Fluxx Labs Privacy Notice

Last updated: May 9, 2019

Fluxx Labs Inc. (collectively, “Fluxx”, “we” or “us”) provides a hosted grant management software platform (“Services”) as part of its core mission to connect grantmakers and foundations with grantseekers. In order to provide our Services, we collect and process personal information. This Privacy Notice (“Privacy Notice”) is intended to help you better understand how we process your personal information, and governs how Fluxx may collect, use, store and disclose personal information that we obtain through or from:

  • Visitors to www.fluxx.io (“Site”) and our mobile application (“Application”);

  • Grantmakers (“Grantmaker”) and grantseekers (“Grantseeker”) who register to use our Services;

  • Individuals who register for our marketing or corporate events (such as webinars), or sign up to receive our marketing materials, whitepapers or demos;

  • Individual sites hosted by Grantmakers via Fluxx with a URL in the  <client>.fluxx.io format (“Grantmaker Sites”);

  • Data submitted by individuals directly to the Grantmaker Sites and that we process on behalf of Grantmakers; 

  • Your direct communications with us;

  • Grantseeker accounts and websites (“Grantseeker Platform”); and

  • Publicly available sources and some of our partners.

When we refer to the “Platform” throughout this Privacy Notice, we mean the Site, our Application, Grantseeker Platform, and any other websites, products, software, applications, content, data feeds and other services on which an authorized link to this Privacy Notice is posted. 

We recommend that you read this Privacy Notice carefully as it provides important information about your personal data. It also tells you about your rights under the law may protect you. 

By accessing or using the Platform and our Services, or submitting information through the Platform, you acknowledge and agree that you have read, understand, and agree to the terms of this Privacy Notice and agree to the collection, use, and disclosure of your personal information in accordance with this Privacy Notice. 

IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, UNLESS OTHERWISE STATED, YOUR CHOICE IS NOT TO USE OR ACCESS THE PLATFORM.

This Privacy Notice is designed so that you can easily reach the section that you are interested in. 

  1. Who We Are
  2. What Personal Information Do We Collect and How Is It Collected?
  3. Information We Process on Behalf of Grantmakers
  4. Information Collected Indirectly
  5. Sensitive Data
  6. Children’s Privacy
  7. Why We Collect Your Personal Information and How We Use It
  8. Marketing Communications
  9. Managing Your Preferences
  10. Disclosure of Your Personal Information
  11. Payment Processing
  12. Third Party Links
  13. Third Party Social Plugins
  14. How Long Do We Keep Your Personal Information?
  15. Protecting Your Personal Data
  16. International Transfers
  17. Additional Legal Rights For Users in the European Economic Area
  18. How to Contact Us About Privacy
  19. Changes to this Privacy Notice

If you have any questions, comments, or concerns regarding this Privacy Notice and/or our data practices, or would like to exercise your rights, do not hesitate to contact us. See How to Contact Us About Privacy and Additional Legal Rights For Users in the European Economic Area below.

 

1. Who We Are 

Depending on the context in which you provide personal information while visiting or using the Platform, Fluxx may be the data controller or data processor of your personal information under this Privacy Notice. When Fluxx acts as data controller, we are responsible for determining how and why we collect, process or disclose the personal data collected by us or on our behalf. Fluxx is a data controller with respect to visitors to and users of the Site, which, for the avoidance of doubt, includes those users accessing the Platform and/or Services as Grantseekers and Grantmakers. When Fluxx acts as a data processor, Fluxx processes data submitted to Fluxx on behalf of or at the direction of a separate individual or entity. Fluxx is a data processer with respect to personal information submitted by individuals to the Grantmaker Sites, and processes such data on behalf of or at the direction of Grantmakers, as further explained here

You can Contact Fluxx at: privacy@fluxxlabs.com

or

Fluxx Labs, Inc.
2261 Market Street, #4060
San Francisco, CA 94114
United States of America

 

2. What Personal Information Do We Collect and How Is It Collected? 

Personal data, or personal information, means any information about an individual from which that person may be identified. For example, it may include your name, telephone number, email address, or payment information, and in some jurisdictions your IP address. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data). 

