Privacy Policy
Privacy Policy
March 2022
Privacy; Customer Information
Personal Data We Collect
How We Use Your Personal Data.
How We Disclose and Transfer Your Personal Data.
How We Store Your Personal Data.
How You Can Access, Update, Correct or Delete Your Personal Data.
How Long We Retain Your Personal Data.
Cookies, Pixels Tags, Local Shared Objects, Web Storage and Similar Technologies.
Your Choices.
Exclusions.
Children.
International Privacy Laws.
Changes to This Privacy Policy.
Dispute Resolution.
1.1 Privacy.
All information provided by Users or collected by DSO in connection with the Services is governed by this privacy policy (“Privacy Policy”). All capitalized terms not defined herein shall have the meaning ascribed to them in the Terms of Service. This Privacy Policy sets forth our policy with respect to information that can be associated with or which relates to a person and/or could be used to identify a person (“Personal Data”) that is collected from Users on or through the Services. “Non-Personal Data” as used in this Privacy Policy is therefore any information that does not relate to a person and/or cannot be used to identify a person. We take the privacy of your Personal Data seriously. Because of that, we have created this Privacy Policy. Please read this Privacy Policy as it includes important information regarding your Personal Data and other information. When you interact with the Services, we may also collect Non-Personal Data. The limitations and requirements in this Privacy Policy on our collection, use, disclosure, transfer and storage/retention of Personal Data do not apply to Non-Personal Data.
1.2 Co-Ownership.
DSO follows a “co-ownership model” with respect to User Information (as defined in this Section 1.2). This means that all User Information inputted by a User on brand pages posted by a Client on the Services will be shared with the applicable Client and may also be used by DSO in accordance with our Privacy Policy, including marketing or promotion of other products or services that may be of interest to the applicable User. Note that Payment Data (as defined below) will not be shared with Clients. Each User acknowledges and agrees to this sharing and understands and agrees that each Client is solely responsible for the use of User Information that was provided to such Client through the Services and that DSO is responsible only for its own use of User Information. Each Client represents, warrants and agrees that (a) it will at all times comply with all applicable local, state, provincial, national and other laws, rules and regulations with respect to User Information; (b) it will at all times comply with any applicable policies posted on the Services with respect to User Information; and (c) upon a request of a given User, or as permitted in the Terms of Service, DSO is authorized at its discretion to delete or anonymize User Information of a requesting User from the Services at which time it will no longer be available to Client through the Services or will no longer be linked to an identifiable User through the Services. However, Users should note that User Information may still be available in the Client’s own databases if transmitted prior to DSO receiving the underlying request. For purposes of this Section 1.2, “User Information” means information about a given User made available on or through the Services, including, without limitation, name, address, e-mail address, brand interests, credit card type, last 4 credit card digits and phone numbers, but excluding Payment Data (as defined in Section 1.3 below).
1.3 Payment Data.
DSO will not share with a Client any Payment Data. “Payment Data” means any full credit card number or other full payment account number and the related expiration date and security code entered by a User on the Services in order to purchase a site offering or registration, make a donation or purchase merchandise or other product, so long as such information is entered in the payment fields on the site’s payment page. Note that if a User enters such information in other areas of the Services or otherwise provides it to another User, it may not be encrypted, so Users should enter such information only on the designated payment page.
When you use or interact with us through the Services, we may collect Personal Data, as further described below:
2.1 All Users.
For all Users we collect Personal Data when you voluntarily provide such information, such as when you register for access to the Services, contact us with inquiries, respond to one of our surveys or browse or use certain parts of the Services. The Personal Data we may collect includes without limitation your name and email address, and other information that enables Users to be personally identified. We also automatically collect certain technical data that is sent to us from the computer, mobile device and/or browser through which you access the Services (“Automatic Data”). Automatic Data, includes without limitation, a unique identifier associated with your access device and/or browser (including, for example, your internet protocol (IP) address) characteristics about your access device and/or browser, statistics on your activities on the Services, information about how you came to the Services and data collected through cookies, pixel tags, local shared objects, web storage and other similar technologies. You can find out more information about how we use cookies and other similar tracking technologies in our Cookies Policy in Section 8. When you register for the Services or otherwise submit Personal Data to us, we may associate other Non-Personal Data (including Non-Personal Data we collect from third parties) with your Personal Data. At such instance, we will treat any such combined data as Personal Data until such time as it can no longer be associated with you or used to identify you.
