Subway Cares Foundation® Privacy Statement
Last modified: July 26, 2022
The Subway Cares Foundation® (the “Foundation”, “us”, “we”, or “our”) is a 501c3 organization that is committed to protecting the privacy of our donors and the personal information you may share with us or that we hold. The Foundation values its website visitors’ and donors’ trust and recognizes that maintaining this trust requires the Foundation to be transparent and accountable to its supporters and the public. This Privacy Statement (this “Statement”) describes the information collected by us and our service providers about our donors and through our website (together, “Collected Information”) and our practices for using, maintaining, protecting, and disclosing that information.
This Statement also explains your rights and choices regarding your personal information, how we communicate changes to this Statement, and how you may contact us regarding questions or issues with respect to anything contained addressed in this Statement.
- Changes to this Statement. This Statement is current as of the date stated at the top of this Statement. The Foundation reserves the right to modify this Statement from time to time. All modifications will be effective immediately upon posting of the updated Statement on our website and, by accessing or using our website after changes are made, you agree to those changes. Material changes will be clearly posted on our website or otherwise communicated to you (e.g., via email).
- Information Collected and Maintained. Collected Information includes both information that you voluntarily submit to us (e.g., your contact information) and information collected passively because of your use of the website or interacting with the Foundation. For example, the Foundation collects and maintains information about and from you when you:
- Contact us by telephone, mail, or email, in person, or via our website.
- Register for an event.
- Make a contribution, either on our website or at an event, by payroll deduction, mailing in a check, credit, or debit card, or via an electronic donation platform such as Venmo, PayPal or a similar service.
- Navigate through our website.
From time to time, we may collect information from or about you in ways not specifically described in this Statement, subject to your express consent.
- Types of Collected Information. The Foundation and its service providers collect and maintain the following types of information about our donors and website visitors:
- Contact information and other personal information, such as name, address, email, and telephone number. If you provide a mobile or other telephone number to us, you consent to receiving telephone calls from us at that telephone number as described below (but only to the extent permitted by applicable law).
- Giving information, including types and amounts of donations, credit card information, and other payment information.
- Donations must be made by credit or debit card or, if and where made available to you, other methods of payment. All credit and debit card information is provided directly to our PCI-compliant third-party payment processor. The Foundation does not directly handle your credit or debit card information and we will disclose such information only for the purpose of processing donations. If you elect to make a donation, you will be required to provide your name, contact information, and payment information. We will also collect all other information you choose to provide when making a donation, such as comments and demographic information. Our donor management software supplier maintains a record of the donations that you make and the information you provide in the process.
- If you make a donation, your name and any comments you provide may be listed publicly on our website and in donor listings that we publish from time to time. If you do not want to be recognized for your donation, please let us know. If you make a donation in honor of another person, that person’s name may be listed publicly on our website and in donor listings that we publish from time to time; further, if you elect to provide us with an email address for that person, we may send that person an email acknowledging the donation. Please do not make a donation in honor of another person if you do not have that person’s permission for us to list his or her name publicly.
- Information on Foundation events you’ve registered for or attended and on Foundation publications received. Information required for event registration may vary by event and will be disclosed at the point of registration.
- Any other information provided by you to the Foundation or through our website, including information that does not personally identify you.
- Whenever you visit or interact with the Foundation’s websites, we may use a variety of technologies that automatically or passively collect information about your online activity. This information may be collected in the following ways:
- Device & Technical Data. We collect technical information when you visit our website. This includes information such as you Internet Protocol (IP) address, your login data, the type of computer or mobile device you use, your device’s operating system and browser type, time zone setting and location, language, a unique device identifier, the address of a referring website, the path you take through our websites, clickstream data, your approximate geographic location, website performance data and statistics, and other information about your access to and use of our websites.
- Geolocation Data. In addition to the approximate geographic location information collected as discussed above, we may collect more specific information about your location when your device is set to provide location information or when you have opted in to sharing location information with us.
- Confidentiality & Security. All information about any financial and non-financial transactions between you and the Foundation is considered highly confidential and we employ appropriate security measures designed to help protect that information. We protect your personal information using security measures, including physical, administrative, and technical safeguards, to help reduce the risk of loss, misuse, unauthorized access, disclosure, and modification of that information.
- Use and Disclosure of Collected Information. In addition to the uses and sharing described above, the Foundation and its service providers may use and disclose Collected Information as described below. We do not use, sell, rent, share, or otherwise disclose Collected Information except as stated in this Statement or as may be required or permitted by applicable law. The Foundation collects, uses, and maintains personal information and other Collected Information to:
- Establish a relationship with you and communicate with you (including via telephone calls) about the Foundation, including its programs, special events, and funding needs.