How we collect personal information directly from you depends on how and why you use the Platform. For instance, the information that you provide when you visit our Site and download a whitepaper or request a demo is more limited than the information you provide if you have registered to use the Platform and our Services as a Grantmaker or Grantseeker. 

Individuals may be given the opportunity, by invitation, to submit information directly on a Grantmaker Site (collectively, “Grantmaker Site Users”). If you are a Grantmaker Site User, please be advised that Grantmakers determine the personal data that they collect from you, and this information is stored and processed on the Platform by Fluxx as a data processor. See Information We Process on Behalf of Grantmakers below.

With respect to the data that Fluxx collects directly, we have divided this Section into three parts in order to better explain the circumstances where personal information may be collected, as well as the types of data collected:

  1. Information From Site Visitors

  2. Information From Grantmakers

  3. Information From Grantseekers

Please be advised that we may ask you to update your information from time to time in order to keep it accurate. Additionally, if you provide personal data to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in this Privacy Notice. For example, you should ensure the individual concerned is aware of the terms detailed in this Privacy Notice. 

i. Information from Site Visitors 

When you visit the Site or Grantseeker Platform, and depending on the purpose of your visit, you may provide us with personal information if you: 

  • Create an account; 

  • Download a whitepaper or sign up for a webinar;

  • Request a demo; 

  • Request marketing materials; and/or

  • Communicate with us directly.

In connection with the above-mentioned activities, Fluxx collects the following information: 

  • Your identity (including your first name, last name, company name);

  • Your job title; 

  • Your email address or other contact information;

  • Other information that you may provide by filling out forms or by contacting us (including your feedback or other communications with us).

In some cases, you will not provide any information to us directly, in which case the only data that we collect is Device Information, as explained below.

ii. Information From Grantmakers

As an individual Grantmaker, or when you act on behalf of a Grantmaker organization, you provide us with personal information when you: 

  • Create an account on the Platform;

  • Sign up for our Services; 

  • Create a Grantmaker Site; and/or

  • Communicate with us directly.

In connection with the above-mentioned activities, Fluxx collects the following information: 

  • Your identity, including your first name, last name, organization name); 

  • Your job title;

  • Your password and user name;

  • Your contact details, including your postal address or your organization’s postal address, email address, phone number(s); 

  • Your preferences; 

  • Other information you may provide by filling out forms or by contacting us (including your feedback or other communications with us).

iii. Information From Grantseekers

If you are a Grantseeker, we collect and process personal information when you: 

  • Create an account via the Platform; 

  • Sign up for our Services;

  • Use and interact with the Platform and/or a Grantmaker Site; and/or

  • Communicate with us directly.

In connection with the above-mentioned activities, Fluxx collects the following information: 

  • Your identity: first name, last name, organization name; 

  • Your password and user name;

  • Your contact details: postal address (or address of your organization), email address, phone numbers); 

  • Your job title (if applicable).

  • Your preferences; 

  • Information about your transactions with Fluxx - this only includes partial payment or credit card information, which is processed and stored exclusively by Stripe, our third-party payment processor;

  • Other information you may provide by filling out forms or by contacting us (including your feedback or other communications with us).

 

3.Information We Process on Behalf of Grantmakers 

For Grantmakers, Fluxx hosts individual Grantmaker Sites that enable Grantmakers to manage their grants, projects, and relationships, and depending on the level of service for which each individual Grantmaker registers, budgeting and compliance. With respect to personal information collected by Grantmakers via their individual Grantmaker Sites, Fluxx acts as a data processor. To the extent that Fluxx processes personal data on behalf of Grantmakers, it does so for the purposes expressly set forth in this Section 3, and the personal data is handled in compliance with this Privacy Notice.

Data Collected by Grantmakers

We require all Grantmakers to post a conspicuous Privacy Notice on the Grantmaker’s Site that is compliance with applicable laws, rules and regulations (including, without limitation all applicable data protection laws) and discloses the Grantmaker’s collection, use, and processing of personal information.  While each Grantmaker controls the nature, type and purpose of the data to be processed via their respective Grantmaker Sites, generally, if you are a Grantmaker Site User, Grantmakers collect the following basic information on Grantmaker Sites:

  • Your identity: first name, last name, organization name; 

  • Your password and user name (which are stored by Fluxx in encrypted form only for the purpose of enabling you to reset your password);

  • Your contact details: postal address (or your organization’s postal address), email address, phone number(s); and

  • Your job title (if applicable).

