GlobalGiving + GDPR

The General Data Protection Regulation (GDPR), a law passed by the EU, aims to ensure that data is protected and privacy is ensured through a combination of security measures, consent from individuals, and clearer privacy policies. Thanks to GlobalGiving's long-standing focus on security, privacy, PCI certification, and compliance with laws like CAN-SPAM and CASL , we were already prepared for many aspects of GDPR. This page outlines the steps GlobalGiving took to prepare for the GDPR and to the steps it continues to take now that the regulation is in effect.

Security

From our first day, GlobalGiving has prided itself on protecting user data. In preparation for GDPR, we took the opportunity to revise our internal "Information and Technology Security Policy" and provided updated training to staff on IT security. This policy has the necessary technical standards and business processes to ensure that your data is secure. Here are instructions for setting up your own security policy.

Payment Card Industry (PCI) Certification

We value and follow industry best-practices to protect your credit card and donation information. As such, GlobalGiving is PCI SAQ A-EP certified.

Information Audit

As recommended by the ICO, GlobalGiving conducted a full information audit of our site and services and established a lawful basis for processing data.

Rights of Individuals

Individuals have a number of additional rights that are granted to them under GDPR which you can access under "My Account":

  • Right to erasure: An individual may request that an organization delete all data on that individual without undue delay. You can submit a request to be forgotten through this form.
  • Right to object: An individual may prohibit certain data uses by easily being able to opt-in and opt-out of activities. You can review your privacy settings and easily change your preferences by logging into GlobalGiving, navigating to the "My Account" page or by clicking on the "Preferences" link at the bottom of our email communications.
  • Right to restrict processing: An individual may ask to restrict or 'block' the processing. You can review your privacy settings and easily change your preferences by logging into GlobalGiving, navigating to the "My Account" page or by clicking on the "Preferences" link at the bottom of our email communications.
  • Right to rectification: Individuals may request that incomplete data be completed or that incorrect data be corrected. You can edit the data we have on file for you by logging into GlobalGiving, navigating to the "My Account" page, and making any desired edits.
  • Right of access: Individuals have the right to know what data about them is being processed and how. We encourage you to review our Privacy Policy and viewing your data by logging into GlobalGiving and navigating to the "My Account" page.
  • Right of portability: Individuals may request that personal data held by one organization be transported to another. You may request an export of your data by writing to privacy@globalgiving.org or by logging into GlobalGiving, navigating to the "My Account" page, and selecting "Download My Data" at the bottom of the page.

User Interface Changes

GlobalGiving has updated language on our site to make our opt-in flows more clear.

Secure Data Transfer

To ensure that donor data is securely transferred, GlobalGiving's email communications to organizations and project leaders have changed. Some information that was previously sent via email is now only be accessible by logging into your GlobalGiving Dashboard.

International Data Transfers

We transfer personal information of European Economic Area (“EEA”) and Swiss residents to the U.S. (or elsewhere) based the use of the Standard Contractual Clauses (also known as “Model Clauses”) between GlobalGiving UK and GlobalGiving Foundation. Per the European Commission, this standard agreement ensures sufficient safeguards for data to be transferred internationally.

Encryption and Anonymization

In addition to having strong security practices, data stored with GlobalGiving is encrypted and anonymized whenever possible to provide additional protection from a data breach.

Privacy Policy

GlobalGiving has updated our Privacy Policy to provide clarity around key aspects and requirements of GDPR.

Cookie Policy

GlobalGiving has improved our cookie consent process and has created an expanded Cookie Policy to outline the specific cookies we use and how to edit your preferences.

Data Processor Review

GlobalGiving has completed a data processor review and has signed Data Processing Agreements (DPAs) or Model Clauses, as appropriate, with our data processors.

EU Representative

For individuals in the European Union, GlobalGiving Foundation has appointed GlobalGiving UK as GlobalGiving Foundation's representative in the European Union pursuant to Article 27 of the GDPR.

Staff Training

We have conducted staff training on best practices for security and privacy, and will continue to provide this training to all GlobalGiving staff and volunteers on a regular, recurring basis.

Questions? Contact Us

You may contact us by using the "Contact Us" links on the footer of our site or by sending an email to privacy@globalgiving.org.

Privacy Policy   Cookie Policy   Terms of Service

GlobalGiving is a top-rated charity

GlobalGiving is a top-rated charity that holds Charity Navigator's highest rating for financial health, accountability, and transparency. GlobalGiving has also been given GuideStar's Platinum designation and is accredited by the BBB Wise Giving Alliance.

WARNING: Javascript is currently disabled or is not available in your browser. GlobalGiving makes extensive use of Javascript and will not function properly with Javascript disabled. Please enable Javascript and refresh this page.