Last Updated: August 1, 2023
The Sites are not intended for children under 13, and we do not generally or knowingly collect information relating to children under 13 through the Sites. For more information, see the "Information about Children" section below.
If you are a Colorado resident, please see section 9, "Additional Information for Colorado Residents" for important information for you.
2. Information We Collect
The sources and types of Personal Information we collect may vary depending upon our relationship with you. For example, we may collect information from or about the following categories of individuals:
- Individuals who visit or otherwise interact with our Sites or request or sign up to subscribe to receive information or materials from us ("Visitors").
- Individuals who register for an account ("Users").
- Individuals who make a donation to us, including directly through the Sites or through a partner organization ("Donors").
- Individuals who volunteer with our organization ("Volunteers").
Categories of Personal Information.
We may collect the following categories of Personal Information:
|Categories of Personal Information
|Identifiers, contact, and demographic information
|Name; mailing address; email address; telephone number; organization; job title or occupation; device ID; age; username and password.
|Donation history, including recency, frequency, and amount of donations; your connection to the charity; your participation in charity events and campaigns, including giving patterns.
|Internet or similar network activity
|Browsing history; clickstream data; browser and operating system type; navigation paths; data/time stamps; cookie identifiers; domain names; access times and referring website addresses; and other information about device characteristics and how you interact with our Sites or our services.
|Geolocation; IP address.
|Professional or employment-related information
|Occupation; job title and description; organization address; and/or other information related to your organization and/or your employment.
|Inferences we may infer from other Personal Information we have collected, which may include preferences and characteristics (for example, about Donors based upon such criteria as timing and history of donations). We do not use information we collect to derive inferences or conclusions about individual's mental or physical health.
|Special category personal information
|Health information, including information related to cleft conditions and/or your connection to an individual with cleft, if applicable.
Additional Information on Special Categories of Personal Information. As Smile Train is cleft-focused organization, with a model of supporting surgery and other forms of essential care for individuals with cleft conditions, we may collect special categories of personal information, such as health information, including information related to cleft conditions. We will generally only collect this information where we have your explicit consent, unless we are permitted to do so in other circumstances under applicable law. We also may make a record that a person is in a vulnerable circumstance in order to comply with requirements under charity law and the Code of Fundraising Practice to ensure that we do not send fundraising communications to them. If you are a Colorado resident, section 9, "Additional Information for Colorado Residents" contains important information for you about our collection, use, and disclosure of sensitive data under Colorado law.
3. Sources Of Information And Purposes Of Collect And Processing
The following is intended to describe the various sources through which we may collect Personal Information and the purposes for which we collect and process it. As noted above, the sources and types of Personal Information and our purposes may vary depending upon our relationship with you:
|Sources of Personal Information
|Categories of Personal Information from Source
|Purposes of Collection and Use
|Communications and Interactions with Us and Participation in our Events and Programs
We may collect Personal Information from you when you interact with the Sites or services, register for an account, sign up for or participate in our events, conferences, or programs, submit inquiries or request information from us, complete quizzes or surveys, contact our support hotlines, or otherwise contact or communicate with us.
|Agreements, Forms, and Applications
We may collect Personal Information from you or your authorized representatives in connection with entering into an agreement with you or through other forms or agreements. We may also collect Personal Information when you submit applications to us, such as for our scholarship, schools, and partner programs.
|Requests Regarding Our Partner Programs
|Account Administration and Transactions
We may collect Personal Information from you and from records we create in connection with administering your account or when you complete transactions.
|Social Media, Online Forums, and Advertisements
We may collect Personal Information from third-party social media platforms and sites, when you engage with our social media pages, online communities and forums, and when you mention us on your own or other social media pages, online communities, or forums, or when you interact with advertisements related to our services. Please note that online forums may be publicly accessible and other users may view information you post in the forums. We encourage you to exercise care in deciding what information and content you wish to disclose on the areas of the Sites that are accessible to the general public.
|From Our Affiliates
We may collect Personal Information from our subsidiaries, affiliates, and other companies under our common control or within our corporate family (collectively, "Affiliates").
|From Partner Organizations and Service Providers
We may collect Personal Information from our partner organizations and service providers, or other third parties who are authorized to act on our behalf.
|When You Make a Donation
We may collect Personal Information from Donors when you make a donation or you otherwise contact or communicate with us in connection with our donation program.
|Publicly available Sources
We may collect Personal Information from publicly available sources.