In addition, Grantmakers, as data controllers, collect from Grantmaker Site Users a variety of additional information as determined exclusively by each Grantmaker on their respective Grantmaker Sites. This nature of the information collected is determined by each individual Grantmaker – based on each such Grantmaker’s mission – and is then electronically submitted to the Fluxx Platform for hosting of the Grantmaker Site, indexing and related processing by Fluxx. Although Fluxx processes the personal information of Grantmaker Site Users because it hosts the Grantmaker Sites, it only does so on behalf of Grantmakers, who control the nature, type and purpose of the data to be processed via their respective Grantmaker Sites. In other words, Grantmakers choose what information they collect from Grantmaker Site Users, and Fluxx processes personal data only as provided in its individual agreements with Grantmakers

Use and Disclosure

If you submit personal information to a Grantmaker Site, please check with the Grantmaker directly about the policies and settings it has in place with respect to how it handles privacy and security of the personal information that you submit directly in connection with your use of the Grantmaker Site. 

Fluxx’s processing of personal information collected by Grantmakers on their respective Grantmaker Sites is limited to the purpose of providing the Services to the Grantmakers. However, to the extent that Fluxx processes personal data that it receives from Grantmaker Site Users, it does so for the purposes expressly set forth in this Section 3 and in compliance with this Privacy Notice.

With respect to disclosure of personal information, Fluxx and Grantmakers may process your personal information with the assistance of third-party service providers, as explained here.

Contacting Grantmakers and Exercising Legal Rights

Fluxx has no direct relationship with Grantmaker Site Users to the extent that their personal information is hosted or transmitted through the Grantmaker Sites. Grantmakers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the data to Fluxx for processing purposes.

If you have are a Grantmaker Site User and have any questions about your personal information, please contact the relevant Grantmaker. In addition, for Grantmaker Site Users located in the European Economic Area, requests regarding personal data must first be addressed to the Grantmaker directly, and as a processor, Fluxx will assist in handling such requests, as explained below in Additional Legal Rights For Users in the European Economic Area. As data controllers, Grantmakers have the ability to fulfill these requests, and Fluxx will provide assistance for requests that Grantmakers are not able to complete. If you request that Fluxx remove your personal information, we will refer your request to the applicable Grantmaker and respond to the request within 30 days. 

You may also report concerns with personal information hosted or transmitted at the direction of Grantmakers by contacting us at privacy@fluxxlabs.com. We will refer your requests to the appropriate Grantmaker. 

 

4. Information Collected Indirectly 

Device Information

When you use or interact with the Platform or the Grantmaker Sites, even if you do not have an account, we, or our authorized third-party service providers, automatically collect information about the Services you use and how you use them via your device (collectively, “Device Information”). We use this information for our internal purposes, specifically to operate, maintain, secure and improve the Platform and our Services.

Device Information that we collect consists of:

  • Usage Information. We automatically collect information about your interactions with the Platform and Grantmaker Sites, including your information about your device: IP address, access dates and times, information about your approximate location (as determined through your IP address), hardware and software information, device information, device event information, crash data, cookie data. This information allows Fluxx to understand the pages or content you view, your searches, how you’ve used the Services (which may include administrative and support communications with us or whether you have clicked on third-party links), and other actions on the Platform and Grantmaker Sites. We automatically collect log data when you access and use the Platform, even if you have not created an account or logged in. We use this information for our internal purposes only and to improve the Platform, our Grantmaker Sites and our Services. 

  • Cookies and Similar Technologies. We or authorized third parties collect certain information by automated means using cookies, web beacons, and server logs for analytic purposes. The information we collect in this manner enables is to better understand website traffic patterns and to optimize user experience. For instance, through Google Analytics, we are able to detect your “referral address.” We do not, however, use cookies or similar technologies to actively track users across other websites. For more information on our use of these technologies, see our Cookie Policy.

