Evergiving Global Privacy and Data Protection Policy

Welcome to Evergiving. Your privacy matters to us. This policy explains how we collect, use, store, and share your personal information, and how we keep it safe. It’s written to meet the requirements of global privacy laws, including, for example:

The General Data Protection Regulation (GDPR) and UK GDPR

The Australian Privacy Act 1988 (including the Australian Privacy Principles) The New Zealand Privacy Act 2020 (including the Information Privacy Principles)

Canada’s PIPEDA (Personal Information Protection and Electronic Documents Act)

South Korea’s PIPA (Personal Information Protection Act)

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  1. Who We Are

    We’re Evergiving Pty Ltd, the company responsible for your personal information when you interact with our services. If you have any questions, concerns, or requests, you can reach out to our Data Protection Officer (DPO):

    Email: DPO@evergiving.com

  2. What Personal Information We Collect

    Depending on how you interact with us, we may collect: Your name, email, phone number, and postal address Your payment details and transaction history

    Your browser and device information, IP address, and how you use our website Records of your communication with us

    Any other information you choose to give us

    We only collect what we need, and we try to keep it accurate and up to date.

  3. Why We Collect It and Our Legal Basis for Doing So

    We collect and use your information for a few main reasons:

    To provide you with services or products: This includes processing your donations or purchases, setting up accounts, and delivering customer service. Our legal basis is contractual necessity under GDPR and UK GDPR, APP 6 in Australia, and similar principles in New Zealand, Canada, South Korea, and some US states such as California.

    To communicate with you: If you’ve given us permission, we may send you updates, marketing messages, or event invitations. We only do this with your consent, where required.

    To meet our legal obligations: We keep records for tax, regulatory, and accounting purposes. This is based on our

    legal obligations under applicable laws.

    To improve our services: We use aggregated, non-personal information to understand how people use our site and services. We do this under our legitimate interests, as long as it doesn’t override your rights.

  4. Cookies and Tracking Technologies

    We use cookies to make our website work better and to understand how people use it. We only use non-essential cookies with your consent. You can change your cookie settings at any time in your browser.

  5. How Long We Keep Your Information

    We only keep your personal information for as long as we need it. For example:

    Payment and transaction information is kept for seven years to meet tax laws in places like Australia, the UK, and Canada.

    Website analytics data is deleted or anonymised after two years. Marketing preferences are kept until you withdraw consent.

    We follow the most protective applicable rules when deciding how long to keep data.

  6. Sharing Your Information and International Transfers

    We may share your data with:

    Trusted service providers (like payment processors or email platforms) Legal or regulatory authorities if required

    Some of these third parties are located outside your country, including in the US. We always ensure your data is

    protected when it leaves your country. For example:

    If you’re in the EU or UK, we use Standard Contractual Clauses, or work with providers in countries that offer an

    adequate level of protection.

    In Australia or New Zealand, we make sure recipients handle your data in a way that complies with your rights. In Canada and South Korea, we obtain consent for international transfers when required.

    In the US, where relevant state laws apply (such as the CCPA/CPRA in California), we work to ensure those obligations are also met.

  7. Your Rights

    No matter where you live, you have rights regarding your personal data:

    Access – Ask us what personal data we hold about you

    Correction – Ask us to fix incorrect or outdated information

    Deletion – Ask us to delete your data in certain cases

    Restriction – Ask us to pause use of your data

    Portability – Request your data in a format you can reuse

    Objection – Object to certain uses, like direct marketing

    Withdraw consent – At any time, for anything you previously agreed to

    Residents in California also have specific rights under the CCPA/CPRA, including the right to know, delete, and opt out of data sale or sharing.

    To make a request, email us at DPO@evergiving.com. We’ll usually reply within 30 days (or 90 if your request is complex).

  8. No Automated Decisions

    We don’t use algorithms to make decisions that have legal or significant effects on you.

  9. How We Keep Your Information Safe

    We use strong technical and organisational security measures. These include: Encrypted storage and transfers

    Access controls and authentication

    Staff training and data handling procedures

    We follow the security requirements of all applicable privacy laws, including GDPR Articles 25 and 32, UK GDPR, APP 11, NZ IPP 5, PIPEDA, PIPA, and US state laws such as California’s CPRA.

  10. What Happens if There’s a Data Breach

    If something goes wrong, we have a plan. We’ll:

    Investigate immediately Notify regulators immediately

    Contact you if your rights or freedoms are at risk

    We comply with data breach notification laws across all applicable jurisdictions, including the EU, UK, Australia, New Zealand, Canada, South Korea, and California.

  11. Keeping Records of What We Do

    We maintain an internal record of our data processing activities, including:

    What we collect and why Where it’s stored

    How long we keep it Who we share it with

    What legal basis we rely on

    We’ll share this with regulators if requested.

  12. Questions, Complaints, and How to Reach Out

    If you have a question, or think we haven’t handled your data properly, you can email DPO@evergiving.com. If you’re not satisfied, you can also complain to your local data authority:

    Australia: Office of the Australian Information Commissioner (OAIC)

    New Zealand: Office of the Privacy Commissioner (NZPC)

    UK: Information Commissioner’s Office (ICO)

    EU: Your national supervisory authority

    Canada: Office of the Privacy Commissioner of Canada (OPC)

    South Korea: Personal Information Protection Commission (PIPC)

    California (USA): California Privacy Protection Agency (CPPA)

  13. Changes to This Policy

We review this policy regularly and update it as needed. The most current version is always available on our website.


Thank you for trusting Evergiving with your information. We take your privacy seriously and are committed to protecting it every step of the way.