Global Data Protection and Privacy Policy

Last Updated: December 2025

Global Policy

GivenGain Foundation (“we,” “our,” “us”) operates several websites, including givengain.com and givengain.org. We respect your privacy and are committed to protecting your personal data. This global privacy policy outlines how we collect, use, and safeguard your information globally, along with specific provisions for the European Union (EU), United Kingdom (UK), United States (USA) and South Africa.

1. Relation with Services
   
   It may be difficult, and in some cases impossible, for GivenGain to provide services if you refuse to allow GivenGain to process your data. If you do not agree with this Data Protection and Privacy Policy, you should not provide GivenGain with any data. You can delete your account at any time by logging into your account and navigating to Settings > Account > Delete Account.
   
   As a data subject, you also have the right to object to the processing of your data and/or deletion.
   
   If you have provided GivenGain with additional data beyond your account details, you also have the right to withdraw your consent to the processing of such data by contacting our Data Protection Officer at privacy@givengain.com. However, withdrawing consent may prevent GivenGain from providing some or all of its services.
   
   You also retain the right to lodge a complaint with a supervisory authority if necessary‍
2. Scope of this Data Protection and Privacy Policy
   
   |This policy applies to the services offered by GivenGain through its websites. It does not apply to services offered by other companies or individuals, nor does it cover the activities performed by third parties advertising GivenGain’s services or websites to which GivenGain may link.‍
3. Data Controller, Data Controller’s Representative, and Data Protection Officer‍
   
   • The GivenGain Foundation, Avenue Centrale 122, 1884 Villars-sur-Ollon, Switzerland, is the data controller.‍
   • Johannes van Eeden is the data controller’s representative.‍
   • Our Data Protection Officer is Bruce Jackson, who can be contacted at privacy@givengain.com.‍‍
     ‍
4. Information We Collect
   
   We collect the following types of information for optimizing user experience.:
   
   • ‍Technical data:
     
     • Browser type;
     • language preference,
     • referring site, time of visit, etc.
   • ‍Personal data:
     • Registered Users: Name, email address, IP address.‍
     • Donations: Name, address, phone number, email, donation amount, messages to charities.‍
     • Transactions: Payment information.‍
     • Support: Any information provided during communications with our support team.
       
       We also collect information from third parties, such as charitable organizations. This is done in order for us to distribute earmarked funds to Charities from donors.
       ‍‍
5. How We Use Your Information‍
   
   • Manage and maintain user accounts.
   • Process donations and facilitate interaction with charities.
   • Conduct financial transactions securely.
   • Improve website experience and analyze trends.
   • Respond to inquiries and provide customer support.
   • Comply with legal obligations (fraud prevention, financial reporting).
   • make reports or submit claims to tax authorities or government agencies for the purposes of our administration.
     
     Please note that GivenGain works with a variety of third-party partners to make the Platform available to you, to host and store the information we collect from you, to collect and process donations, and to provide certain functionality and features.
     
     Except as stated in this Privacy Policy, we do not reveal personally identifiable information about you to third parties for their independent use unless:
     
     • you expressly authorize GivenGain to do so,
     • it is necessary to allow GivenGain and its service providers or agents to provide services on GivenGain’s behalf,
     • it is to provide products or services to you,
     • it is disclosed to entities that perform marketing, advertising or data aggregation services for GivenGain (including direct marketing via postal mail),
     • it is necessary in connection with a sale of all or substantially all of the assets of GivenGain or the merger of GivenGain into another entity or any consolidation, share exchange, combination, reorganization, or like transaction in which GivenGain is not the survivor,
     • GivenGain is required or permitted to do so for any or all of the following reasons:
     • to comply with a subpoena, legal process, government request or any other legal obligation,
     • to prevent, investigate, detect, or prosecute criminal offenses or attacks on the technical integrity of the Platform or our network, and/or
     • to protect the rights, privacy, property, business, or safety of GivenGain, its partners and employees or the visitors to the Platform. ‍
6. Consent and Rights
   ‍
   By opting-in to sharing your data when using our services, you consent to the collection and processing of your personal data. You can withdraw your consent at any time by contacting us at privacy@givengain.com or opting out. Withdrawing consent may affect our ability to provide services.
   