Aggregated Data

With the Device Information collected by our third-party analytics services, we process, “Aggregated Data”, such as statistical or demographic data. Aggregated Data may be derived from personal data, but is not considered personal data under the law if it does not directly or indirectly reveal your identity. For example, we may aggregate usage data to calculate the percentage of users accessing a specific feature of our Platform or the Grantmaker Sites. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be processed in accordance with this Privacy Notice. 

To opt out of the collection of Device Information by Google Analytics or Mixpanel, please see Managing Your Preferences below.

Information from Third Parties

In some instances, we process personal information from third parties, which consists of:

  • Data from publicly-available sources, such as public records that are available online; and 

  • Data from our partners, such as transactional data from providers of payment services.

 

5. Sensitive Data

Fluxx does not (and does not want to) collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic, and biometric data. Pursuant to individual agreements and Terms of Service, Grantseekers and Grantmakers may only collect sensitive information in accordance with applicable law, which may include valid consent from individuals. If you believe that your sensitive information has been collected or otherwise processed by a Grantmaker or Grantseeker, please notify Fluxx and the relevant Grantmaker or Grantseeker.

 

6.Children’s Privacy

Neither our Platform and the Grantmaker Sites, nor our Services, are intended for minors. Fluxx does not target its Services to persons under the age of 18 and does not knowingly collect personal data from minors. Therefore, we ask you not to provide us with personal information of persons under the age of 18. If we learn that personal information of persons under 18 years of age has been collected on or through the Platform or the Grantmaker Sites, then we may deactivate the account and/or make the user content inaccessible, or direct our Grantmakers to do the same.

 

7. Why We Collect Your Personal Information and How We Use It 

Our mission is to provide a safe, efficient and high-quality Platform, and we, or our authorized third party service providers who assist us in providing the Services, process your personal information for this purpose. Personal information may  generally be processed for the following reasons:

  • In order to perform services under a contract we are about to enter into or have entered into with you. 

  • Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. 

  • Where necessary to comply with a legal or regulatory obligation. 

  • If we have obtained your prior consent. Please note that for this specific legal basis, you have the right to withdraw your consent at any time. 

More specifically, and depending on how you use our Services, Fluxx processes your personal data in the following instances and in order to: 

  • Provide you with our Services – providing webinars, demos, and the Grantseeker Platform, as well as hosting Grantmaker Sites (performance of a contract or sometimes necessary for our legitimate interests, depending upon the circumstances); 

  • Enable Grantseekers to connect with Grantmakers (performance of a contract);

  • Conduct checks to verify identity (performance of a contract or sometimes necessary for our legitimate interests, depending upon the circumstances); 

  • Send you direct marketing communications regarding Fluxx’s products and services that we may think are of interest to you (with your prior consent where you are not an existing customer); 

  • Respond to your queries and requests, or otherwise communicate directly with you (performance of a contract or sometimes necessary for our legitimate interests, depending upon the circumstances); 

  • Detect any fraudulent or illegal activity against you and/or Fluxx (necessary for our legitimate interests); 

  • Perform system maintenance and upgrades, and enable new features (performance of a contract or sometimes necessary for our legitimate interests, depending upon the circumstances);

  • Conduct statistical analyses (necessary for our legitimate interests); 

  • Provide information to regulatory bodies when legally required, and only as outlined below in Section 10(c) of this Privacy Notice (necessary for compliance with a legal obligation). 


8. Marketing Communications 

If you are an existing customer, and have not otherwise opted out, or if you have opted in to receive direct marketing emails from us, we may use your personal information to send you marketing information. For instance, when you request a demo or download a whitepaper, you will be asked if you wish to opt in to receive marketing communications from us for our products and services. This is what we call direct marketing. We carry out direct marketing by email. 

Unless you are an existing customer or a prospective customer, we rely on your consent to process the personal data you provide to us for this purpose. In either case, if you no longer wish to receive such information, you have the right at any time to opt out of marketing emails and withdraw your consent at any time. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication. You may also manage your preferences as further explained in Managing Your Preferences.

 

9. Managing Your Preferences


Direct Marketing

As explained above, Fluxx enables you to manage your marketing preferences by clicking on a link contained in each electronic communication to you. Please use your preference settings to inform us of how you would like to receive marketing communications. Updates to your privacy preference information will be submitted once you have confirmed your changes. 