2.2 Clients.
As a Client we will collect additional Personal Data from you. We will not collect payment processing information, as those payments are processed by a third party provider and are thus subject to the terms of that party’s financial information terms and conditions, which can be viewed here: https://stripe.com/legal. We may also collect or receive Personal Data from third party sources, such as third-party websites, your bank, our payment processing partners and credit reporting agencies.
2.3 Users.
As a User we will collect additional Personal Data from you. However, we will not collect payment processing information, as those payments are processed by a third party provider and are thus subject to the terms of that party’s financial information terms and conditions, which can be viewed here: https://stripe.com/legal. In addition, Clients can set up brand registration pages to collect virtually any information from Users in connection with registration for a Client’s brand listed on the Services. If a User voluntarily provides that information in connection with registration for a brand or otherwise, it will be available to us should we request it, and it may be held by us in accordance with this Privacy Policy. In addition, such information will be delivered to the Client of the applicable brand in accordance with “How We Disclose and Transfer Your Personal Data: Clients” in Section 4.5 below. We may also collect or receive Personal Data from third party sources, such as Clients, other Users, social media or other third-party integrations, your credit card issuing bank, our payment processing partners or other third parties.
We collect and use the Personal Data we collect in a manner that is consistent with this Privacy Policy. We may use the Personal Data as follows:
3.1 Specific Reason.
If you provide Personal Data for a certain purpose, we may use the Personal Data in connection with the purpose for which it was provided. For instance, if you contact us by e-mail, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came.
3.2 Access and Use.
If you provide Personal Data in order to obtain access to or use of the Services or any functionality thereof, we will use your Personal Data to provide you with access to or use of the Services or functionality and to monitor your use of such Services or functionality. For instance, if you supply Personal Data relating to your identity or qualifications to use certain portions of the Services, we will use that information to make a decision as to granting you access to use such Services and to monitor your ongoing qualification to use such Services.
3.3 Internal Business Purposes.
We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Services, to better understand our Users, to improve the Services, to protect against, identify or address wrongdoing, to enforce our Terms of Service, to manage your account and provide you with customer service, and to generally manage the Services and our business.
3.4 Marketing.
Where it is in accordance with your marketing preferences, we may use your Personal Data to contact you in the future for our marketing and advertising purposes, including without limitation, to inform you about services or brands we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Services that we believe might be of interest to you. In particular, Clients should note that we may use information we receive or collect regarding Users (including without limitation via a Client’s brand registration page) in accordance with the terms of this Privacy Policy, including in the manner set forth above.
3.5 Client Emails.
We allow Clients to use our email and messaging tools to contact Users for their current and past brands, so you may receive emails from our system that originate with such Clients. If you have registered for a brand on the Services, your email is available to that Client. However, Clients may also import the emails they have from external sources and send communications through the Services to those emails and we will deliver those communications to those emails. See “Opt Out from Electronic Communications” in Section 9.2 below on how to opt out of these communications.
3.6 Other Purposes.
If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time the Personal Data is collected, or we will obtain your consent subsequent to such collection but prior to such use.
4.1 No-Sale.
There are certain circumstances in which we may disclose, transfer or share your Personal Data with certain third parties without further notice to you, as set forth below.
4.2 Business Transfers.
As we develop our business, we might sell or buy businesses or assets. In the brand of a corporate sale, merger, reorganization, dissolution or similar brand, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of all or a portion of DSO (or its business or assets) will continue to have the right to use your Personal Data and other information in a manner consistent with the terms of this Privacy Policy.
4.3 Parent Companies, Subsidiaries and Affiliates.
We may also share or transfer your Personal Data with or to our parent companies, subsidiaries and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies, subsidiaries and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.
4.4 Agents, Consultants and Service Providers.
We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of DSO to perform certain business-related functions. These companies include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions.