4. How We May Disclose Information
|Categories of Third Parties with Whom We May Share Personal Information
|Categories of Personal Information We May Share
|Technical and Operational Service Providers and Partner Organizations
We may engage third parties to perform certain functions on our behalf. To do so, we may disclose Personal Information to our third-party partners and service providers in order to maintain and operate the Sites and to provide, improve, and personalize the services, including to fulfill requests for the services, process donations and payment transactions, to administer your account, and for other technical and processing functions, such as sending e-mails on our behalf, administering transactions, and technical support. We may also share Personal Information with service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal or fraudulent activity or other threats and for legal compliance purposes or pursuant to legal process.
|Marketing, Advertising, and Analytics Providers for Our Direct Marketing Purposes
We may share Personal Information with third-party providers, including social media providers, for marketing, advertising, and analytics purposes. For additional information regarding our advertising practices, please see the Advertising and Social Media section.
|Third-Party Marketing Purposes (Non-UK Donors)
|Government Entities and Legal Compliance
We may share Personal Information with government entities and agencies, regulators, law enforcement, and other third parties, including to comply with any court order, law, or legal process or to respond to a subpoena, search warrant, or government or regulatory request; for fraud- or crime-prevention purposes; to enforce agreements and to assert and defend against legal claims; and to establish, protect, and/or defend the rights of our organization or the rights or safety of third parties.
|Professional Service Firms
We may share Personal Information with professional service firms in connection with our legal and regulatory obligations and to establish or exercise our rights and defend against claims, including, for example, auditors, law firms, and consultants.
5. Advertising and Social Media
Opt-outs for interest-based advertising require that strictly necessary cookies are not blocked by the settings in your web browser. To learn more about this type of advertising and how to opt-out of this form of advertising, you may either visit optout.aboutads.info to opt-out of sites and services participating in the Digital Advertising Alliance ("DAA") self-regulatory program, or visit optout.networkadvertising.org to opt-out of this form of advertising by members of the Network Advertising Initiative ("NAI"). If you live in the United States, Canada, or the European Union, you can visit Ad Choices (U.S.), Your Ad Choices (Canada), or our Online ChoicesY (EU) to opt-out of interest-based advertising with participating entities for each region. These websites also provide detailed information about how interest-based advertising works.
Opting out does not mean that you will no longer receive advertising from us, or when you use the Internet. It just means that the data collected from our Sites will not be used for interest-based advertising and that the advertising you see displayed on websites will not be customized to your interests. Note that electing to opt-out will not stop advertising from appearing in your browser or applications, although it may make the ads you see less relevant to your interests.
Your choice to opt out on a particular browser or mobile device will apply only to the collection and use of information from that particular browser or mobile device. Opting out on a particular device will not opt you out of information collection on other devices (including mobile devices), nor will it limit cross-device sharing on those other devices. Similarly, opting out on a particular browser will not opt you out of information collection on other browsers. (This opt-out works through cookies set on a particular browser, so if you delete cookies from a web browser, or use a different browser, you will need to opt out again.) If you use different browsers on a device or multiple mobile devices, for each browser and device you wish to opt out, please opt out each device and browser separately at optout.aboutad.info and at optout.networkadvertising.org.
Profiling and Donor Prospect Research
We may analyze your Personal Information and create a profile of your interests and preferences as part of our fundraising activities. This allows us to ensure communications are relevant and timely, and provide an improved experience for our supporters. It also helps us, for example, understand the background of our supporters and prospective supporters so that we can make appropriate requests to those who may be willing and able to give more than they already do, enabling us to raise funds sooner and more cost-effectively.
When building such a profile, we may make use of additional information about you, including geo-demographic information. This information may be collected from third parties or publicly-available sources, for example from public registers, such as listed Directorships and trusteeships on the Companies House and Charity Commission registers, typical earnings and house prices in a geographical area, information from the electoral roll, press reports, and social media posts. The type of information we collect may include a career overview, gift capacity, and measures of affluence, areas of interest, and history of giving to charities/public information on any philanthropic activities.
