating with or making a donation to any organization or institution that is subject to either federal or provincial public sector “freedom of information” or “access to information” legislation, then please note that information concerning your communication and/or donation may disclosed to third parties pursuant to the procedures available under those laws.
INQUIRIES, COMPLAINTS, AND DISPUTE RESOLUTION
If you wish to verify, correct or delete any personal information we have collected, or if you have any questions or concerns, or if you have any complaints, please contact us
This privacy policy applies to the websites located at subsplash.com and thechurchapp.com, including all subpages and successor pages, as well as all software and services that we offer, including but not limited to those services that we offer through our websites when you register for a Subsplash account (collectively referred to as the “Subsplash Account Services”).
Subsplash may update its privacy policy from time to time. When we change the policy in a material way a notice will be posted on our website along with the updated privacy policy.
WHY WE COLLECT PERSONAL INFORMATION
We collect your personal information because:
- It helps Subsplash deliver and administrate your Subsplash Account Services;
- It helps Subsplash deliver a superior level of customer service;
- It enables Subsplash to give you convenient access to our products and services and focus on categories of greatest interest to you;
- It helps Subsplash keep you posted on the latest product announcements, software updates, special offers, and events that you might like to hear about. If you do not want Subsplash to keep you up to date with Subsplash news, software updates and the latest information on products and services please submit your request here or send an email request to privacy@subsplash.com.
If you wish to utilize Subsplash Account Services, Subsplash needs your information for purposes of processing and transmitting information to drive the correct data and content between servers and apps for your experience.
Also, there are a number of situations in which your personal information may help us give you better service. For example:
- We may ask for your personal information when you’re discussing a service issue on the phone with an associate, downloading a software update, registering for a seminar, participating in an online survey, registering your products, or purchasing a product;
- When you interact with Subsplash, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the Subsplash products you own, such as their serial numbers and date of purchase; and information relating to a support or service issue;
- We collect information regarding customer activities on our websites and applications. This helps us to determine how best to provide useful information to customers and to understand which parts of our websites, products, and Internet services are of most interest to them, and diagnose problems with our servers and websites;
- When you visit the Subsplash mobile application, we may ask you to opt in to allow us to use GPS technology (or other similar technology) to determine your current location for purposes of reporting on user activity and engagement. If you do not want us to use your location for the purposes set forth above, you should not opt in or turn off the location services for the Subsplash mobile application located in your account settings or in your mobile phone settings and/or within the mobile application;
- We may use personal information to provide products and/or services that you have requested as well as for auditing, research, and analysis to improve Subsplash’s products; and
- If you utilize the Subsplash messaging functionality, Subsplash stores the contents of your messages which may contain personal information, may obtain your mobile device’s number or your email, and may request access to your mobile device’s contacts for the purpose of accessing and storing only the phone number and/or the email address of the particular persons that you opt to contact through the Service—Subsplash will not copy any contact information regarding persons that you do not contact through the Service. With regard to the contact information of the particular persons that you opt to contact through the Service, Subsplash will only utilize that information for purposes of providing the Service, and will not use that information for any other purpose;
- If you sign up for Subsplash Messaging, as described above, and you choose to invite other users to join a conversation, Subsplash will request access to your contacts, though it is not required in order to invite other users to your conversation. Subsplash will only use this access to enable you to invite other users.
- Subsplash may use aggregated and anonymized forms of personal information for a variety of purposes, including, but not limited to, analyzing usage trends, fraud detection, and development of new Services.
If you use a bulletin board, streaming service, messaging service, or chat room on a Subsplash website or Service you should be aware that any information you share is visible to other users. Personally identifiable information you submit to one of these forums can be read, collected, or used by other individuals to send you unsolicited messages. Subsplash is not responsible for the personally identifiable information you choose to submit in these forums. For example, if you choose to make information, which was previously non-public, available by disclosing it in such forms or by enabling certain user features, Subsplash will collect that information from your interaction and the information will become publicly available.
WHEN WE DISCLOSE YOUR INFORMATION
Subsplash takes your privacy very seriously. Subsplash does not sell or rent your contact information to other marketers or any other third party. If you wish to utilize the Subsplash Account Services, Subsplash discloses your information to third-party service providers and institutions for purposes of processing and transmitting information to drive the correct data and content between servers and apps for your experience. If you invite other users to one of our services, we may inform the person(s) you invite of who has invited them. Subsplash may share aggregated and anonymized forms of personal information with third parties, in which case, the information shared will be shared in a deidentified and non-identifiable form.
