Skip to main content.

Privacy Choices

Additional U.S. Privacy Disclosures


1. Scope of Disclosures

These Additional U.S. Privacy Disclosures (the “U.S. Privacy Disclosures”) supplement the information contained in our Privacy Policy regarding the DonorDrive products and services that post or link to these U.S. Privacy Disclosures (collectively, “DonorDrive”, “we”, “us”, or “our”) and apply solely to residents of the State of California and Nevada.

In accordance with applicable U.S. privacy laws, these U.S. Privacy Disclosures provide additional information about how we collect, use, disclose and otherwise process personal data of individual California and Nevada residents either online or offline.

Unless otherwise expressly stated, all terms in these U.S. Privacy Disclosures have the same meaning as defined in our Privacy Policy.

2. Personal Data Disclosures

As described in more detail in the Personal Data We Collect section of our Privacy Policy, we collect the following categories of personal data:

  • Identifiers, including full name, email address, IP address, and account username and password;
  • Customer Records, including home address, business address, and phone number;
  • Internet/Network Information, including log data and analytics data.
  • Profession/Employment Information, including your employer, company name or the name you are doing business as, your business’s contact information, and your job title or description.
  • Other Personal data, including personal data you permit us to see when interacting with us through social media, and personal data you provide us in relation to your questions, requests, or inquiries.
  • Inferences, including our predictions about interests and preferences based on other personal data we have collected about you.

We collect personal data about you for the purposes described in the How We Use Personal Data section of our Privacy Policy.

While we do not “sell” personal data in the traditional sense, we do, however, sell or share personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”). For more information, please see the “Disclosure, Sale, and Sharing of Personal data” section below.

3. Sensitive Information

The following personal data elements we collect may be classified as “sensitive” under certain privacy laws (“sensitive information”):

  • Account name and password;
  • Driver’s license number;
  • Credit/debit card number plus expiratin data and security code (CVV);

DonorDrive only uses or discloses sensitive personal data for the following purposes, where such use or disclosure is necessary and proportionate for those purposes: for performing services you have requested, for detecting security incidents, fraud and other illegal actions, to ensure the physical safety of natural persons, to perform services on behalf of the business (where the sensitive information is reasonably necessary and proportionate for this purpose), or for short term transient use.

We do not sell sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising.

4. Sources of Personal Data

As described in the Personal Data We Collect section of our Privacy Policy, we collect personal data and sensitive information from a variety of sources, including: directly from you when you provide it to us, automatically when you visit our website, from our customers, and from service providers, publicly available sources and other third parties.

5. Deidentified Information

We may at times receive, or process personal data to create deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

6. Disclosure, Sale, and Sharing of Personal Data

As is common practice among companies that operate online, we allow certain third-party providers to use cookies and related technologies to collect log data, analytics data, and location information about consumers directly through our website for purposes of analyzing and optimizing our services, delivering ads, providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. Some of these practices may constitute the sale of personal data or the use of personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”). For more information about how to exercise your choices regarding cookies or online advertising, please see the Your Choices About Cookies and Online Ads section and the Your Privacy Choices section in our Privacy Policy

As described in the How We Disclose of Personal Information section of our Privacy Policy, we disclose personal information with a variety of third parties for business purposes or we may sell or share your personal information to third parties for targeted advertising purposes, subject to your right to opt out of selling or sharing. In the previous 12 months, we have sold or shared for targeted advertising purposes all of the categories of personal information we collect, explained above, to third parties. Subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal information or the sharing of personal information for purposes of targeted advertising (as described in the Your Privacy Choices section).

7. Retention of Personal Data

We retain personal data only for as long as is reasonably necessary to fulfil the purpose for which it was collected. However, if necessary, we may retain personal data for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax, or accounting requirements set by a legislature, regulator, or other government authority.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, and whether we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

Once retention of the personal data is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if this is not possible (for example, because personal data has been stored in backup archives), then we will not further process the personal data until deletion or deidentification is possible.

8. Your Privacy Choices

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights. Individuals who wish to exercise these rights with respect to customer data should direct their requests to the DonorDrive customer contact that controls their personal data:

The Right to Know

The right to confirm whether we are processing personal information about you and to obtain certain personalized details about the personal information we have collected about you, including:

  • The categories of personal data collected;
  • The categories of sources of the personal data;
  • The purposes for which the personal data were collected;
  • The categories of personal data disclosed to third parties (if any), and the categories of recipients to whom the personal data was disclosed;
  • The categories of personal data shared for cross-context behavioral advertising purposes (or, “targeted advertising”) (if any), and the categories of recipients to whom the personal information was disclosed for those purposes.

The Right to Access & Portability

The right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

The Right to Correction

The right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.

The Right to Request Deletion

The right to request the deletion of personal data that we maintain about you, subject to certain exceptions.

The Right to Control Over Sensitive Information

The right to direct us not to sell or share personal data for certain targeted or cross-context behavioral advertising purposes.

