logo

Grace Church Pla...

Grace Church Plano

Grace Church Plano Privacy Policy

Effective Date: August 16, 2024

This Privacy Policy outlines how Grace Church Plano and our development partner, Subsplash, ("we," "our," or "us") collect and use our user’s ("you" or "your") personal information, which we gather from our websites, services, and desktop and mobile applications (collectively referred to as "Grace Church Plano" or "Service").

Please take a moment to read the following to learn more about our information practices, including what type of information is gathered, how the information is used and for what purposes, to whom we disclose the information, and how we safeguard your personal information. Your privacy is a priority and we go to great lengths to protect it.

We may update this privacy policy from time to time. When we change the policy in a material way a notice will be posted on our website along with the updated privacy policy.

Why We Collect Personal Information

We collect your personal information because:

  • It helps us deliver and administrate the Services and your account;

  • It helps us deliver a superior level of customer service;

  • It enables us to give you convenient access to our products and services and focus on categories of greatest interest to you;

  • It helps us keep you posted on the latest product announcements, software updates, special offers, and events that you might like to hear about. If you do not want us to keep you up to date with news, software updates and the latest information on products and services please submit your request at https://www.subsplash.com/legal/data-request or send an email request to privacy@subsplash.com.

What Information We Collect, When We Collect It, And How We May Use It

If you wish to utilize Grace Church Plano, we need your information for purposes of processing and transmitting information to drive the correct data and content between servers and apps for your experience.

Also, there are a number of situations in which your personal information may help us give you better service. For example:

  • We may ask for your personal information when you’re discussing a service issue on the phone with an associate, downloading a software update, registering for a seminar, participating in an online survey, registering your products, or purchasing a product;

  • When you interact with us, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the our products that you own, such as their serial numbers and date of purchase; and information relating to a support or service issue;

  • We collect information regarding customer activities on our websites and applications. This helps us to determine how best to provide useful information to customers and to understand which parts of our websites, products, and Internet services are of most interest to them, and diagnose problems with our servers and websites;

  • When you visit our mobile application, we may ask you to opt in to allow us to use GPS technology (or other similar technology) to determine your current location for purposes of reporting on user activity and engagement. If you do not want us to use your location for the purposes set forth above, you should not opt in or turn off the location services for the Grace Church Plano mobile application located in your account settings or in your mobile phone settings and/or within the mobile application;

  • We may use personal information to provide products and/or services that you have requested as well as for auditing, research, and analysis to improve Subsplash’s products;

  • If you utilize the messaging functionality, we store the contents of your messages which may contain personal information, may obtain your mobile device’s number or your email, and may request access to your mobile device’s contacts for the purpose of accessing and storing only the phone number and/or email address of the particular persons that you opt to contact through the Service - we will not copy any contact information regarding persons that you do not contact through the Service. With regard to the contact information of the particular persons that you opt to contact through the Service, we will only utilize that information for purposes of providing the Service, and will not use that information for any other purpose;

  • If you sign up for Messaging, as described above, and you choose to invite other users to join a conversation, we will request access to your contacts, though it is not required in order to invite other users to your conversation. We will only use this access to enable you to invite other users;

  • We may use aggregated and anonymized forms of personal information for a variety of purposes, including, but not limited to, analyzing usage trends, fraud detection, and development of new Services.

Publicly Displayed Information Is Public

If you use a bulletin board, streaming service, messaging service, or chat room on one our website or Service you should be aware that any information you share is visible to other users. Personally identifiable information you submit to one of these forums can be read, collected, or used by other individuals to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums. For example, if you choose to make information, which was previously non-public, available by disclosing it in such forms or by enabling certain user features, Subsplash will collect that information from your interaction and the information will become publicly available.