- Provide you with information you may request.
- Learn about our donors and website visitors and what matters to you.
- Understand user demographics, including where our donors and website visitors are located.
- Analyze, develop, and improve website content and related services.
- Customize website content and the user experience.
- Process donations and event registrations and issue tax receipts.
- Comply with laws and regulations, including reporting requirements.
- Plan future fundraising activities and events.
- Analyze giving patterns.
- Solicit feedback from you by conducting surveys and send you promotional communications (except as may be prohibited by applicable law).
- To create aggregated anonymous data.
- Types of Collected Information. The Foundation and its service providers collect and maintain the following types of information about our donors and website visitors:
The Foundation will not share, sell, or exchange your personal information to or with any third party for such third party’s fundraising or marketing purposes.
Collected Information will be disclosed to our service providers as necessary for us to provide our website and to engage in the use and sharing of Collected Information as permitted by this Statement. These third parties may include, without limitation, our website management and hosting suppliers, website analytics providers, payment processors, marketing and public relations service providers, and email service suppliers. Our service providers are authorized to and may use and disclose Collected Information as necessary for them to provide the applicable products and services to us (e.g., to process donations) and as provided by their own privacy policies and our agreements with those third parties.
We may use and share Collected Information in accordance with and in response to regulatory authorities, courts with competent jurisdiction, law enforcement and governmental agency requests, emergency services, and other necessary third parties for legal, protection, security, and safety purposes (e.g., to comply with laws or regulations, to respond to subpoenas and legal processes, to protect the safety of our employees or any other person). We may use Collected Information and share it with third parties if we believe doing so is necessary or appropriate to protect our rights or the rights of others, including to enforce our agreements, policies, and terms, to bring legal action, to protect our operations and assets, or to pursue remedies or limit damages that we may sustain.
If the Foundation undergoes a change in control, acquisition, merger, reorganization, asset sale, or similar transaction, we may transfer, sell, share, or otherwise disclose Collected Information to the subsequent successor(s) of those transactions. We may also disclose Collected Information in connection with the evaluation of those transactions. Those recipients will be bound by this Statement as it applies to the information disclosed.
- Communications. The Foundation will from time to time communicate with you, including by telephone, email, and mail, concerning the Foundation’s charitable activities, events, and requests for future support. The Foundation will not call or email you or send mailings to you on behalf of other organizations without your express consent. To opt out of receiving these communications, you may contact the Foundation as described in the “Contact Us” section below or by clicking on the “unsubscribe” link in any email communications.
- Records Retention and Destruction. The Foundation complies with all Internal Revenue Service, state, and local regulations and the Foundation’s internal policies governing the retention, management, and destruction of donor information collected and maintained by the Foundation.
- Accessing and Correcting Your Personal Information. You can review and request changes to the personal information that the Foundation has collected about you by contacting the Foundation as described in the “Contact Us” section below.
- Your Rights (European Economic Area Only). Under certain circumstances, you have rights under applicable data protection laws in relation to your personal information. You may have the right to:
Access Your Personal Information. You can request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You may reasonably access your personal information by contacting the Foundation office regarding the accuracy of your personal information. Please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information we have about you.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information, we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Modify or Update Your Personal Information. We aim to ensure that personal information in our possession is accurate, current and complete. If you believe that the personal information about you is incorrect, incomplete or outdated, you may request the revision or correction of that information. We will use reasonable efforts to revise it and, if necessary, to use reasonable efforts to inform agents, service providers or other third parties, which were provided with inaccurate information, so records in their possession may also be corrected or updated. However, we reserve the right not to change any personal information we consider accurate.
Erasure of Your Personal Information. You may ask us to delete or remove personal information where there is no legal reason for us to continue using it. You also have the right to ask us to delete or remove your personal information where you successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with law. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which we will notify you, if applicable, at the time of your request.
Object to Processing Your Personal Information. You may have the right to object to us processing your information in certain circumstances. This right applies when we are processing your personal information based on a legitimate interest (or those of a third party), which you may challenge if you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. However, in some cases, we may demonstrate that we have compelling legitimate ground to process your information or legal obligations which override your rights and freedoms.
Data Portability. You may request the transfer of your personal information to you or a third party. We will provide to you, or a third party you have chosen, your information in a structured, commonly used, machine-readable format. Please note this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Notice to Nevada Residents. Nevada law allows consumers to direct certain businesses not to sell their personally identifiable information collected on a business’s website or other online service to third parties to license or sell that information to additional third parties. If you are a Nevada resident, you may submit such opt-out requests by filling out this form. To be effective, your request must include your full name, address, telephone number, and email address to verify the authenticity of your request.
