Privacy Shield

Privacy Shield Statement

LAST MODIFIED: June 22, 2020

EveryAction, Inc. d/b/a EveryAction and NGP VAN ("EveryAction") complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland, as applicable, to the United States in reliance on Privacy Shield. EveryAction has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the terms in this statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit here or view our certification here. For purposes of enforcing compliance with the Privacy Shield, EveryAction is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.

Personal Data Collection and Use. EveryAction provides online platforms and tools that our customers use to operate aspects of their businesses or organizations. These include platforms and tools for charitable or political campaign giving, managing and organizing political or social advocacy campaigns, political campaign finance compliance, social engagement and community building, data visualization, integration and analytics, and platforms for building websites and applications. In providing these platforms and tools, EveryAction processes data our customers submit to our services or instruct us to process on their behalves. While EveryAction's customers decide what data to submit, it typically includes information about their constituents, publicly available voter files, employees or volunteers, donation and outreach history, and users of online platforms or tools, such as contact information, purchases, and billing information. EveryAction processes data submitted by customers for the purpose of providing EveryAction's online services to our customers, which may require EveryAction to access the data to provide the services, to correct and address technical or service problems, or to follow instructions of an EveryAction customer who submitted the data, or in response to our contractual requirements. EveryAction's Privacy Policy located here provides a fuller description of the categories of data that we may receive in the United States, the purposes for which we use that data, and the measures we take to safeguard that personal data.

Data Transfers to Third Parties. EveryAction uses certain third-party service providers to assist us in providing our services to our customers, such as performing database monitoring and other technical operations, assisting with the transmission of data, and providing data storage services. These third-party service providers may access, process, or store personal data. We take reasonable and appropriate steps to ensure that third-party service providers process personal data in accordance with our Privacy Shield obligations, including restricting their access, use, or disclosure of personal data. Under certain circumstances, we may be liable for the failure of our third-party service providers to meet their obligations in their handling of personal data and we are found to be responsible for the event giving rise to the damage.

Compelled Disclosures. Under certain circumstances, we may disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements. To the extent permitted, EveryAction will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Access Rights. You may have the right to access the personal data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. Because EveryAction personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please submit a written request to the contact information provided here including the name of the EveryAction customer who submitted your data to our services. We will refer your request to that customer and will support them as needed in responding to your request.

Questions or Complaints. You can direct any questions or complaints about the use or disclosure of your personal data to us here. We will respond within 45 days of receiving your communication. If you are unsatisfied with the resolution of your complaint, you may contact the EU data protection authorities, the UK Information Commissioner, or the Swiss Federal Data Protection and Information Commissioner for further information and assistance.

Binding Arbitration. For any complaints that cannot be resolved with EveryAction directly, EveryAction has chosen JAMS as an independent recourse mechanism to facilitate alternative dispute resolution (ADR) services including binding arbitration. You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with EveryAction and provided us the opportunity to resolve the issue and (2) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you.

Changes to This Policy. We reserve the right to amend this Policy from time to time consistent with the Privacy Shield's requirements.