When We Disclose Your Information

We take your privacy very seriously. We do not sell or rent your contact information to other marketers or any other third party. If you wish to utilize the Grace Church Plano, we disclose your information to third party service providers and institutions for purposes of processing and transmitting information to drive the correct data and content between servers and apps for your experience. If you invite other users to one of our services, we may inform the person(s) you invite of who has invited them. Subsplash may share aggregated and anonymized forms of personal information with third parties, in which case, the information shared will be shared in a deidentified and non-identifiable form.

Within The Subsplash Group

Subsplash, Inc. and Subsplash Wallet, LLC both operate under the name “Subsplash” and they operate as a group. To help provide superior service, your personal information may be shared with legal entities within the Subsplash group globally who will take reasonable steps to safeguard it in accordance with Subsplash’s privacy policy.

With Our Service Providers, Vendors, And Strategic Partners

There are also times when it may be advantageous for us to make certain personal information about you available to companies that we have a strategic relationship with or that perform work for us to provide products and services to you on our behalf. These companies may help us process information, extend credit, fulfill customer orders, deliver products to you, manage and enhance customer data, provide customer service, assess your interest in our products and services, or conduct customer research or satisfaction surveys. These companies are also obligated to protect your personal information in strict accordance with our policies, except if we inform you otherwise at the time of collection. Without such information being made available, it would be difficult for you to purchase products, have products delivered to you, receive customer service, provide us feedback to improve our products and services, or access certain services, offers, and content on our website.

Partner Promotions

We may offer contests, sweepstakes, or other promotions with third party partners. If you decide to enter a contest, sweepstakes, or promotion that is sponsored by and/or associated with a third party partner, then the information that you provide will be shared with us and with them. Their use of your information is not governed by this privacy policy.

Business Transfers

Subsplash may choose to buy or sell assets and may share and/or transfer customer information, including Personal Information, in connection with the evaluation of and entry into such transactions and based on our legitimate interests. Also, if we or our assets are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be one of the assets transferred to or acquired by a third party.

Lawful Requests

At times we may be required by law or litigation to disclose your personal information. We may also disclose information about you if we reasonably determine that for national security, law enforcement, or other issues of public importance, disclosure is necessary.

Subsplash Giving

Subsplash Giving is web-enabled functionality that can be used with a web browser and on mobile devices. It was developed by Subsplash to enable donors to donate money to third-party organizations. If you choose to use the Subsplash Giving functionality to donate money, Subsplash and the payment processor will collect personal information from you, including your name, contact information, the donation amounts, and the payment processor receives certain payment information (e.g. credit card number, billing address, security code) and will use that information to process payments and provide you records of the transactions. Donor information will be shared with the Gift Recipient.

When you send a text message to Subsplash or Subsplash Wallet for purposes of utilizing text-to-give functionality, you will be disclosing your cell phone number to Subsplash, Inc., and you thereby consent to receiving a hyperlink to the Subsplash Wallet donation portal via text message. In order to stop receiving texts from Subsplash or Subsplash Wallet, respond to the text message by typing, “STOP.”

Subsplash Live

Subsplash Live utilizes Google (YouTube) API Services, in accordance with the guidelines specified in the Google Privacy Policy at https://www.google.com/policies/privacy and the Google API Services User Data Policy at https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes. Our apps use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use Requirements.

This access is crucial for obtaining your organization's YouTube channel name and ID, as well as for initiating live streams and broadcasts on behalf of your organization. The objective is to display the connected channel in your Subsplash Dashboard and to create syndicated live broadcasts within that channel. If you decide to revoke Subsplash Live's access to your YouTube data, you can manage this through the Google security settings page at https://security.google.com/settings/security/permissions. For any questions or concerns regarding Subsplash Live's privacy practices, please contact Subsplash.

Cookies And Other Technologies

As is standard practice on many corporate websites, our websites use “cookies” and other technologies to help us understand which parts of our websites are the most popular, where our visitors are going, and how much time they spend there. We also use cookies and other technologies to make sure that our online advertising is bringing customers to our products and services. Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.