The Right to Opt Out of Sales or Sharing for Targeted Advertising Purposes

The right to direct us not to sell or share personal data for certain targeted or cross-context behavioral advertising purposes. 

“Shine the Light”

California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).

You also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, please note that if the exercise of these rights limits our ability to process personal data, we may no longer be able to engage with you in the same manner. In addition, the exercise of the rights described above may result in a different price, rate, or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

10. Submitting Privacy Requests

To Exercise Your Privacy Rights

To submit a request to exercise any of your privacy rights listed above, please submit a request specifying the right you wish to exercise by:

Before processing your request, we will need to verify your identity and confirm you are a resident of an eligible state that offers such right. As a result, we require requests to include:

  • The full name of the individual the personal data is about (the consumer);
  • The full name of the individual making the request and their relationship to the consumer;
  • The consumer’s state of residence;
  • The consumer’s relationship to DonorDrive, including the DonorDrive entity, products and/or services relevant to the request;
  • The right to be exercised, the associated request and the scope of personal data involved (e.g., all or a subset of the information); and
  • The best phone number or email address for us to contact the requesting individual and the consumer.

In order to verify your identity, we may also require additional personal data to match against the information we maintain about you in our systems.  

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or confirm you are a resident of an eligible state. 

To Exercise the Right to Opt Out of Personal Data Sales or Sharing for Targeted Advertising Purposes

Unless you have exercised your Right to Opt Out, we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes. The third parties to whom we sell or share personal data may use such information for their own purposes in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties. 

You do not need to create an account with us to exercise your Right to Opt Out. However, we may ask you to provide additional personal data so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal data provided in an opt out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

To exercise your right to opt-out as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, please click here to adjust your preferences. 

Minors Under Age 16

We do not sell the personal data of consumers we know to be less than 16 years of age. Please contact us at support@donordrive.com to inform us if you, or your minor child, are under the age of 16 and have provided us with personal data.

Submitting Authorized Agent Requests

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf.  In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Notice to European Users

The information provided in this “Notice to European Users” section applies only to individuals in Europe.

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller. Global Cloud, Ltd. dba DonorDrive (“DonorDrive”).  is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing Purpose

Details regarding each processing purpose listed below are provided in the How We Use Your Personal Data section of the Privacy Policy.

To Operate the Service

Legal basis: Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Services you access and request.

For Research and Development

  • To send you marketing and promotional communications
  • To display advertisements
  • To manage our recruiting and process employment applications
  • For compliance, fraud prevention and safety
  • To create anonymous data

Legal Basis: These activities constitute our legitimate interests.  We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To Comply with Law

Legal Basis: Processing is necessary to comply with our legal obligations.

With Your Consent

Legal Basis: Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.

If you provide us with any sensitive personal information to us when you use the Services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy.  If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Services.

Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.  If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Cross-Border Data Transfer

If we receive or transfer your personal information from Europe or Switzerland to a third country and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. DonorDrive complies with the EU-US Privacy Shield Framework Principles and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA and Switzerland to DonorDrive in the United States.  DonorDrive has certified to the Department of Commerce that it adheres to the Privacy Shield Principles, and DonorDrive is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ 

In compliance with the Privacy Shield Principles, DonorDrive commits to resolve complaints about our collection or use of your personal information. European and Swiss individuals with inquiries or complaints regarding our Privacy Policy should first contact DonorDrive at support@donordrive.com

DonorDrive has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither DonorDrive nor JAMS resolves an individual’s complaint, the individual may have the ability to engage in binding arbitration through the Privacy Shield Panel.  Additional information on the arbitration process is available on the Privacy Shield website at www.privacyshield.gov.

DonorDrive may share personal information with third party services providers that perform services on behalf of DonorDrive. DonorDrive may be liable if these third parties fail to meet those obligations, and DonorDrive is responsible for the event giving rise to the damage.

Your Rights

European data protection laws give you certain rights regarding your personal information. If you are located within the European Union, you may ask us to take the following actions in relation to your personal information that we hold:

Access. Provide you with information about our processing of your personal information and give you access to your personal information.

Correct. Update or correct inaccuracies in your personal information.

Delete. Delete your personal information.

Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict. Restrict the processing of your personal information.  Individuals may have the right to limit the use and disclosure of their personal information as required by the Privacy Shield’s Principles, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you.  If you wish to limit the use and disclosure of personal information in accordance with the Privacy Shield Principles, please contact us at support@donordrive.com

Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to support@donordrive.com or our postal address provided below. We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.  If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Privacy Complaints

In compliance with the Privacy Shield Principles, DonorDrive commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DonorDrive at support@donordrive.com or write us at Platform Privacy Policy, DonorDrive, 120 E 8th St, Cincinnati, OH 45202.

Contact Us

If you have any questions, concerns or would like further clarification, please email us at info@donordrive.com or write us:  Privacy Policy, DonorDrive, 120 E 8th St, Cincinnati, OH 45202.

Please read DonorDrive’s Acceptable Use Policy and Terms of Service for more information relating to proper use of DonorDrive.