WITHIN THE SUBSPLASH GROUP
Subsplash, Inc. and Subsplash Wallet, LLC both operate under the name “Subsplash” and they operate as a group. To help us provide superior service, your personal information may be shared with legal entities within the Subsplash group globally who will take reasonable steps to safeguard it in accordance with Subsplash’s privacy policy.
WITH OUR SERVICE PROVIDERS, VENDORS, AND STRATEGIC PARTNERS
There are also times when it may be advantageous for Subsplash to make certain personal information about you available to companies that Subsplash has a strategic relationship with or that perform work for Subsplash to provide products and services to you on our behalf. These companies may help us process information, extend credit, fulfill customer orders, deliver products to you, manage and enhance customer data, provide customer service, assess your interest in our products and services, or conduct customer research or satisfaction surveys. These companies are also obligated to protect your personal information in strict accordance with Subsplash’s policies, except if we inform you otherwise at the time of collection. Without such information being made available, it would be difficult for you to purchase products, have products delivered to you, receive customer service, provide us feedback to improve our products and services, or access certain services, offers, and content on the Subsplash website.
BUSINESS TRANSFERS
We may choose to buy or sell assets and may share and/or transfer customer information, including Personal Information, in connection with the evaluation of and entry into such transactions and based on our legitimate interests. Also, if we or our assets are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be one of the assets transferred to or acquired by a third party.
LAWFUL REQUESTS
At times we may be required by law or litigation to disclose your personal information. We may also disclose information about you if we reasonably determine that for national security, law enforcement, or other issues of public importance, disclosure is necessary.
SUBSPLASH GIVING
Subsplash Giving is web-enabled functionality that can be used with a web browser and on mobile devices. It was developed by Subsplash to enable donors to donate money to third-party organizations. If you choose to use the Subsplash Giving functionality to donate money, Subsplash and the payment processor will collect personal information from you, including your name, contact information, the donation amounts, and the payment processor receives certain payment information (e.g. credit card number, billing address, security code) and will use that information to process payments and provide you records of the transactions. Donor information will be shared with the Gift Recipient.
When you send a text message to Subsplash or Subsplash Wallet for purposes of utilizing text-to-give functionality, you will be disclosing your cell phone number to Subsplash, Inc., and you thereby consent to receiving a hyperlink to the Subsplash Wallet donation portal via text message. In order to stop receiving texts from Subsplash or Subsplash Wallet, respond to the text message by typing, “STOP.”
SUBSPLASH LIVE
Subsplash Live uses YouTube API Services, governed by the Google Privacy Policy (http://www.google.com/policies/privacy), to access your organization’s YouTube channel name and ID, and to create live streams and live broadcasts on your organization’s behalf. We do this to display the linked channel in your Subsplash Dashboard and to create syndicated live broadcasts in that channel. In addition to Subsplash’s normal procedure for deleting stored data, your organization may revoke Subsplash Live’s access to your YouTube data via the Google security settings page (https://security.google.com/settings/security/permissions). Please contact Subsplash with any questions or complaints about Subsplash Live’s privacy practices.
COOKIES AND OTHER TECHNOLOGIES
As is standard practice on many corporate websites, Subsplash’s websites use “cookies” and other technologies to help us understand which parts of our websites are the most popular, where our visitors are going, and how much time they spend there. We also use cookies and other technologies to make sure that our online advertising is bringing customers to our products and services. Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.
If, however, you prefer not to enable cookies, you can disable them in your browser. Please note that certain features of the Subsplash websites and Subsplash online products will not be available once cookies are disabled.
As is true of most websites, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We may also track usage data, such as how frequently you visit our site or use our applications, how many messages you send, and how you engage with our content.
We also use Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website.
Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site.
We also may use other Google Analytics tools, such as Demographics and Interest Reporting, which enable us to learn more about the characteristics and interests of the users who visit our Site, and Remarketing with Google Analytics, which enables us to provide relevant advertising on different websites and online services.
Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across websites you use, visit this Google page.
We use this information, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
In some of our email messages we use a “click-through URL” linked to content on the Subsplash website. When customers click one of these URLs, they pass through our web server before arriving at the destination web page. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked simply avoid clicking text or graphic links in the email. In addition, we use pixel tags — tiny graphic images — to tell us what parts of our website customers have visited or to measure the effectiveness of searches customers perform on our site.