If, however, you prefer not to enable cookies, you can disable them in your browser. Please note that certain features of our websites and online products will not be available once cookies are disabled. As is true of most websites, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We may also track usage data, such as how frequently you visit our site or use our applications, how many messages you send, and how you engage with our content.

We also use Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website.

Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site.

We also may use other Google Analytics tools, such as Demographics and Interest Reporting, which enable us to learn more about the characteristics and interests of the users who visit our Site, and Remarketing with Google Analytics, which enables us to provide relevant advertising on different websites and online services.

Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across websites you use, visit the Google Analytics Opt-out page at https://tools.google.com/dlpage/gaoptout.

We use this information, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.

In some of our email messages we use a “click-through URL” linked to content on the Subsplash website. When customers click one of these URLs, they pass through our web server before arriving at the destination web page. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked simply avoid clicking text or graphic links in the email. In addition, we use pixel tags — tiny graphic images — to tell us what parts of our website customers have visited or to measure the effectiveness of searches customers perform on our site.

Pixel tags also enable us to send email messages in a format customers can read. And they tell us whether emails have been opened to ensure that we’re sending only messages that are of interest to our customers. We may use this information to reduce or eliminate messages sent to a customer.

How We Protect Your Personal Information

We take precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction. Our websites use Secure Sockets Layer (SSL) encryption on all web pages where personal information is required. To make purchases from the Subsplash online store, or through your Subsplash accounts, you must use an SSL-enabled browser such as Safari, Google, or Internet Explorer. Doing so protects the confidentiality of your personal and credit card information while it’s transmitted over the Internet. You can help us by also taking precautions to protect your personal data when you are on the Internet. Change your passwords often using a combination of letters and numbers, and make sure you use a secure web browser like Safari or Google.

Integrity Of Your Personal Information

We allow you to keep your personal information accurate, complete, and up to date. Naturally, you have the right to access, correct and delete the personal information you have provided, though you may not delete all information if you wish to maintain an account with us and we are required to retain some information with regard to Subsplash Giving transactions and donors. Despite our best efforts, errors sometimes do occur. If you identify any personal information that is out-of-date, incorrect or incomplete, let us know and we will make the corrections promptly and use every reasonable effort to communicate these changes to other parties who may have inadvertently received incorrect or out-of-date personal information from us. In the event that you delete your information, such deletion may make it impossible for us to continue offering you some or all of the services available to you.

We retain personal information only as long as we are required to for our business relationship or as required by Federal or Provincial laws, subject to reasonable industry practices for records retention. We have appropriate procedures in place with respect to the destruction, deletion and disposition of personal information when it is no longer required, subject to applicable law.

Children

We recognize that parents, guardians, or other adults often purchase our products for family use, including use by minors. We do not knowingly collect personal information from children under the age of 13 for marketing purposes, but because some information is collected electronically, it can appear to be the personal information of the purchaser of the product, and will be treated as such by this privacy policy. If a child under the age of 13 submits personal information to us without the consent of their parent or guardian and we learn that that personal information is the information of a child under the age of 13, we will delete the information as soon as possible.

We will never share, sell, rent, or transfer children’s personal information other than as described in this section.

  • We may disclose aggregated information about many of our users which may include aggregated information that does not identify a particular person. In addition, we may disclose children’s personal information:
  • To third parties that the child’s parent or guardian approved through the Services.
  • If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request;
  • If we believe disclosure is necessary or appropriate to protect the rights, property, our safety, our customers or others, including to: (1) protect the safety of a child; (2) protect the safety and security of the Services; or (3) enable us to take precautions against liability; or
  • To law enforcement agencies or for an investigation related to public safety.

At any time, you may review your child’ personal information maintained by us, require us to correct or delete the personal information, and/or refuse to permit us from further collection or using the child’s information.

You can review, change or delete your child’s personal information by: Logging on to your account; or Submitting a request at https://subsplash.com/legal/data-request or by sending us an email at privacy@subsplash.com. To protect your privacy and security, we may require you to take certain steps or provide additional information to verify your identity before we provide any information or make corrections.