   We process your data under the following legal bases:‍
   
   • Consent (Article 6(1)(a) GDPR): When you agree to marketing or other data processing activities.‍
   • Performance of a Contract (Article 6(1)(b) GDPR): Necessary for the services we provide, such as processing donations.‍
   • Legitimate Interests (Article 6(1)(f) GDPR): For fraud prevention, website security, etc.‍
7. Data Sharing
   ‍
   We may share your data with trusted third-party service providers, such as payment processors, IT providers, tax or legal authorities or government agencies as required by law or for the purposes of our administration. All third parties are bound by contracts ensuring the protection of your data.
   ‍‍
8. Third Party Platforms
   ‍
   We may also provide links to a variety of third-party social media sites and/or websites – such as X, Instagram and Meta - as a service to you, and in order to provide you additional information and/or content related to the work that we do, or additional venues in which you can learn about and discuss the activities of GivenGain. Please note that we have no affiliation with any of these other parties and/or websites, and cannot control and are not responsible for the information collection, use, and disclosure practices of such third parties; we encourage you to review and understand their privacy practices and policies, if any, before providing any personally identifying information to them or initiating any financial transactions.
   ‍‍
9. Data Retention
   ‍
   ‍We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law:‍
   
   • Account data: Retained for the lifetime of the account and three years after deletion for auditing purposes.‍
   • Donation records: Retained for seven years in line with financial regulations.‍
   • Marketing data: Retained until you withdraw your consent or opt-out.‍
10. Data Security
    ‍
    We implement appropriate technical and organizational measures to protect your data from unauthorized access, misuse, or disclosure. However, no system is completely secure. If you have concerns about data security, please contact us.
    ‍‍
11. International Data Transfers
    ‍
    ‍We operate globally, and your data may be transferred outside of your country, including to the United States, South Africa and the EU. International Data Transfers will only be made in compliance with applicable legal frameworks. Where applicable, we will ensure data transfers are only made: where there are adequate safeguards to protect your data in place such as the EU Standard Contractual Clauses (SCCs), the UK Internation Data Transfer Addendum to the SCCs (UK Addendum), the UK International Data Transfer Agreement (IDTA), and Binding Corporate Rules (BCRs); or in line with an adequacy decision made by the relevant authorities in your jurisdiction (including in the UK or the EEA).
    ‍‍
12. Data Breach Notification
    ‍
    In the event of a data breach, we will notify affected individuals and relevant authorities in compliance with applicable laws.
    ‍‍
13. Cookies and Tracking Technologies
    
    Cookies:
    A cookie is a piece of information that a web server may place on your computer when you visit a website. Cookies are commonly used by websites to improve the user experience. Many cookies last only through a single website session, or visit. Others may have an expiration date or may remain on your computer until you delete them. GivenGain may use “session cookies” so that we can properly verify a user’s identity as they move from one page to the next. We may also use cookies for other purposes, such as to identify and authenticate visitors, to maintain continuity during a user session, or to gather data about the usage of our website for research and other purposes.
    
    Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please note, however, that without cookies you may not be able to take full advantage of all the features on our Platform. Our cookies do not gather personally identifiable information. In some cases, GivenGain may also use another company to operate web servers for our Platform. GivenGain uses the cookie information gathered by these companies in the same manner as stated in this Privacy Policy.
    
    “Do Not Track Notice”
    
    Some web browsers incorporate a “Do Not Track” feature that signals to websites that you visit that you do not want to have your online activity tracked. How browsers communicate and respond to the Do Not Track signal is not yet uniform. For this reason, like many websites, the Platform does not currently respond to or alter its practices when it receives a Do Not Track signal. Please note that third parties may collect personal information about your online activities over time and across different websites when you visit our Platform or other online websites and services. To find out more about “Do Not Track,” you may wish to visit http://www.allaboutdnt.com.
    ‍‍
14. Changes to this Privacy Policy
    ‍
    We reserve the right to revise this Privacy Policy at any time by updating this posting. Please check back regularly and to see if there have been any changes to this Privacy Policy, which you can determine by reviewing the Effective Date listed above. By continuing to use the Platform after those changes become effective, you agree to be bound by the revised Privacy Policy. Where appropriate, we will notify material changes to this Privacy Policy to you by email or post.
    ‍

EU & UK Addendum

1. Legal Basis for Processing:
   We process your data under the following legal bases:‍
   
   • Consent (Article 6(1)(a) GDPR): When you agree to marketing or other data processing activities.‍
   • Performance of a Contract (Article 6(1)(b) GDPR): Necessary for the services we provide, such as processing donations.‍
   • Legal Obligation (Article 6(1)(c) GDPR): To comply with legal requirements.‍
   • Legitimate Interests (Article 6(1)(f) GDPR): For fraud prevention, website security, etc.‍
2. Your Rights (GDPR Articles 12-23):‍
   
   • Right to access, rectification, erasure, restrict processing, portability, and objection.
   • Right to withdraw consent at any time.
   • Right to lodge a complaint with your supervisory authority (e.g., ICO in the UK).‍
3. Data Transfers:
   
   Transfers outside the European Economic Area (EEA) are safeguarded by SCCs or BCRs.
   
