Funraise's GDPR Compliance
While Funraise has not undergone a formal GDPR audit, we are committed to adhering to the best practices recommended by the GDPR. Here are some key principles we follow:
Lawfulness, Fairness, and Transparency: We ensure that personal data is processed lawfully, fairly, and transparently. Users are informed about how their data will be used and have the right to access this information and request removal of information. This is covered in our privacy policy under use of information.
Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Funraise does not resell data or have data cooperative agreements with third parties.
Data Minimization: We only collect and process personal data that is adequate, relevant, and limited to what is necessary for the intended purpose. Funraise is a highly configurable system and for the purposes of donor data processing, organizations have flexibility to collect minimal information to facilitate gift processing.
Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date.
Storage Limitation: Personal data is kept in a form that permits identification of individuals for no longer than necessary for the purposes for which the data is processed.
Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This is covered in our terms and conditions under data security.
Donation Flow and Data Handling
Funraise provides the ability:
For organizations to configure minimal data collection from donors
For organizations and donors to delete donor data by contacting us
For donors to rectify their data with our donor portal app
Data deletion is covered in our privacy policy.
Operational Restrictions
At present, Funraise operates in compliance with international data privacy laws, and we are not aware of any specific countries or regions where we are restricted due to data protection laws. However, we advise checking the specific legal requirements in each country you plan to operate in, as data protection laws can vary significantly.
Managing GDPR Compliance
Although the the risk surface area for GDPR compliance within Funraise may be low, it is essential that your organization assesses and determines your own risk profile. We recommend working with legal counsel or a GDPR consultant to ensure that your specific use cases and data handling practices align with GDPR requirements.
Please note that while we may provide helpful guidance, Funraise does not provide legal advice. The ultimate responsibility for GDPR compliance and other data protection regulations rests with your organization.