Canada Customers

Our policies and practices have been designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the Privacy Act (Canada) and all provincial statutes that regulate the treatment of personal information in the private and public sectors.

Depending on the location of users of the Grace Church Plano, information on the Grace Church Plano including our website may be accessed from outside of Canada or sent to others outside of Canada. Please note that any personal information that is sent outside of Canada may be subject to access by law enforcement and government authorities having jurisdiction in those countries in which the information is located.

If the event that any dispute between you and us regarding your personal information or this policy is not resolved pursuant to the “Dispute Resolution” section below within thirty (30) days, either party may consult the Privacy Commissioner of Canada or a relevant provincial privacy commissioner.

Privacy Policy For Eu Residents

This Section governs personal data, information relating to an identified or identifiable natural person, gathered from data subjects located in the EU only. This Section applies to Grace Church Plano and its developer Subsplash.

General Data Protection Regulation (“Gdpr”) Information

The following information describes our commitments to you under EU General Data Protection Regulation (“GDPR”).

The GDPR makes a distinction between organizations that process personal data for their own purposes (known as "Data Controllers") and organizations that process personal data on behalf of other organizations (known as "Data Processors"). Subsplash only acts as a Data Controller for very limited types of data, such as the information you enter when you register an account with us or the information you submit when purchasing our software. Subsplash is the Data Controller for information provided by our users when we provide our Services. Subsplash is the Data Processor for information provided by our third party partners when they provide us with services, such as our payment partners processing payments on behalf of our users.

When We Act as a Data Controller

When we process your data as a Data Controller, the following applies.

We collect, use, and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • Consent: Our use of your personal data is in accordance with your consent. If we process your personal data based on consent, you will be asked for said consent at or before the time of data collection. You may withdraw your consent at any time, and will not suffer any detriment for withdrawing your consent.
  • Contract: Our use of your personal data is to fulfill a contract between you and us.
  • Legal Obligation: Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal data to a court, or store information due to federal financial regulations); or
  • Legitimate Interest: Our use of your personal data is for a legitimate interest of ours, such as fraud prevention and ensuring our network’s security.

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, EU residents have certain rights in relation to their personal data:

  • Right to Access: You have the right to access your personal data that is being processed; specifically you may request to view your personal data and obtain copies of your personal data.
  • Right to Rectification: You have the right to request modifications to your personal data if it is out of date or inaccurate. In some circumstances, you may be able to exercise this right, in whole or in part, through your existing account with us.
  • Right of Erasure: You have the right to ask that we delete your personal data. However, we are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
  • Right to Restriction of Processing: Under certain circumstances, you have the right to request we restrict processing your personal data You have the right to restrict the use of your personal data. However, we can continue to use your personal data following a request for restriction (a) where we have your consent; (b) to establish, exercise or defend legal claims; or (c) to - protect the rights of another natural or legal person.
  • Right to Data Portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
  • Right to Object: You have the right to object to the processing of your personal data. However, we may still process your personal data if we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
  • Right to Object to Automated Processing: You have the right to object to decisions based on automated processing, such as where a computer assesses factors in the data we collect about you and makes a determination. We do not currently make any decisions based on automated processing.

We retain your personal data for as long as necessary to provide you with our services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.

We ask that you please attempt to resolve any issues regarding your data protection or requests with us first before contacting the relevant supervisory authority. If you would like to exercise any of the rights described above, please send a request to privacy@subsplash.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the requested personal data.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

When We Act as a Data Processor

Where we process your data in our capacity as a Data Processor, the processing of your data will not be governed by the foregoing provisions (“When We Act As Data Controller”), but you can contact the Data Controller directly to learn about their processing of your information and to exercise your rights, or we will forward your request directly to them at your request. Our “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, we will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.

