VISUALISE FUNDRAISING and VISUALISE REPORTING & ANALYTICS PRIVACY POLICY

 

Visualise Fundraising (ACN 647 019 289) and Visualise Reporting & Analytics (ACN 679 789 532) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you.

If you use our platform (Visualise App) or if you are a supporter or contact of our customers, we may be provided your personal information. In all cases, we will hold, use, and disclose your personal information in accordance with this Privacy Policy.

This Privacy Policy was last updated on 1 November 2024.

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

If you are a Visualise Fundraising customer, or a user of our Visualise Reporting & Analytics App, the types of personal information we may collect about you include:

• Identity Data including your name.
• Contact Data including your telephone number and email, and address of your organisation.
• Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us, or we have purchased from you.
• Technical and Usage Data when you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies or analytics), and communications with our website.
• Profile Data including your username and password for our platform, profile picture, purchases or orders you have made with us, reports you generate with us, and support requests you have made.
• Interaction Data including information you provide to us when you participate in any interactive features, including surveys, feedback forms, or events.
• Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
• Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.
• Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law.

If you are a supporter or contact of one of our Visualise Reporting & Analytics customers, the types of personal information we may collect about you include:

• Identity Data including your age and gender.
• Contact Data including your suburb, state, postcode and country.
• Transaction Data including details about payments from you to our customer, and other details of the donation you may have provided to them.
• Interaction Data including information you provide to our customer when you participate in any interactive features with them, including providing feedback, surveys, contests, promotions, activities or events.
• Marketing and Communications Data including your preferences in receiving marketing from our customers, and your communication preferences.
• Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. Visualise Fundraising and the Visualise Reporting & Analytics App will not actively request or collect sensitive information about you.

 

How we collect personal information

We collect personal information in a variety of ways, including:

• when you provide it directly to us, including face-to-face, over the phone, over email, or online;
• when you complete a form, such as submitting feedback, registering for any events, or responding to surveys;
• when you use any website we operate (including from any analytics and cookie providers or marketing providers. See the “Cookies” section below for more detail on the use of cookies);
• from third parties, such as Raiser’s Edge or other customer relationship management tools; or
• from publicly available sources.

 

Why we collect, hold, use and disclose personal information

Personal information: We collect, hold, use and disclose your personal information for the following purposes:

• to enable you to access and use our software and services, including to provide you with a login;
• to do business with you, including to provide our platform to you;
• to contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us;
• to contact and communicate with you about any enquiries you make with us via any website we operate;
• for internal record keeping, administrative, invoicing and billing purposes;
• for analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms;
• for advertising and marketing, including to send you promotional information that we consider may be of interest to you;
• to run promotions, competitions and/or offer additional benefits to you;
• if you have applied for employment with us, to consider your employment application; and
• to comply with our legal obligations or if otherwise required or authorised by law.

 

Our disclosures of personal information to third parties

Personal information: If you use the Visualise App, we will only disclose your personal information to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law. This means that we will only disclose personal information to:

• our employees, contractors and/or related entities;
• IT service providers, data storage, web-hosting and server providers;
• marketing or advertising providers;
• professional advisors, bankers, auditors, our insurers and insurance brokers;
• payment systems operators or processors;
• our existing or potential agents or business partners;
• if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
• third parties to collect and process data, such as analytics providers and cookies; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.

 

If you are a supporter or contact of our customer, your personal information will not be disclosed to:

• marketing or advertising providers;
• professional advisors, bankers, auditors, our insurers and insurance brokers;
• payment systems operators or processors;
• our existing or potential agents or business partners;

Google Analytics: We have enabled Google Analytics Advertising Features. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

To find out how Google uses data when you use third party websites or applications, please see here.

Overseas disclosure

If you are a customer that is based in Australia or New Zealand, we store all data in Australia. Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of Australia. We will only disclose personal information overseas with your consent and in accordance with the Australian Privacy Principles.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details at the bottom of the document, or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details provided at the bottom of this document. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details provided at the bottom of this document and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

 

Storage and security

We are committed to ensuring that any personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure, including but not limited to:

• For Visualise Fundraising customer data, all information is securely stored in systems that have been verified as secure, and use multi-factor authentication (Microsoft Office 365 & Xero)
• For Visualise Reporting & Analytics, all stored information is protected by the following security measures:
  • Identity and Access Management – Visualise (App) uses Blackbaud single sign-on for authenticating users to the application. Blackbaud authentication uses the OAuth 2.0 protocol to authorise sign-in requests. Application uses Proof Key for Code Exchange (PKCE) and a state parameter for security. Additional security measures like MFA (Multifactor Authentication) are also implemented.
  • Network Security – The Visualise Application gateway has a Web Application Firewall (WAF) which is a service that provides centralised protection of web applications from common exploits and vulnerabilities.
  • API Security – Visualise leverages JWT validation and Subscription Key Validation to maintain API security. JWT validation policy pre-authorises requests and checks the validity of an access token obtained from Blackbaud that is presented in the Authorisation header. Subscription Key Validation ensures that all Visualise application users who need to consume the APIs must include a valid subscription key in HTTP requests when calling the APIs.
  • Authentication and Access – Access is controlled through Azure AD and provided to only required roles.
  • Database Security – Application API and permitted IP addresses are only allowed to access the database via firewall. Transport Layer Security (Encryption-in-transit) – Azure SQL Database always enforces encryption (SSL/TLS) for all connections, this ensures all data is encrypted “in transit” between the client and server. Transparent Data Encryption (Encryption-at-rest) – All databases are encrypted by default and the database encryption key is protected by a built-in server certificate.
  • Logging and Auditing – Azure Monitor is used to track users, maintain security, and identify trends by enabling Visualise to audit, create alerts, and archive data, including tracking API calls within Azure.
  • Security Patching & Updates – The Visualise app security infrastructure is regularly reviewed, and patches/updates are deployed routinely.
  • Personally Identifiable Information – Visualise is built from the ground up to provide analytics and insights that do not rely on personally identifiable information. So, no names, no banking or credit card details, no dates of birth, no street addresses, emails or phone numbers. No data that could be connected to form a uniquely identifiable profile of any individual.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

 

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

 

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

 

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

 

For any questions or notices, please contact us at:

Visualise Fundraising Pty Ltd (ACN 647 019 289) | Visualise Reporting Pty Ltd (ACN 679 789 532)

Email: info@visualisefundraising.com | info@visualisereporting.com