4.5 Clients.
When you purchase from, register for or donate to a brand through the brand page, or through a related fundraising page on the Services, we provide the Personal Data entered on the applicable brand or related fundraising page to the Clients of such brand or related fundraising page. For fundraising pages, we may provide your Personal Data both to the Client charity of the fundraising page and the Client of the brand to which the fundraising page is linked. In some instances, a Client may appoint a third party, which may or may not be affiliated with the Client, to create an brand or fundraising page on its behalf (we call these third parties “Third-Party Clients”). For example, and without limitation, a concert venue (the Client, in this case) may allow third-party promoters or production companies (the Third-Party Clients) to create brands that will be hosted at the Client's venue using its DSO account. In that case, we may provide your Personal Data associated with the brand to both to the Client, and its appointed Third-Party Client that created the brand or fundraising page. You agree that we are not responsible for the actions of these Clients, or their Third-Party Clients, with respect to your Personal Data. It is important that you review the applicable policies of the Clients, and if applicable and available, their appointed Third-Party Clients, of an brand (and the related fundraising page, if applicable) before providing Personal Data or other information in connection with that brand or related fundraising page.
4.6 Legal Requirements.
We may disclose your Personal Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) or investigate possible wrongdoing in connection with the Services, (d) act in urgent circumstances to protect the personal safety of Users of the Services or the public, or (e) protect against legal liability.
We may store Personal Data itself or such information may be stored by third parties to whom we have transferred it in accordance with this Privacy Policy. We take what we believe to be reasonable steps to protect the Personal Data collected via the Services from loss, misuse, unauthorized use, access, inadvertent disclosure, alteration and destruction. However, no network, server, database or Internet or e-mail transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us electronically. Please keep this in mind when disclosing any Personal Data.
You can request access to some of your Personal Data being stored by us. You can also ask us to correct, update or delete any inaccurate Personal Data that we process about them. If you are a registered User, you can exercise these rights by logging in and visiting your account and settings page. Both registered and unregistered Users may also exercise these rights by contacting us directly by email at [email protected] or at the address specified in Section 14 below. We will consider and respond to all requests in accordance with applicable law.
We may retain your Personal Data as long as you are registered to use the Services. You may close your account by contacting us or closing your account on the platform. However, we may retain Personal Data for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.
8.1 Like any other website, DSO uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.
For more general information on cookies, please read Cookies article from the Privacy Policy Generator.
You have several choices available when it comes to your Personal Data:
9.1 Limit the Personal Data You Provide.
You can browse the Services without providing any Personal Data (other than Automatic Data to the extent it is considered Personal Data under applicable laws) or limiting the Personal Data you provide. If you choose not to provide any Personal Data or limit the Personal Data you provide, you may not be able to use certain functionality of the Services. For instance, in order to open an account, or earn or spend rewards, your name and email address will be required.
9.2 Opt Out from Electronic Communications
9.2.1 DSO Marketing Communications
DSO may send you electronic communications marketing or advertising the Services themselves or brands on the Services, to the extent you have registered for the Services or purchased a ticket and/or registration to a brand listed on the Services. You can also “opt out” of receiving these electronic communications by clicking on the “Unsubscribe” link at the bottom of any such electronic communication. In addition, you may also manage your email preferences at any time by logging in (or signing up and then logging in), clicking on “Account” and then “Email Preferences.”
9.2.2 Client Initiated Communications.
Clients may use our email tools to send electronic communications to those on their email subscription lists, including Users who have registered for their brands on the Services in the past. Although these electronic communications are sent through our system, DSO does not determine the content or the recipients of these electronic communications. Clients are required to use our email tools only in accordance with all applicable laws. DSO provides an “Unsubscribe” link on each of these emails, which allows recipients to “opt out” of electronic communications from the particular Client.
9.2.3 Social Notifications.
If you connect your Facebook account or sign up for other social media integrations whose product features include social notifications (i.e., updates on what your friends are doing on the Services), you will receive these social notifications. You can manage these social notifications by toggling your social settings to private or disconnecting such integration.
9.2.4 Transactional or Responsive Communications.
Certain electronic communications from DSO are responsive to your requests. For instance, if you are a User, we must email you your ticket or registration when you purchase such ticket or registration. As a further example, if you email our customer support department, we will return your email. Notwithstanding any unsubscribe election that you have made, you will still receive these emails. You can stop receiving these types of emails only by contacting us. By electing to stop receiving all electronic communications from us or through our system you will no longer receive any updates on brands you have created (including pay-out issues) or on brands you are registered for rewards (including emails). We do not recommend that you do this unless you plan to no longer use the Services, are not currently registered for an brand, are not currently organizing an brand and will have no need to receive further communications from us or through our system.