EU-US, Uk Extension To The EU-US, Swiss-Us Data Privacy Framework

Subsplash, Inc. and its subsidiaries comply with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) set forth by the US Department of Commerce. Subsplash as certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the process of personal information received from the European Union and the United Kingdom in reliance on the EU-US DPF and the UK Extension to the EU-US DPF. Subsplash has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in the privacy policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Individuals from whom Subsplash collects personal information under the Data Privacy Framework have the right to access their personal data by contacting Subsplash here or at privacy@subsplash.com.

Subsplash’s compliance with the DPF Principles is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Notice And Choice

When Subsplash collects personal information from individuals, it may share this information with its client organizations or third parties as described above in the Privacy Policy. Individuals should review the privacy policy of the client organization. Individuals will have the choice of signing up for Subsplash services or not. A link to the Subsplash privacy policy will be provided when individuals are first asked to provide personal information when opting in to Subsplash services. In instances in which Subsplash is not the controller or collector of the personal information, but only a processor, it has no means of providing individuals with the choice and means for limiting the use and disclosure of their personal information or providing notices when individuals are first asked to provide personal information to Subsplash. In such instances, Subsplash will comply with the instructions of the controller of such information; provide appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the controller in responding to individuals exercising their rights under the Principles.

In the context of an onward transfer Subsplash has responsibility for the processing of personal information it receives under the EU-US and the UK Extension to the EU-US, and Swiss-US Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. Subsplash shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Disclosures To Third Parties

Subsplash will not make disclosures of personal information to third parties without notifying individuals that such disclosure may be made. In those instances in which Subsplash collects personal information from individuals, prior to disclosing personal information to a third party, Subsplash shall notify the individual of the fact that their information may be disclosed. If individuals do not wish to have their personal information disclosed to any third parties, the individual should not register for such Subsplash services. With regard to Subsplash Giving, donor information will be shared with the Gift Recipient. The Gift Recipient may utilize a third party for purposes of receipt and management of such information and donors should review the privacy policies of Gift Recipient in this regard.

In the case of third parties (e.g., churches) for whom Subsplash gathers personal information, Subsplash shall enter into a contract that provides that such data may only be processed for limited and specified purposes consistent with consent provided and that such third party will provide the same level of protection as is required by the Principles. For third party agent recipients (e.g., payment processors) of personal information, Subsplash shall: transfer only such data for limited and specified purposes; ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles, and; upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing.

Data Security

Subsplash shall take reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Subsplash has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Subsplash cannot guarantee the security of information on or transmitted via the Internet.

Data Integrity

Subsplash shall only process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, Subsplash shall take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use.

Access

In those instances in which Subsplash collects personal information directly from individuals, Subsplash shall allow those individuals access to their personal information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. As noted above, you may not delete all information if you wish to maintain an account with Subsplash and Subsplash is required to retain some information with regard to Subsplash Giving transactions and the applicable users.

Recourse, Enforcement, And Liability

A) Dispute Resolution If you filed a complaint with Subsplash and it has not been properly addressed, JAMS is designated by Subsplash as the independent dispute resolution body to address complaints regarding Subsplash’s collection of personal information and provide appropriate recourse. Such body will not charge the complaining party for its services. You may submit a complaint at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for the above referenced independent dispute resolution body.

B) Binding Arbitration If your claims as to data covered by the EU-US and the UK Extension to the EU-US, and Swiss-US Data Privacy Framework have not been remedied through dispute resolution directly with Subsplash or through independent dispute resolution as described above, such “residual claims” may be heard by a “Data Privacy Framework Panel” composed of one or three arbitrators as agreed upon by the parties. The Panel may only award individual-specific, non-monetary equitable relief (e.g. access, correction, deletion of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual. Damages, costs, fees and other remedies may not be awarded, and each party bears its own attorney’s fees. This arbitration option is only available for an individual to determine for such “residual claims” whether Subsplash has violated its obligations under the Principles as to that individual and whether any such violation remains fully or partially unremedied.