Cookies

Outside the Platform, you may also manage your cookie and tracking preferences as follows:

  • Turning off cookies in the preferences settings in your browser. For more information or additional guidance, please click here;

  • Downloading the Google Analytics opt-out browser add-on here;

  • Fluxx, like many other companies, does not currently respond to Do Not Track (“DNT”) signals. Fluxx does not respond to DNT signals in order to provide the Services, maintain security and prevent fraud. For more information on DNT settings generally, please visit https://allaboutdnt.com

 

10. Disclosure of Your Personal Information


Regardless of how you use the Platform, we never sell or rent your personal data, and only disclose it to authorized third parties to the extent strictly necessary, as explained in this section. 

Aside from disclosing your information to those of our employees who are authorized to process the information in order to provide our Services and are committed to confidentiality, we disclose your personal information only to the third parties indicated below (and for the following reasons): 

  • Companies that do things to help us provide the Services: hosting service providers, user engagement and customer support providers, payment service providers, conference organizers, communication tools, and analytics tools;
  • Professional service providers, such as auditors, lawyers, consultants, accountants and insurers; 
  • Governments, regulators, law enforcement and fraud prevention agencies, but only as authorized as explained in Section 10(c) of this Privacy Notice; 
  • Grantmakers, if you are a Grantseeker and choose to link your information uploaded in the Grantseeker Platform directly to a Grantmaker; 
  • In the event of a business transfer; and
  • Companies approved by you, such as financial institutions or payment service providers.

a. Third-Party Service Providers

Specifically, depending on how you use the Platform, the following third parties collect data on our behalf or receive your personal data in order to assist us in providing our Services:

  • Amazon Web Services and Google Cloud to host our Platform;
  • Google Analytics, New Relic and Mixpanel, to perform analytics on the Platform;
  • Hubspot, which provides all of the functionality for the Site (with the exception of the Grantmaker Sites);
  • Salesforce, which assists in keeping track of our current and any prospective customers; 
  • Stripe, a subscription and payment service provider;
  • Sendgrid, which sends emails on our behalf;
  • Captera and Adwords, to advertise our Platform on other websites;
  • LogEntries, to provide centralized log keeping;
  • Appcues, to provide help within Grantseeker;
  • Wistia, which enables us to play videos (for demos and marketing purposes) on our Site.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, unless the data is rendered fully anonymous.

In addition, our Services for Grantmakers consist of hosting Grantmaker Sites within which Grantmakers may elect to enable or integrate additional services or applications from third parties, including: 

  • Lexis Nexis Bridger, which assists Grantmakers with Office of Foreign Asset Score (“OFAC”) checks: a Grantmaker may have a separate contract and paid account with Lexis Nexis Bridger (linked to its Grantmaker Site), which enables the Grantmaker to receive and store name, address, phone number, and OFAC score when an OFAC check is done; 
  • Zendesk, for customer support, which may be integrated Grantmakers and enable their administrators to log support tickets, communicate with support, and troubleshoot issues using the Zendesk web portal; and
  • Google Docs (part of Google Apps), which can be enabled in Grantmaker Sites for document editing and previews at Grantmakers’ discretion.

Where Fluxx processes data collected by Grantmakers via third-party integrated services, it processes any and all personal data only for the purpose of providing the Services to Grantmakers as explained in Section 3 and in compliance with this Privacy Notice. Fluxx also remains responsible for the processing of personal information it receives from Grantmaker Sites, and subsequently transfers to a third-party acting as an agent on its behalf. When Fluxx uses third-party service providers, contractors, and sub-processors to assist in providing the Services (including hosting Grantmaker Sites), Fluxx maintains contracts with these third parties that restrict their access, use, and disclosure of personal information.

b. Business Transfers

We may also share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice or as updated.

c. Legal Obligations and Security

While Fluxx endeavors to provide the highest level of protection for your information, we will preserve or disclose your personal information in limited circumstances, including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a subpoena, warrant or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; to protect the safety or security of our Platform or to prevent spam, abuse, or other malicious activity of actors on our Platform; or (iv) to protect our rights or property or the rights or property of those who use our Services. 