Pixel tags also enable us to send email messages in a format customers can read. And they tell us whether emails have been opened to ensure that we’re sending only messages that are of interest to our customers. We may use this information to reduce or eliminate messages sent to a customer.
HOW WE PROTECT YOUR PERSONAL INFORMATION
Subsplash takes precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction. The Subsplash websites use Secure Sockets Layer (SSL) encryption on all web pages where personal information is required. To make purchases from the Subsplash online store, or through your Subsplash accounts, you must use an SSL-enabled browser such as Safari, Google, or Internet Explorer. Doing so protects the confidentiality of your personal and credit card information while it’s transmitted over the Internet. You can help us by also taking precautions to protect your personal data when you are on the Internet. Change your passwords often using a combination of letters and numbers, and make sure you use a secure web browser like Safari or Google.
INTEGRITY OF YOUR PERSONAL INFORMATION
Subsplash allows you to keep your personal information accurate, complete, and up to date. Naturally, you have the right to access, correct and delete the personal information you have provided, though you may not delete all information if you wish to maintain an account with Subsplash and Subsplash is required to retain some information with regard to Subsplash Giving transactions and donors. Despite our best efforts, errors sometimes do occur. If you identify any personal information that is out-of-date, incorrect or incomplete, let us know and we will make the corrections promptly and use every reasonable effort to communicate these changes to other parties who may have inadvertently received incorrect or out-of-date personal information from us. In the event that you delete your information, such deletion may make it impossible for Subsplash to continue offering you some or all of the Subsplash Account Services.
Subsplash retains personal information only as long as we are required to for our business relationship or as required by Federal or Provincial laws, subject to reasonable industry practices for records retention. Subsplash has appropriate procedures in place with respect to the destruction, deletion and disposition of personal information when it is no longer required by Subsplash, subject to applicable law.
CHILDREN
Subsplash recognizes that parents, guardians, or other adults often purchase our products for family use, including use by minors. We do not knowingly collect personal information from children under the age of 13 for marketing purposes, but because some information is collected electronically, it can appear to be the personal information of the Subsplash purchaser of the product, and will be treated as such by this privacy policy. If a child under the age of 13 submits personal information to Subsplash without the consent of their parent or guardian and we learn that that personal information is the information of a child under the age of 13, we will delete the information as soon as possible.
We will never share, sell, rent, or transfer children’s personal information other than as described in this section.
We may disclose aggregated information about many of our users which may include aggregated information that does not identify a particular person. In addition, we may disclose children’s personal information:
- To third parties that the child’s parent or guardian approved through the Services.
- If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Subsplash, our customers or others, including to: (1) protect the safety of a child; (2) protect the safety and security of the Services; or (3) enable us to take precautions against liability; or
- To law enforcement agencies or for an investigation related to public safety.
You can review, change or delete your child’s personal information by:
- Logging on to your account; or
- Submitting a request here, or by sending us an email at privacy@subsplash.com.
CANADA CUSTOMERS
Our policies and practices have been designed to comply with the Personal Information Protection and Electronic Documents Act (Canada), the Privacy Act (Canada) and all provincial statutes that regulate the treatment of personal information in the private and public sectors.
Depending on the location of users of the Subsplash Account Services, information on the Subsplash Account Services including the Subsplash website may be accessed from outside of Canada or sent to others outside of Canada. Please note that any personal information that is sent outside of Canada may be subject to access by law enforcement and government authorities having jurisdiction in those countries in which the information is located.
If the event that any dispute between you and Subsplash regarding your personal information or this policy is not resolved pursuant to the “Dispute Resolution” section below within thirty (30) days, either party may consult the Privacy Commissioner of Canada or a relevant provincial privacy commissioner.
PRIVACY NOTICE FOR EU RESIDENTS
This Section [•] governs personal data, information relating to an identified or identifiable natural person, gathered from data subjects located in the EU only.
General Data Protection Regulation (“GDPR”) Information
The following information describes our commitments to you under EU General Data Protection Regulation (“GDPR”).
The GDPR makes a distinction between organizations that process personal data for their own purposes (known as "Data Controllers") and organizations that process personal data on behalf of other organizations (known as "Data Processors"). Subsplash only acts as a Data Controller for very limited types of data, such as the information you enter when you register an account with us or the information you submit when purchasing our software. Subsplash is the Data Controller for information provided by our users when we provide our Services. Subsplash is the Data Processor for information provided by our third party partners when they provide us with services, such as our payment partners processing payments on behalf of our users.