9.2.5 Opt-Out Options for Third-Party Online Behavioral or Interest-Based Advertising on Websites (including Mobile Websites).
Some of the third parties that collect information from or about you on the Services in order to provide more relevant advertising to you on websites participate in the DAA Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more and to make choices about the use of your information for online behavioral advertising on websites, please see aboutads.info/choices. Please note that if you opt out of online behavioral advertising using this method, this opt-out will only apply to the specific browser or device from which you opt out.
9.2.6 Retention.
The time periods for which we retain your Personal Data will depend on the purposes for which we use it. We will retain your Personal Data for so long as is necessary to provide the Services to you, unless applicable law requires we either dispose of it or keep it longer. We may also continue to store your Personal Data to allow us to resolve disputes, enforce our agreements, comply with legal obligations and/or for other legally permissible purposes consistent with this Privacy Policy. It may take up to forty-eight (48) hours for us to process an unsubscribe request. Even after you opt out of all electronic communications, we will retain your Personal Data in accordance with this Privacy Policy, however, we will no longer use it to contact you. However, Clients who have received your Personal Data in accordance with this Privacy Policy may still use that Personal Data to contact you in accordance with their own privacy policies, but they may not use our system to do so.
9.3 Do Not Track.
We currently do not participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your Personal Data.
10.1 Personal Data Provided to Others.
This Privacy Policy does not apply to any Personal Data that you provide to another User or visitor through the Services or through any other means, including to Clients on brand pages or information posted by you to any public areas of the Services.
10.2 Third-Party Links.
This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by us (the “Third-Party Sites”). The policies and procedures we described here do not apply to the Third-Party Sites. The links from the Services do not imply that we endorse or have reviewed the Third-Party Sites. We suggest contacting those sites directly for information on their privacy policies.
10.3 Aggregated Personal Data.
In an ongoing effort to better understand and serve the users of the Services, we often conduct research on our customer demographics, interests and behavior based on Personal Data and other information that we have collected. This research may be compiled and analyzed on an aggregate basis and this aggregate information does not identify you personally and we therefore consider and treat this data as Non-Personal Data.
We do not knowingly collect Personal Data from children under the age of eighteen (18). If you are under the age of eighteen (18), please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the Services without their permission. If you have reason to believe that a child under the age of eighteen (18) has provided Personal Data to us through the Services, please email us at [email protected], and we will endeavor to delete that information from our databases.
If you are visiting the Services from outside the United States, please be aware that you are sending information (including Personal Data) to the United States where our servers are located. That information may then be transferred within the United States or back out of the United States to other countries outside of your country of residence, depending on the type of information and how it is stored by us. These countries (including the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your Personal Data will at all times continue to be governed by this Privacy Policy. For Personal Data we receive from the EEA, DSO, Inc has certified its compliance to the EU-US Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union countries. We have certified that we adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity & Purpose Limitation, Access and Recourse, Enforcement & Liability (“Privacy Shield Principles”) when processing Personal Data from the EEA in the United States.
The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right, in our sole discretion, to update or modify this Privacy Policy at any time (collectively, “Modifications”). Modifications to this Privacy Policy will be posted to the Site with a change to the “Updated” date at the top of this Privacy Policy. In certain circumstances DSO may, but need not, provide you with additional notice of such Modifications, such as via email or with in-Service notifications. Modifications will be effective thirty (30) days following the “Updated” date or such other date as communicated in any other notice to you. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was updated on the date indicated above. Your continued use of the Services following the effectiveness of any Modifications to this Privacy Policy constitutes acceptance of those Modifications. If any Modification to this Privacy Policy is not acceptable to you, you should cease accessing, browsing and otherwise using the Services.
If you have a complaint about DSO’s privacy practices you should write to us at:
DSO
Attn: Privacy Officer via email to [email protected]. We will take reasonable steps to work with you to attempt to resolve your complaint. Residents of the EEA who believe that their information has not been processed in compliance with the Privacy Shield Principles may raise their complaints in a number of ways as provided and explained in more detail at https://www.privacyshield.gov/welcome.