C) GDPR (General Data Protection Regulation) As to personal data collected and controlled by Subsplash, subject to the qualifications and limitations stated in the preceding discussion, EU data subjects retain their full rights to be informed of the purposes of our processing activities at collection; to withdraw consent; to access, rectify, transport, and erase their personal data; to object to processing for direct marketing efforts; and to object when subjected to automated processing decisions. As to personal data collected by third parties, and as to which Subsplash is a mere processor, EU data subjects should contact the controller (e.g., church or ministry) with regard to their rights to be informed of the purposes of our processing activities at collection; to withdraw consent; to access, rectify, transport, and erase their personal data; to object to processing for direct marketing efforts; and to object when subjected to automated processing decisions. Such rights may be subject to certain qualifications and limitations as stated in the discussion of EU-US and the UK Extension to the EU-US, and Swiss-US Data Privacy Framework

Our Data Protection Officers will assist EU residents with these requests free of charge and may be contacted at privacy@subsplash.com.

Subsplash understands that the adoption of global data security practices is not a one-time activity. Subsplash’s “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Subsplash will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.

We do not intentionally collect personal data from, and do not tailor any services to, children. VeraSafe has been appointed as Subsplash's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to the Privacy Officer, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using the contact form at https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd. Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland

Data Privacy For California Residents

This section applies solely to visitors and users of our Site and Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice. For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device ("personal information"). In particular, we have collected the following categories of personal information from California Data Subjects within the last twelve (12) months:

CategoryExampleDo we collect this data?
IdentifiersReal name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiersYes
Characteristics of protected classifications under California or federal lawRace, gender, ethnicity, disability statusNo
Commercial informationRecords of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendenciesYes
Biometric informationFingerprint, facial pattern, voice, typing cadenceYes
Internet or other electronic network activity informationInformation regarding usage of a site, software, or appYes
Geolocation dataPhysical locationYes
Audio, electronic, visual, thermal, olfactory, or similar informationRecordings of a California Data SubjectYes
Professional or employment-related informationPlace of work, current occupation, duration of occupation, position/titleYes
Education InformationInformation that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)No
Inferences drawn from any of the information identified aboveInformation used to create a profile about the California Data Subject reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudesYes

Sources of Personal Information. Subsplash obtains the personal information listed above from the following sources:

SourceExampleDo we receive from this source?
Directly from youFrom forms you complete or orders for products and services you purchase.Yes
Indirectly from youFrom observing your actions on the ServiceYes
Third PartiesWe are provided information by our third party vendors such as:
  • Authentication Partners (who may provide us with personal information regarding users who authenticate with our Services through a third party)
  • Technology Service Providers (who may provide us personal information in the form of usage information, IP addresses, etc. of users of our Site and Services)
  • Payment Partners (who may provide us personal information in order to process payments from users)
  • Advertising Partners (Who may provide information about users viewing our advertisements)
Yes

Use Of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

A) To fulfill the purpose for which you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you create an account on our Grace Church Plano the personal information you provide as part of the account creation process may be visible to other account holders, and we may use that information to verify your identity when you access the account. We may use personal information you provide us to provide technical support. In addition, we may use the above information:

  1. To provide, support, personalize, and develop our websites, products, and/or services;

  2. To create, maintain, customize, and secure your account with us;

  3. To process your requests, purchases, transactions, and payments and prevent transactional fraud;

  4. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;

  5. To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business;

  6. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and

  7. As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

We do not sell your personal information. Subsplash does share personal information with our third party service providers and vendors in order to provide you the Service.