We may also engage specialist prospect research and wealth-screening agencies to assist with our profiling activities. This includes screening our supporter database against the agency's demographic database in order to assess (based on estimated levels of wealth), whether our existing supporters may have the capacity and propensity to provide greater financial or other support to our organization. This activity enables us, for example, to better communicate and engage with supporters.
Social Media Tools
We may use Personal Information to participate in Facebook's Custom Audience and Lookalike Audience programs, which enable us to display advertisements to both existing and potential supporters when they visit Facebook (and/or Instagram, which is also operated by Facebook). We choose to use Facebook Audience tools as a means to reach our current supporters and new supporters in order to pursue fundraising in a more cost-effective way. We may provide your Personal Information, including (currently) your email address, name, phone number and postal address to Facebook so that it can determine whether you are a registered account holder with them. Our advertisements may then appear when you access their platforms.
Do-Not-Track is a public-private initiative that has developed a "flag" or signal that an Internet user may activate in the user's browser software to notify websites that the user does not wish to be "tracked" by third-parties as defined by the initiative. Please note that the Sites do not alter its behavior or use practices when we receive a Do Not Track signal from your browser.
6. Information About Children
Due to the nature of our Services, we may collect or receive Personal Information about children in order to provide the services. We do not knowingly collect information directly from children under 13 years old without the consent of the minor's parent, legal guardian, or authorize representative, except as permitted or required by law or for safety and security purposes. If you become aware that a child under 13 years old has provided us with Personal Information without appropriate consent, please contact us using the information in the "How to Contact Us" section. If we become aware that a child under 13 years old has provided us with Personal Information without appropriate consent, we will take steps to remove the data as permitted by law.
7. Your Rights Regarding Personal Information
This section describes some rights you may have with respect to your Personal Information as well as how to exercise those rights. If you are a California or Colorado resident, you should also read section 8, "Additional Information for California Residents" or section 9, "Additional Information for Colorado Residents," as those sections contain relevant information for you. Subject to applicable law, you may have the right to request confirmation from us as to whether or not we are processing your Personal Information. Where we are processing your Personal Information, subject to applicable law, you may also have the following rights regarding your Personal Information:
- Request access to, modification of, or correction of your Personal Information. You may have the right to request access to, modification of, or correction of your Personal Information. If you believe our records are inaccurate, you may have the right to ask for those records concerning you to be updated. If you have registered for an account, you can also make changes to your Personal Information within your account settings.
- Request deletion of your Personal Information. You may have the right to request that we delete the Personal Information that we have collected about you.
- Request restriction of processing. You may have the right to request that we restrict processing of your Personal Information in certain circumstances, such as where you believe that the Personal Information we hold about you is inaccurate or our processing is unlawful.
- Data portability. In certain circumstances, you may have the right to receive the Personal Information concerning you that you provided to us or to request that we transmit your Personal Information to another data controller.
- Lodge a Complaint. If you have concerns regarding our processing of your Personal Information, we encourage you to contact us using the details below. You also have the right to lodge a complaint with a supervisory authority. If you are located in the EEA, you may locate the supervisory authority in your country here and if are you in the UK, your supervisory authority is the ICO. We always appreciate the opportunity to discuss complaints with you before you feel it is necessary to approach a supervisory authority.
Depending on where you live, you may be entitled by law to exercise some or all of the rights described above. If you are not entitled to these rights under applicable law, we may offer to you voluntarily and at our discretion, and we reserve the right to limit or revoke any such rights at any time, as may be permitted by applicable law.
As permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion. We will respond to authorized and verified requests as soon as practicable and as required by law. To protect your privacy and security, we may take steps to verify your identity in order to respond to your request. The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. These rights are also subject to various exclusions and exceptions under the law. Under certain circumstances, we may be unable to implement your request, pursuant to applicable law. We will advise you of any reason for denying or restricting a request to the extent permitted by law.
8. Additional Information For California Residents
Under Section 1798.83 of the California Civil Code (California's "Shine the Light" law), residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Information the business shares with third parties for those third parties' direct marketing purposes, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at firstname.lastname@example.org with "Request for California Shine the Light Information" on the subject line and in the body of your message. Be sure to provide in the request sufficient information to properly identify you and/or the members of your family.
