ROI Solutions Privacy Policy

Effective: May 1, 2023

ROI Solutions, a provider of technology to non-profits, (referred to in this policy as “ROI Solutions” or “we” or “our”) is committed to maintaining the trust of our clients and their constituents. Please read this policy (the “Privacy Policy”) carefully to learn more about ROI Solutions’ privacy practices and policies with respect to Client Data (defined below) that is collected and used through the Revolution CRM application (the “App”), or administrative interface (collectively, the “CRM Service”). This Privacy Policy applies to “Personal Data,” which is Client Data that is associated with an identified or identifiable natural person and is protected as personal data or personal information under applicable data protection law. 

 

1. ROI Solutions is a Data Processor/Service Provider for its Clients

ROI Solutions’ clients, and not ROI Solutions, determine how and why Personal Data submitted to the CRM Service is used, either by or at the direction of such clients. With respect to such Personal Data, (1) ROI Solutions is a data processor (“Data Processor”) under the EU General Data Protection Regulation (“GDPR”) and a “Service Provider” under the California Consumer Privacy Act (“CCPA”), and (2) ROI Solutions’ clients are the controllers under GDPR (“Data Controller”) and businesses (“Business”) under the CCPA. This Privacy Policy describes how ROI Solutions processes Personal Data as a Data Processor for the purpose of providing the CRM Service to our clients pursuant to the applicable data processing terms with those clients.

As Data Controllers, ROI Solutions’ clients are responsible for disclosing the rights of individuals (“Data Subjects”) with respect to their Personal Data and other information regarding the collection and use of that Personal Data, in accordance with the GDPR, CCPA, and other laws requiring such disclosures. 

 

2. Scope of this Privacy Policy

This Privacy Policy covers the processing of Personal Data that ROI Solutions performs as a Data Processor for and on behalf of its clients. Insofar as it acts as a Data Controller, ROI Solutions processes personal data in accordance with the Website Privacy Policy. 

 

3. Personal Data Processed Under this Policy

ROI Solutions acts as a Data Processor with respect to any Personal Data comprised in the Client Data. By “Client Data” we mean the content or information which is submitted to the CRM Service through constituents’ engagement with a client. 

 

4. Use of Your Personal Data

ROI Solutions uses the Personal Data to provide the CRM Service to our clients pursuant to the applicable data processing terms with those clients. This will include integration of the CRM Service with the other providers, sub processors or service providers, in order to provide the CRM service. 

 

5. Disclosing Your Personal Data

ROI Solutions does not disclose your Personal Data to third parties except where permitted or requested by our applicable client to deliver the CRM Service, or where required by law. 

No Sale of Personal Data ROI Solutions does not sell, rent or lease your Personal Data.

Service Providers ROI Solutions may disclose your Personal Data to our contracted service providers so that they can provide ROI Solutions with services, such as IT, system administration and hosting, data enrichment, and client support.

ROI Solutions will, to the extent required by law and the applicable client contract, obtain assurances before disclosing Personal Data to a subcontractor or third-party agent that the recipient will: (a) use the Personal Data only to assist ROI Solutions in providing, maintaining or improving the CRM Service, (b) provide at least the same level of protection for Personal Data as is required of ROI Solutions, and (c) notify ROI Solutions if the recipient is no longer able to provide the required protections. Upon notice, ROI Solutions will act promptly to endeavor to stop and remediate any unauthorized processing of Personal Data by the recipient. ROI Solutions will remain liable for onward transfers to its subcontractors and third-party agents.

Please contact us via the information provided in the contact us section of this document for the most current list of the sub processors that support the CRM Service. 

 

6. Security of Your Personal Data

As specified in the data processing terms with the applicable Data Controller, ROI Solutions takes reasonable and appropriate measures to protect your Personal Data from loss, misuse, and inappropriate access. We use standard, industry-wide practices such as firewalls, encryption of Client Data at rest and in transit, and (in certain areas) Transport Layer Security (“TLS”) to protect your information. However, as effective as encryption technology is, no security system is impenetrable. ROI Solutions cannot guarantee the security of our databases, nor can we guarantee that information you supply won’t be intercepted while being transmitted to ROI Solutions over the Internet.

 

7. Data Retention

Storage periods depend on the data processing terms with our clients and their choices, type of Personal Data, purposes of its collection and processing, and applicable law.

 

8. Children

ROI Solutions does not direct the CRM Service and associated website at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us via one of the methods in the contact us section of this document.

 

9. Additional Disclosures for California Residents 

This section provides additional details about the personal information ROI Solutions collects and receives about California consumers and the rights afforded to such consumers under the California Consumer Privacy Act or “CCPA.” 

With respect to the CRM Service, under the CCPA ROI Solutions is qualified as a Service Provider. ROI Solutions’ clients are responsible for responding to requests and disclosing the rights of individuals with respect to their Personal Data and other information regarding the collection and use of that Personal Data.  You can obtain information about the applicable rights and how to exercise them from the relevant client that is the Business responsible for your Personal Data. 

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information being collected (including how the information is used and disclosed), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

Access Within the scope of our authorization to do so, ROI Solutions will work with its clients to support them in providing access to the Personal Data that ROI Solutions holds on their behalf. 

Corrections ROI Solutions will take reasonable steps to enable individuals, in connection with its clients, to correct, amend, or delete Personal Data that is demonstrated to be inaccurate.

If you have further questions about the collection, retention, and use of your Personal Data, about your choices and rights regarding such collection, retention, and use, or wish to exercise your rights under the CCPA, you should contact the ROI Solutions client that is responsible for your Personal Data. We will forward any such communications we receive to our client, provide you with contact information for the client, and work with the client to address your questions and/or facilitate your choices and rights as appropriate.

 

10. Data Subjects in the EU and UK

Rights and requests

Data subjects in the EU and United Kingdom may have certain rights regarding the processing of their Personal Data. You can obtain information about the applicable rights and how to exercise them from the relevant client that is the Data Controller of your Personal Data. 

Access Within the scope of our authorization to do so, ROI Solutions will work with its clients, the Data Controllers, to support them in providing their Data Subjects access to their Personal Data that ROI Solutions holds on behalf of its clients. 

Corrections ROI Solutions will take reasonable steps to enable individuals, in connection with its clients, to correct, amend, or delete Personal Data that is demonstrated to be inaccurate.

Questions and Other Requests If you have further questions about the collection, retention and use of your Personal Data, about your choices and rights regarding such collection, retention and use, or wish to exercise your rights under applicable law, you should contact the ROI Solutions client that is the Data Controller of your Personal Data (this may be your employer). We will forward any such communications to our client, provide you with contact information for the client, and work with the client to address your questions and/or facilitate your choices and rights as appropriate.

If you have questions about our role as a Data Processor, you can submit your questions or request using the information in the contact us section of this document. 

Complaints ROI Solutions may be able to assist you in resolving any complaints about the collection or use of your Personal Data. We will forward your complaint to the relevant client, which is the Data Controller of that Personal Data. You may wish to reach out to the Data Controller before contacting ROI Solutions, as the Data Controller will be in the best position to resolve your issue.

 

11. International Data Transfers

European Union Model Clauses ROI Solutions offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our clients that operate in the European Union and the United Kingdom, and other international transfers of personal data. To request a copy of our standard data processing addendum, incorporating Model Clauses, please contact us by using the details available in the contact us section.