If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States, Canada, Ireland or Australia, or otherwise via mutual legal assistance treaty. Under such circumstances, we will attempt to provide you with prior notice that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address. However, government requests may include a court-granted non-disclosure order, which prohibits us from giving notice to the affected individual. In cases where we receive a non-disclosure order, we notify the user when it has expired or once we are authorized to do so.

With respect to any valid legal process (subpoena, warrant or court order) concerning Grantmaker Site Users’ or personal information uploaded to the Platform by Grantseekers, any such request will be immediately directed to the Grantmaker or Grantseeker unless we are prohibited from doing so due to a court-granted non-disclosure order. If we are prohibited from providing Grantmakers or Grantseekers with prior notice of such requests, we will notify them of such request after the prohibition has expired, or once we are authorized to do so.

Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis. 

d. Disclosure of Information Between Grantmakers and Grantseekers

If you are a Grantseeker, you have the option of linking information that you have uploaded to the Grantseeker Platform to Grantmakers directly. If you do so, only the  information that you choose to share will be visible to the specific Grantmaker(s) with whom you have connected. Please check Grantmakers’ individual policies to determine how they handle and protect personal data.

 

11. Payment Processing

We do not directly collect your payment information and we do not store your payment information. We use Stripe, a third-party, PCI-compliant, payment processor, which collects payment information on our behalf in order to complete transactions. While our administrators are able to view and track actual transactions via the Stripe customer portal, with the exception of the last 4 digits of your credit card, credit card type, zip code and expiration date, we do not have access to or process your credit card information. Please review Stripe’s privacy policy to learn more about how Stripe collects, processes and protects your personal information.

 

12. Third Party Links

On the Platform, we may provide, for informational purposes only, links to other websites or resources with which we do not have a contractual relationship and over which we do not have control (“External Websites”). Note that Grantmakers may also separately elect to add external links to External Websites in the Grantmaker Sites. Such links are not paid advertisements, nor do they constitute an endorsement by Fluxx of those External Websites, and are provided to you only as a convenience. By clicking on links to External Websites, the operators of the External Websites may collect your personal information. We are not responsible for the content or data collection practices of those External Websites, and your use of External Websites is subject to their respective terms of use and privacy policies. 

 

13. Third Party Social Plugins

On the Site and Grantseeker Platform, we provide third-party “share” buttons for YouTube, Facebook, Twitter or other social media sites, which may function as web beacons when you interact with the button. For instance, we provide a YouTube “share” button for sharing Fluxx’s training and new release webinars. As a result of this, please note that you may send to the third party the information that you are viewing on a certain part of the Platform when you “share”. If you are not logged into your account with the third party, then the third party may not know your identity. If you are logged in to your account with the third party, then the third party may be able to link information or actions about your interactions with the Platform to your account with them. Please refer to each third party’s privacy policies to learn more about its data practices, as also explained in our Cookie Policy

 

14. How Long Do We Keep Your Personal Information? 

Your personal information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights. 

In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, and applicable legal requirements. For example: 

  • With regard to Fluxx’s users, as well as data collected by Grantmakers from Grantmaker Site Users: personal data is stored for the duration of the commercial relationship and then retained only as required to satisfy applicable contractual, legal and financial retention obligations, after which it is deleted or archived (only if necessary to comply with legal retention obligations for the latter); 
  • Grantmaker and Grantseeker logs, including Device Information, are stored for 12 months to comply with contractual and security requirements.

In some circumstances, you can ask us to delete your data. See Additional Legal Rights For Users in the European Economic Area below for further information.

Some exceptions from static retention periods may occur. For instance, we cannot delete personal data when there are legal obligations to retain it (e.g. arising from tax or commercial law). This is particularly true of financial data and payment information. Additionally, we cannot delete personal data when it is needed for the establishment, exercise or defense of legal claims (“litigation hold”). In this case, the personal data can be retained as long as needed for exercising respective potential legal claims.

In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to you or any specific user.

 

15. Protecting Your Personal Data 

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however we take all steps necessary to securely provide all of our Services, whether on the Platform or the Grantmaker Sites. We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer, firewalls, and password protection. In addition, we require two-factor authentication for all employees and contractors who may access your data to provide our Services, and we limit access to those employees, agents, contractors and the third parties who have a business need-to-know.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We also require those parties to whom we transfer your personal information to comply with the same. 