Your Rights And Choices

This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and verify your request, we will disclose to you:

A) The categories of personal information we collected about you;

B) The categories of sources for the personal information we collected about you;

C) Our business or commercial purpose for collecting or selling that personal information;

D) The categories of third parties with whom we share that personal information;

E) The specific pieces of personal information we collected about you (also called a data portability request);

F) If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

a) sales, identifying the personal information categories that each category of recipient purchased; and

b) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

A) Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;

B) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

C) Debug products to identify and repair errors that impair existing intended functionality;

D) Exercise free speech, ensure the right of another California Data Subject to exercise their free speech rights, or exercise another right provided for by law;

E) Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);

F) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;

G) Enable solely internal uses that are reasonably aligned with California Data Subject expectations based on your relationship with us;

H) Comply with a legal obligation; and

I) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable California Data Subject request to us by submitting a request at https://www.subsplash.com/legal/data-request or by sending us an email at privacy@subsplash.com or calling us at (206) 965-8090. Only you or a person registered with the California Secretary of State, that you authorize to act on your behalf, may make a verifiable California Data Subject request related to your personal information. You may also make a verifiable California Data Subject request on behalf of your minor child.

You may only make a verifiable California Data Subject request for access or data portability twice within a twelve (12) month period. The verifiable California Data Subject request must:

A) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and

B) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable California Data Subject request does not require you to create an account with us. We will only use personal information provided in a verifiable California Data Subject request to verify the requestor's identity or authority to make the request.

We aspire to respond to a verifiable California Data Subject request within forty five (45) days of receipt of the request. If we require more time (up to ninety (90) days) we will inform you of the reason(s) why an extension is needed and how long we anticipate the period to be. Any disclosure we provide will only cover the twelve (12) month period preceding the receipt of your request. If applicable, the response may provide the reasons why we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable California Data Subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We reserve the right to refuse to respond to verifiable California Data Subject requests that are excessive, repetitive, or manifestly unfounded.

Right Of Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not take any of the following actions against you in response to an exercise of your rights:

A) Deny you goods or services.

B) Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

C) Provide you a different level or quality of goods or services.

D) Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Do-Not-Track Disclosures

We do not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. Third parties that have content embedded on our websites, software, or mobile applications (e.g. social features) may set cookies on a user’s browser and/or obtain information about the fact that a web browser visited one of our websites from a certain IP address. Third parties cannot collect any other personal identifiable information from our websites unless you provide it to them directly.

Special Information For Nevada Residents

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. We do not sell or rent your contact information to other marketers or any other third party. If you are a Nevada resident and have additional questions please contact us at https://www.subsplash.com/legal/data-request or by email at privacy@subsplash.com.

Specialized Partner Campaigns

From time-to-time, we may work with partner organizations to develop and distribute specialized content. Users who participate in the specialized marketing campaigns by completing our lead form and downloading the applicable content will be subject to the Supplemental Privacy Notice viewable at https://subsplash.com/legal/supplemental-privacy-notice in addition to this Privacy Policy.

Our Company-Wide Commitment To Your Privacy

To make sure your personal information is secure, we communicate these privacy guidelines to our employees and strictly enforce privacy safeguards within the company.

Freedom Of Information Requests

If you are communicating with or making a donation to any organization or institution that is subject to either federal or provincial public sector “freedom of information” or “access to information” legislation, then please note that information concerning your communication and/or donation may disclosed to third parties pursuant to the procedures available under those laws.

Inquiries, Complaints, And Dispute Resolution

If you wish to verify, correct or delete any personal information we have collected, or if you have any questions or concerns, or if you have any complaints, please contact us at https://www.subsplash.com/legal/data-request or by email at privacy@subsplash.com. If there is a dispute between you and Subsplash regarding your personal information or this policy, you agree to use reasonable efforts to resolve such dispute with Subsplash informally and to consult and negotiate with Subsplash in good faith to reach a fair and equitable solution.

Privacy Questions

If you have questions or concerns about Subsplash’s privacy policy, please contact our Privacy Officer. Our Privacy Officer can be contacted at:

Subsplash, Inc. 5473 Blair Rd. Ste 100 PMB 41141 Dallas, TX. 75231-4227 Email:privacy@subsplash.com