   The UK has deemed EU countries adequate for transfer purposes and recognised EU adequacy decisions in relation to other countries. Additionally, Data Transfer Mechanisms may be performed given that they are in line with the International data Transfer Agreement and the International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers. ‍
4. Children's Privacy:
   
   ‍Our services are not intended for individuals under 16. We do not knowingly collect data from children under this age without parental consent.
   
   For more details on your rights or to exercise them, contact us at privacy@givengain.com.‍
5. Data Controller, Data Controller’s Representative, and Data Protection Officer‍
   
   • The GivenGain Foundation, Avenue Centrale 122, 1884 Villars-sur-Ollon, Switzerland, is the data controller.‍
   • Johannes van Eeden is the data controller’s representative.‍
   • Our Data Protection Officer is Bruce Jackson, who can be contacted at privacy@givengain.com.‍

USA Addendum

1. Personal Information You Provide and How It Is Used
   
   You may freely visit our Platform anonymously and without being required to provide us with any personal information. However, certain requests and access to certain features/functionality do require that you provide us with some personally identifying information as more particularly described below. Do not send confidential information to us directly through this Platform, or by email to any of the contact email addresses listed on this Platform. Please note we only collect personal information directly from you when you provide it to us.
   
   Examples of instances in which we may collect personal information – and the types - include (but are not limited to):
   
   • for registered users, and in other situations, personal contact details such as name, address, telephone number and e-mail address;
   • if you make a donation via the Platform, you will be asked to provide certain personally identifying information, such as your phone number, name and home address, as well as your credit card billing information, in order to process the donation;
   • if you contact our support team – or otherwise contact us through the contact form option on the Platform, we ask that you provide your name and email address, and you will have the option to provide additional information in your communication with us;
   • if you sign up for our email newsletter, we will collect your email address.‍
2. Non-Personal Information We Collect by Automated Means and How We Use It
   
   We - and certain third parties who include, but not limited to, service providers, advertisers, advertising networks and platforms, and third-party partners - may use automated means to collect various types of non-personal information (data in a form that does not support direct association with any specific person or individual), including information about you, your computer or other device used to access our Platform. Much of this information is collected through the use of third-party tracking services, which includes Google Analytics. The information collected may include usage information, such as the numbers and frequency of users to the Platform, pages visited, web browsing histories, online activities and searches, social networking activities and similar data. When gathered, this data, if used, is used in the aggregate, and not in a manner that is intended to identify you personally. This type of aggregate information may be shared with third parties at any time. In addition to the third-party tracking services mentioned above, we may also collect non-personal information through various other means, including "cookies”, web beacons and IP addresses, as further explained below.
   ‍‍
3. Web Beacons
   
   We may also use “web beacons” (also known as Internet tags, pixel tags and clear GIFs). These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party. Web beacons also may be used to track whether you have opened an HTML email. When the email is opened, a part of the code that makes up the HTML page calls a web server to load the web beacon that then generates a record showing that the email has been viewed. Web beacons may also recognize when the email was opened, how many times it was forwarded and which URLs (links within the email) were clicked.
   ‍‍
4. Log files, IP Addresses, Java Script, Analytics and other Tracking Information
   
   Adoption of communications standards on the internet and our use of standard analytical tools such as Google Analytics result in or may lead to the automatic receipt and tracking of (i) the URL of the website from which you came and the website to which you are going when you leave the Platform; (ii) the internet protocol (“IP”) address of your computer (or the proxy server you use to access the World Wide Web); (iii) your computer operating system and type of web browser you are using; (iv) email patterns; (v) your mobile device (including your UDID) and mobile operating system (if you are accessing the Platform using a mobile device), (vi) your ISP or your mobile carrier’s name.
   ‍‍
5. Consent and Rights
   
   By using our services, you consent to the collection and processing of your personal data. You can withdraw your consent at any time by contacting us at privacy@givengain.com. Withdrawing consent may affect our ability to provide services.
   ‍‍
6. Children’s Privacy
   
   We do not knowingly collect, use, or disclose personally identifiable information about visitors younger than 18 years of age. If you are under the age of 18, you are expressly prohibited from accessing/viewing the Platform. If you are the parent or guardian of a child under 18 years of age and believe that they have disclosed personally identifiable information to us, please contact us at privacy@givengain.com. so that we may delete your child’s information.

South Africa Addendum

1. Under the Protection of Personal Information Act (POPIA), you have the right to:
   
   • ‍Be informed of data processing.
   • Access your personal information.
   • Request corrections or deletion of inaccurate or irrelevant data.
   • Object to processing under certain circumstances.
     
     We process your personal data in compliance with POPIA. Transfers of data outside South Africa are subject to appropriate safeguards in line with POPIA's requirements.