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take all reasonable steps necessary to provide the most secure Services, by using our Services, you understand and assume the risks associated with your activities on the internet.

 

16. International Transfers

Fluxx is based in the United States and has servers in Canada, Ireland, and Australia. The personal information that we collect are sent to and stored on secure servers located in the United States. Such storage is necessary in order to process the information. Fluxx operates globally and may transfer the personal data that we collect from you to our other offices and/or to the third parties mentioned in the circumstances described above, which may be situated outside of your country or regional area, and may be processed by staff operating outside of your country or regional area. In particular, information provided to us or collected by us likely will be transferred to and processed in the United States by us or our agents and contractors. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence.

The European Union’s General Data Protection Regulation (“GDPR”) allows for transfer of personal data from the European Union to a third country in certain situations. By your continued use of the Platform, and agreeing to the terms of use and this Privacy Notice, you agree to the transfer of your information to the United States and to the processing of that information by Fluxx on servers located in the United States as described in this Privacy Notice. Wherever we transfer your personal data, we will take reasonable steps to ensure that your privacy rights continue to be protected. We may also adopt other means, such as entering into Model Contract Clauses. More information about the Model Contract Clauses is available here.

 

17. Additional Legal Rights For Users in the European Economic Area


If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data:

  • The right to be informed –  our obligation to inform you that we process your personal data (and that’s what we’re doing in this Privacy Notice);
  • The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’);
  • The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
  • The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
  • The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data;
  • The right to data portability – your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
  • The right to object – your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
  • Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.

These rights are subject to certain rules around when you can exercise them. If are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us (see How to Contact Us About Privacy).

You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.

We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. 

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.

In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services. 

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us first.

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details in How to Contact Us About Privacy below.

If you are a Grantmaker Site User, please direct any requests or questions to the Grantmaker as explained in Section 3 of this Privacy Notice, and Fluxx will assist the relevant Grantmaker.

 

18. How to Contact Us About Privacy

If you have any questions about this Privacy Notice, have additional questions, or would like to exercise any of your rights if you are located in the European Economic Area, please contact us at privacy@fluxxlabs.com. You may also write us at:

Fluxx Labs, Inc.
Attention: Data Privacy
2261 Market Street, #4060
San Francisco, CA 94114
United States of America

 

19.Changes to this Privacy Notice

Fluxx may need to update this Privacy Notice from time to time. If so, we will post an updated Privacy Notice on our Platform along with a change notice on the Platform. If we make significant changes, we may also send registered users a notice that this Privacy Notice has been changed. We encourage you to review this Privacy Notice regularly for any changes. Your continued use of the Platform and/or your continued provision of personal data to us after the posting of such notice will be subject to the terms of the then-current Privacy Notice.

 

Fluxx Labs Cookie Policy

Effective date: May 9, 2019

Fluxx is committed to transparency with respect to its data collection and use practices. This Cookie Policy (“Cookie Policy”) explains how we use cookies throughout the Platform and your related choices. Please note that this Cookie Policy is provided as a statement about privacy and Fluxx’s use of cookies and similar technologies. 

Capitalized terms used in this Cookie Policy but not defined herein will have the meanings given to them in Fluxx’s Privacy Notice.

“COOKIES” EXPLAINED AND WHY THEY ARE USED

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your computer or device in order to remember information about you, such as your language and/or currency preference or login information. Fluxx may use similar techniques – web beacons, specifically – which we will refer to collectively as “cookies”.

Cookies may be used for many different purposes. For example, cookies can be used to show that you have previously visited the Platform and to identify which parts of the Platform you might be most interested in. Cookies can also improve your online experience by storing your preferences during your visit to the Platform.

Types of Cookies Used by Fluxx

Fluxx places its own (direct or “first-party” cookies), We also use third-party cookies on the Platform – which are cookies placed by external domains and companies. Cookies and other tracking technologies fulfill the following purposes:

  • Assisting you in navigation of the Platform.
  • Analyzing your use of the Platform and Services.
  • Filling out contact, support and feedback forms.
  • Sharing content on the Platform through social media via “share” buttons. 