- Your California Privacy Rights (California Residents Only). If you are a California resident, the following additional rights may be available to you.
California Consumer Privacy Act of 2018 (CCPA)
Beginning January 1, 2020, the CCPA provides California residents with additional rights as described below. Please note your right to know and right to delete are subject to certain exceptions under the CCPA.
Notice of Collection. During the past 12 months, we have collected the following categories of personal information that the CCPA covers:
- Identifiers, including name, email address, physical address and/or telephone number
- Billing and delivery address, and credit or debit card information.
- Commercial information, including your engagement with our website
This Statement includes additional information about our data practices. For more information on information we collect, including the sources we receive information from, review the “Types of Collected Information” section above. We collect and use these categories of personal information for the business purposes described in the “Lawful Basis For How We Use Your Personal Information” section, including to provide and manage our website.
Right to Know. You have the right to know certain information about our data practices in the preceding 12 months. You have the right to request the following information from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or “selling” the personal information; and
- The specific pieces of personal information we have collected about you.
Right to Delete. You have the right to request the deletion of personal information that we collect or maintain about you.
Right to Opt Out of “Sale”. The Foundation does not sell information as the term “sell” is traditionally understood.
How to Exercise Your CCPA Rights. To exercise any of these rights, please fill out this form or email us at email@example.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
- You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly. Please provide written proof via email to firstname.lastname@example.org.
Please note that if you opt out of receiving communications from us, we may still send communications to you about your transactions with us. Opting out of one form of communication does not mean you’ve opted out of other forms as well.
If you wish to exercise any of the rights set above, please contact us. We will need you to provide specific information to help us confirm your identify. This is a security measure to help ensure that your personal information is not disclosed to someone that does not have the right to receive it.
- Lawful Basis For How We Use Your Personal Information. We may use the personal information we collect in the following ways:
- Carry out your requests and process payments for donations;
- Provide donor support, including processing any concerns about our services;
- To comply with applicable law, including protection against fraud and other crimes, claims and liabilities, comply with legal obligations and our policies, establish or defend a legal claim and monitor and report compliance issues;
- For public interest, if we reasonably believe that there is an inherent security issue that we must disclose to you or the authorities and the use of your information will prevent or potentially minimize the danger to you or others; and
- Children Under the Age of 16. The Foundation’s website is not intended for children under 16 years of age. No one under age 16 may provide any information to or using the website. The Foundation does not knowingly collect or use information from children under 16 through our website. If you are under 16, do not use or provide any information on this website or provide any information about yourself to the Foundation, including your name, address, telephone number, email address, or any screenname or username you may use. If the Foundation learns it has collected or received personal information from a child under 16 without verification of parental consent, the Foundation will use commercially reasonable efforts to delete that information. If you believe that we might have any information from or about a child under 16, please contact the Foundation as described in the “Contact Us” section below.
- Information Storage & International Transfers. Collected Information will be stored and processed in the United States and in any country where our or our suppliers’ servers, databases, or facilities are located or operated. By accessing, receiving, or using our website, you acknowledge and agree that information may be transferred outside of the country from which you access our website and that such countries’ data protection and related laws, regulations, and rules may be different, and may require a lower standard of protection, than those of the jurisdiction from where you access our website. The Foundation has, however, taken appropriate safeguards to require that your personal information will remain protected in accordance with this Statement including implementing the European Commission’s Standard Contractual Clauses for transfers of personal information. The European Commission has determined that the transfer of personal information of its residents outside of Europe must be subject to a legal framework that adequately protects it. To that end, we transfer personal information of European Economic Area (“EEA”) and Swiss residents to the U.S. (or elsewhere) based the use of the Standard Contractual Clauses (also known as the “Model Clauses”).
- Third-Party Websites. Our website may link to, or be linked to, websites, applications, or services not maintained or controlled by the Foundation. The Foundation is not responsible for the privacy policies or practices of any third parties or any third-party websites, applications, or services. This Statement does not apply to any third-party websites, applications, or services or to any personal or other information that you may provide to third parties.
- Contact Us. To opt out of receiving communications from the Foundation, to review the personal information that we have collected about you, to opt out of the sale or sharing of the personal information as described above, or to ask any other questions regarding this Statement, please contact the Foundation at the below address or email or submit your request via the Foundation’s “Contact Us” page on our website