When We Act as a Data Controller
When we process your data as a Data Controller, the following applies.
We collect, use, and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- Consent: Our use of your personal data is in accordance with your consent. If we process your personal data based on consent, you will be asked for said consent at or before the time of data collection. You may withdraw your consent at any time, and will not suffer any detriment for withdrawing your consent.
- Contract: Our use of your personal data is to fulfill a contract between you and us.
- Legal Obligation: Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal data to a court, or store information due to federal financial regulations); or
- Legitimate Interest: Our use of your personal data is for a legitimate interest of ours, such as fraud prevention and ensuring our network’s security.
- Right to Access: You have the right to access your personal data that is being processed; specifically you may request to view your personal data and obtain copies of your personal data.
- Right to Rectification: You have the right to request modifications to your personal data if it is out of date or inaccurate. In some circumstances, you may be able to exercise this right, in whole or in part, through your existing account with us.
- Right of Erasure: You have the right to ask that we delete your personal data. However, we are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
- Right to Restriction of Processing: Under certain circumstances, you have the right to request we restrict processing your personal data You have the right to restrict the use of your personal data. However, we can continue to use your personal data following a request for restriction (a) where we have your consent; (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
- Right to Data Portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
- Right to Object: You have the right to object to the processing of your personal data. However, we may still process your personal data if we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
- Right to Object to Automated Processing: You have the right to object to decisions based on automated processing, such as where a computer assesses factors in the data we collect about you and makes a determination. We do not currently make any decisions based on automated processing.
We ask that you please attempt to resolve any issues regarding your data protection or requests with us first before contacting the relevant supervisory authority. If you would like to exercise any of the rights described above, please send a request to privacy@subsplash.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the requested personal data.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
When Subsplash Acts as a Data Processor
Where we process your data in our capacity as a Data Processor, the processing of your data will not be governed by the foregoing provisions (“When We Act As Data Controller”), but you can contact the Data Controller directly to learn about their processing of your information and to exercise your rights, or we will forward your request directly to them at your request.
Subsplash’s “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Subsplash will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.
EU-US DATA PRIVACY FRAMEWORK
The following provisions govern information collected in reliance on the EU-U.S. Data Privacy Framework Principles for transfers of personal data from the EU to the United States. Subsplash adheres to the Data Privacy Framework Principles (“Principles”) and is committed to subject to the Principles all personal data received from the EU in reliance on the Data Privacy Framework. Individuals from whom Subsplash collects personal information under the Data Privacy Framework have the right to access their personal data by contacting Subsplash here or at privacy@subsplash.com. As a result of certification to the Data Privacy Framework, Subsplash is subject to the investigatory and enforcement powers of the Federal Trade Commission or any other U.S. authorized statutory body.
You may access the Data Privacy Framework Participant List here.
Notice and Choice
When Subsplash collects personal information from individuals, it may share this information with its client organizations or third parties as described above in the Privacy Policy. Individuals should review the privacy policy of the client organization. Individuals will have the choice of signing up for Subsplash services or not. A link to the Subsplash privacy policy will be provided when individuals are first asked to provide personal information when opting in to Subsplash services.
In instances in which Subsplash is not the controller or collector of the personal information, but only a processor, it has no means of providing individuals with the choice and means for limiting the use and disclosure of their personal information or providing notices when individuals are first asked to provide personal information to Subsplash. In such instances, Subsplash will comply with the instructions of the controller of such information; provide appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the controller in responding to individuals exercising their rights under the Principles.
In the context of an onward transfer Subsplash has responsibility for the processing of personal information it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. Subsplash shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Disclosures to Third Parties
Subsplash will not make disclosures of personal information to third parties without notifying individuals that such disclosure may be made. In those instances in which Subsplash collects personal information from individuals, prior to disclosing personal information to a third party, Subsplash shall notify the individual of the fact that their information may be disclosed. If individuals do not wish to have their personal information disclosed to any third parties, the individual should not register for such Subsplash services. With regard to Subsplash Giving, donor information will be shared with the Gift Recipient. The Gift Recipient may utilize a third party for purposes of receipt and management of such information and donors should review the privacy policies of Gift Recipient in this regard. In the case of third parties (e.g., churches) for whom Subsplash gathers personal information, Subsplash shall enter into a contract that provides that such data may only be processed for limited and specified purposes consistent with consent provided and that such third party will provide the same level of protection as is required by the Principles. For third party agent recipients (e.g., payment processors) of personal information, Subsplash shall: transfer only such data for limited and specified purposes; ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles, and; upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing.