Below is an explanation of the types of cookies that may be used on or through the Platform and why we use them. We classify cookies in the following categories:

  • Strictly Necessary Cookies
  • Performance Cookies
  • Content Sharing Cookies

Where required by applicable law, we will obtain your consent prior to setting cookies (except for strictly necessary cookies).  In order to manage your cookie preferences, you may alter the cookie settings in your browser settings at any time. You may accept all, or certain, cookies. If you do disable our cookies in your browser settings, you may find that certain sections of Platform will not work. For example, you may have difficulties logging in.

STRICTLY NECESSARY COOKIES – PROPER FUNCTIONS OF PLATFORM AND FLUXX APP

These cookies are necessary for the Platform to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Platform may not work.

Fluxx and its third-party service providers (as set forth in the Privacy Notice) use these cookies to:

  • Remember information that you fill in when performing certain activities on the Platform.
  • Pass information from one page to the next, for example when filling out support forms or surveys.
  • Store your preferences such as language, location, and currency.
  • Store settings for optimal video display, such as buffer size and your computer or devices resolution details.
  • Read your browser and device settings to optimize the display of the Platform.
  • Locate and identify misuse of the Services.
  • Load the Platform uniformly to maintain accessibility.
  • Offer options to store your log-in details to streamline your access to the Platform and Services.
  • Enable embedded video content.
  • Fraud prevention and authentication.
  • Provide the ability to “like” or “favorite” content on the Platform. 

PERFORMANCE COOKIES – PLATFORM AND FLUXX APP USAGE ANALYTICS

These third-party cookies allow us to count visits and traffic sources, so we can measure and improve the performance of the Platform. They help us know which pages are the most and least popular and see how visitors move around the site. 

These cookies are used to:

  • Keep track of the number of visitors to the pages within the Platform.
  • Keep track of the length of time that each visitor spends on the pages within the Platform.
  • Determine the order in which a visitor visits the various pages within the Platform.
  • Determine the website a visitor was at before navigating to the Platform and the website a visitor is going to immediately after leaving the Platform.
  • Identify Platform performance issues.
  • Assess which parts of the Platform need improvement.

CONTENT SHARING COOKIES - SHARING PLATFORM CONTENT VIA SOCIAL MEDIA 

Certain content on the Platform (e.g. articles, pictures and videos) can be shared and liked via social media by means of “share” buttons. If you click on the “share” button for a third-party social media site, that social media site will collect your personal information and data for their own purposes. As stated in the Privacy Notice, Fluxx has no control over how these third-party social media services make use of your personal information and data. We encourage you to read the applicable privacy policies for such third-party social media services to understand how your personal information may be used by them – and adjust your privacy settings accordingly. Please refer directly to the privacy policies linked below of the third-party social media services currently available through the Platform:


YOUR OPTIONS: MANAGE TRACKING AND OPT OUT

While tracking is widespread over the internet, there are things you can do to minimize these activities, as explained here.

  • You may download the Google Analytics opt-out browser add-on here.
  • Fluxx, like many other companies, does not currently respond to Do Not Track (“DNT”) signals. Fluxx does not respond to DNT signals in order to provide the Services, maintain security and prevent fraud. For more information on DNT settings generally, please visit https://allaboutdnt.com.
  • With respect to social media “share” buttons, many of these social media sites handle tracking differently depending on whether or not a user is logged in and the preferences selected by users. If you use social media and want to protect your browsing privacy, we recommend that you adjust your individual settings for each third-party social media company with whom you have an account, so as to minimize cross-site tracking.
  • To learn more about cookies, including how to manage cookies and opt-out of cookies being placed on your device, please visit http://www.allaboutcookies.org/manage-cookies/index.html.

CHANGES TO THIS COOKIE POLICY

Fluxx reserves the right to amend this Cookie Policy and the cookies included in the lists at any time and without notice. The updated and amended Cookie Policy will be effective upon posting. If you do not agree to the revised Cookie Policy, you should alter your preferences, or consider ceasing use of the Platform. By continuing to access or make use of the Platform and our Services after the changes become effective, you agree to be bound by the revised Cookie Policy. 

If you have any questions and/or comments regarding this Cookie Policy, please contact us privacy@fluxxlabs.com