Roundit Financial Technologies Inc.
Last updated: 4 September 2018
1. Data Protection Officer
1.1. Roundit has appointed a staff member to be the Data Protection Officer (DPO), Kevin Van Flandern, email@example.com. The DPO is responsible for ensuring that this policy is made available to you as a user prior to Roundit collecting and processing your personal information.
1.2. The primary role of the DPO is to ensure that Roundit collects, processes, discloses and stores personal information of our users, providers or other third parties in compliance with FTC rules and GDPR standards
1.3. The DPO is obligated to inform and advise Roundit and our employees on how to carry out the processing of our obligations.
1.4. Users may contact the DPO regarding the processing of their personal information and to exercise their rights. (To see your rights as a user, go to section 7).
2. Who is Roundit?
2.1. Roundit is a web service technology that allows users to financially support causes they believe in by voluntarily roundup individual credit/debit card purchases and donate that money directly to a charity of their choice.
2.2. We provide payment services, so that users have the opportunity to donate directly to charities, non-profits and / or individuals
2.3. Roundit is a ´data controller´ in respect of the personal information that we collect and store from users, service providers and other third parties.
3. Data Collecting
3.1. We collect three types of information
3.1.1. User identification information:
18.104.22.168. This includes name, email address, home address, social security/tax id number, and phone number of our users.
3.1.2. Financial transaction information:
22.214.171.124. Including transaction reference codes (provided by our data aggregator and credit card processing partners), transaction date/time stamps, transaction purchase category data, roundup and donation data (e.g. donation & roundup amounts), as well as transaction counterparty information and cause affiliation information.
3.1.3. Operational information:
126.96.36.199. Information and data developed during the processing of the above data types
3.2. We receive and access information from the following third party services, but we do not store this information:
3.2.1. Stripe (stripe.com): A credit card transaction processor
3.2.2. Plaid (plaid.com: A data aggregator
3.2.3. Autho (autho.com): An identify management platform
3.3. We do not collect or store any other information about our users:
3.3.1. Specifically, we do not store, nor do we have access to your credit or debit card accounts login information (user name & passwords), or your credit/debit expiration information, card security code (CSC).
3.4. The personal information we collect will be used for the following purposes:
3.4.1. To identify individual users and create a secure platform by which users can provide financial support to causes they believe in;
3.4.2. To enable users to provide ongoing financial support to causes and individuals they believe in via one-time or roundup donations
3.4.3. To provide for accurate and detailed record keeping of these transactions for purposes of end of year accounting requirements
3.5. We may also handle personal information to keep our website and the Roundit Financial Technologies platform secure and to ensure that our processes and procedures are as secure as possible.
4.1. By consenting to this privacy notice, you are giving us permission to collect, process, store and disclose your personal data specifically for the purposes identified.
4.2. You may withdraw consent at any time by contacting the DPO and submitting a subject access rights request form
5. Data Disclosure
5.1. We do not disclose information to any third parties, except when given explicit consent from you or when:
5.1.1. Employees of Roundit need the information to fulfill their duties.
5.1.2. Third parties need the information for operational reasons. We require such third parties to adhere to the privacy principles set in this policy.
5.2. Unless otherwise instructed by users, Roundit disclose personal information, when necessary, to:
5.2.1. Affiliated charitable, non-profit and social organizations that you have elected to support financially.
5.2.2. Service providers that we use to provide services to you
5.2.3. Fraud prevention and detection agencies
5.2.4. Selected marketing agencies that will be provided with limited anonymized data sets that may include anonymized data harvested from your Roundit transactions
5.2.5. Regulatory and governmental agencies that have either statutory authority over Roundit’s business or appropriate court order mandates.
5.3. Users can elect to remain anonymous if they so desire. By selecting to remain Anonymous, user will ensure that we do not disclose personal information with any second party organizations (i.e. charity causes), nor will we provide information to any third party organization that is not directly involved in Roundit giving/roundup processes.
5.3.1. Users can request to remain anonymous by switching on the Anonymity function that is located under the User Setting tab in the Account Information Box.
5.4. If you cease to be a Roundit customer/user, your information will not be disclosed to third parties, except to affiliates for operational reasons or regulatory agencies or the purposes permitted by law.
5.5. The U.S. law requires income received through credit and debit card transactions to be reported to the Internal Revenue Service. Banks and merchant services must report annual gross payments processed by credit or debit cards to the IRS and to merchants. In other words, we will be required to provide these reports by end of January for the payments made in the previous calendar year. The format of these reports must resemble the 1099K forms that report certain type of income in the U.S.
5.6. Users acknowledge that Roundit will report to the Internal Revenue Service the total amount of the payments you receive each calendar year into all the Accounts you own if you:
5.6.1. (i) receive more than $20,000, and
5.6.2. (ii) receive more than 200 payments, in that calendar year.
6. Data Retention
6.1. Roundit will use reasonable efforts to store information securely and protect it against unauthorized access and disclosure. We maintain physical, electronic and procedural safeguards that comply with all US federal requirements; as well as, European Union (EU) General Data Protection Regulation standards to guard your personal information.
6.2. Roundit will store personal information for an indefinite period as needed to conduct roundups and donations. Where it is clear that personal information is no longer needed as there is no longer potential to need or report on that information, it will be deleted under our retention of this data policy. We divide our stored information into three categories, high, medium and low business impact information:
6.2.1. High Business Impact information:
188.8.131.52. This is usually financial information. We store this type of information for 6 years, except when required otherwise by law.
6.2.2. Medium Business Impact information:
184.108.40.206 This is usually user identifiable information. We store this type of information for more than a year and maximum 5 years.
6.2.3. Low Business Impact information:
220.127.116.11. This is usually information that is difficult or impossible to identify users from. We store this information for less than a year.
6.3. All your transactions are processed using secure communications standards such as Secure Socket Layer (SSL) with 128-bit encryption. You are compatible with SSL encryption, when it indicates a lock or similar security icon on your browser.
7. User Rights
7.1. At any point while we are in possession of or processing your personal data, you, as a user, have the following rights:
7.1.1. Right of access – you have the right to request a copy of the information that we hold about you.
7.1.2. Right of rectification – you have a right to correct information that we hold about you that is inaccurate or incomplete.
7.1.3. Right to be forgotten – in certain circumstances you can ask for the information we hold about you to be erased from our records.
7.1.4. Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
7.1.5. Right of portability – you have the right to have the information we hold about you transferred to another organization
7.1.6. Right of anonymity – you have the right to remain anonymous and ensure that any and all donations you make remain anonymous.
7.2. Choosing to exercise your rights may restrict you from using all services or features provide on the website.
8.1. When you visit our website, we place little data files (“cookies”) on your computer’s hard drive. Most cookies are short-lived session cookies which we use to enhance user experience when visiting our website, for example to spare you from having to provide your login details every time you click on a new page. After the session is closed, this type of cookie expires and is deleted from your hard drive. Other cookies may last longer and help us to identify you when you visit our site again. You can always choose not to accept cookies by disabling this function in your browser option, however, you may not be able to use all services or features provided on our website
9. Protection of User Profile
9.1. Your User Profile is protected through a unique login and password. You should never disclose your login and password to anyone. You should not record your login details and password anywhere in writing or otherwise. If you think your login details and/or password have been lost, stolen, disclosed to any third party or otherwise compromised, you must inform the DPO immediately.
10.1. We will use reasonable efforts to keep your information accurate and up to date. We advise you to check the information we hold on you regularly by logging into your User Profile and update your information when necessary. If you otherwise spot any error or omission in the information we hold, please contact the DPO as soon as possible.