Data Security
Subsplash shall take reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Subsplash has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Subsplash cannot guarantee the security of information on or transmitted via the Internet.
Data Integrity
Subsplash shall only process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, Subsplash shall take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use.
Access
In those instances in which Subsplash collects personal information directly from individuals, Subsplash shall allow those individuals access to their personal information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. As noted above, you may not delete all information if you wish to maintain an account with Subsplash and Subsplash is required to retain some information with regard to Subsplash Giving transactions and the applicable users.
Recourse, Enforcement, and Liability
A) Dispute Resolution
If you filed a complaint with Subsplash and it has not been properly addressed, JAMS is designated by Subsplash as the independent dispute resolution body to address complaints regarding Subsplash’s collection of personal information and provide appropriate recourse. Such body will not charge the complaining party for its services. Follow this link to the complaint submission form for the above referenced independent dispute resolution body.
B) Binding Arbitration
If your claims as to data covered by the EU-U.S. Data Privacy Framework have not been remedied through dispute resolution directly with Subsplash or through independent dispute resolution as described above, such “residual claims” may be heard by a “Data Privacy Framework Panel” composed of one or three arbitrators as agreed upon by the parties. The Panel may only award individual-specific, non-monetary equitable relief (e.g. access, correction, deletion of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual. Damages, costs, fees and other remedies may not be awarded, and each party bears its own attorney’s fees. This arbitration option is only available for an individual to determine for such “residual claims” whether Subsplash has violated its obligations under the Principles as to that individual and whether any such violation remains fully or partially unremedied.
C) GDPR (General Data Protection Regulation)
The GDPR replaces Directive 95/46/EC and becomes enforceable on May 25, 2018. The following statement is intended to supplement the preceding discussion of the EU-U.S. Data Privacy Framework. As to personal data collected and controlled by Subsplash, subject to the qualifications and limitations stated in the preceding discussion, EU data subjects retain their full rights to be informed of the purposes of our processing activities at collection; to withdraw consent; to access, rectify, transport, and erase their personal data; to object to processing for direct marketing efforts; and to object when subjected to automated processing decisions. As to personal data collected by third parties, and as to which Subsplash is a mere processor, EU data subjects should contact the controller (e.g., church or ministry) with regard to their rights to be informed of the purposes of our processing activities at collection; to withdraw consent; to access, rectify, transport, and erase their personal data; to object to processing for direct marketing efforts; and to object when subjected to automated processing decisions. Such rights may be subject to certain qualifications and limitations as stated in the discussion of EU-US Data Privacy Framework.
Our Data Protection Officers will assist EU residents with these requests free of charge and may be contacted at privacy@subsplash.com.
Subsplash understands that the adoption of global data security practices is not a one-time activity. Subsplash’s “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Subsplash will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.
We do not intentionally collect personal data from, and do not tailor any services to, children.
VeraSafe has been appointed as Subsplash's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to the Privacy Officer, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at: +420 228 881 031.
DATA PRIVACY FOR CALIFORNIA RESIDENTS
This section applies solely to visitors and users of our Site and Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.
For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.
Information We Collect
Subsplash collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device ("personal information"). In particular, Subsplash has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:
SPECIALIZED PARTNER CAMPAIGNS
From time-to-time, Subsplash may work with partner organizations to develop and distribute specialized content. Users who participate in the specialized marketing campaigns by completing our lead form and downloading the applicable content will be subject to the Supplemental Privacy Notice in addition to this Privacy Policy.
OUR COMPANY-WIDE COMMITMENT TO YOUR PRIVACY
To make sure your personal information is secure, we communicate these privacy guidelines to Subsplash employees and strictly enforce privacy safeguards within the company.
FREEDOM OF INFORMATION REQUESTS
If you are communicating with or making a donation to any organization or institution that is subject to either federal or provincial public sector “freedom of information” or “access to information” legislation, then please note that information concerning your communication and/or donation may disclosed to third parties pursuant to the procedures available under those laws.
INQUIRIES, COMPLAINTS, AND DISPUTE RESOLUTION
If you wish to verify, correct or delete any personal information we have collected, or if you have any questions or concerns, or if you have any complaints, please contact us