We are not subject to the California Consumer Privacy Act because that law applies only to for-profit entities, and we are a 501(c)(3) nonprofit.
9. Additional Information For Colorado Residents
Your rights under the Colorado Privacy Act
First, a Colorado resident may opt out of processing their Personal Information for purposes of targeted advertising, the sale of their Personal Information, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that Colorado resident.
Second, a Colorado resident has the right to confirm whether we are processing Personal Information concerning them and to access their Personal Information. As part of a request for access, the Colorado resident may also request to receive their Personal Information in a portable and, if technically feasible, readily usable format.
Third, a Colorado resident may have the right to correct inaccuracies in their Personal Information we hold.
Fourth, a Colorado resident may have the right to request we delete Personal Information concerning them.
Please understand that we do not engage in profiling activities that produce legal or similarly significant effects. Although we may engage in processing for purposes of targeted advertising, we do so only with respect to Personal Information we collect from or about Colorado residents in their capacity as a Visitor. If a Colorado resident is also a Volunteer, for example, we do not process the information we collect from or about the Colorado resident in their capacity as a Volunteer for purposes of targeted advertising. Similarly, we may sell or rent our mailing list of Donors to other non-profit entities. We do not otherwise sell Personal Information of Colorado residents.
To exercise your rights, please fill in our online webform or email us at email@example.com. If you email us, please put in the subject line of your email the right you are seeking to invoke: "Right to Opt-Out," "Right to Access," "Right to Correct," or "Right to Delete."
You may submit multiple requests at once through our webform or in an email. There is no cost for submitting your first request; if you submit multiple requests in a twelve-month period, we may charge you a fee for answering your request. We are permitted to use commercially reasonable efforts to authenticate you are who you say you are, and if you are submitting the requesting on behalf of another, that you have the authority to do so. So we may need to ask you to provide additional information, in light of the rights exercised, the type, sensitivity, value, or volume of Personal Information, the level of possible harm if we improperly grant the request, and the cost to us. If we cannot authenticate you or your authority, we will deny the request.
If you submit a request, we will tell you what the result is for your request (including, if you submit a Right to Access, your Personal Information) without undue delay and within 45 days after we receive your request. We may extend that deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why.
The Colorado Privacy Act includes exceptions for Personal Information regulated under other laws or maintained for certain reasons or in certain contexts. For example, the Colorado Privacy Act does not apply to publicly available information, including information that we reasonably believe Colorado residents have lawfully made available to the general public. As another example, we will not delete Personal Information when it is necessary to maintain that Personal Information to comply with a legal obligation.
If we do not grant your request, we will tell you why we did not. You may appeal our decision by emailing us at firstname.lastname@example.org with the subject line "Appeal of Request" and including our response to your request. We will also include this information in our response to your request. If you appeal our decision, we have 45 days to respond. We may also extend our deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why. If you have concerns about the results of your appeal, you may contact The Colorado attorney general.
Additional Colorado Mandatory Disclosures
As a cleft-focused organization providing treatment to impacted individuals, we collect, use, and disclose Personal Information revealing a physical health condition or diagnosis, which is considered a form of sensitive data under the Colorado Privacy Act ("CPA Sensitive Data"). In the event such CPA Sensitive Data is collected from you, we will provide you with information about how we collect, use, and disclose CPA Sensitive Data and get your consent to do so before proceeding.
We do not otherwise collect CPA Sensitive Data through our Sites.
If you are a Donor, we may sell your contact information to other non-profit entities as part of a donor list sale or rental. Section 4, "How We May Disclose Information" in the row "Third-Party Marketing Purposes (Non-UK Donors)" has more information about our activities that may constitute a "sale" under the Colorado Privacy Act.
If you are a Visitor—that is, someone visiting our website—we may use your identifiers and contact information, information from cookies, Internet or similar network activity information, and inference information for targeted advertising, which we may disclose or make available to advertising and social media networks. Section 5, "Advertising and Social Media" has more information.
10. Bases For Processing
- To perform our contractual obligations to you, including to fulfil your request for services, or to take steps in response to information or inquiries you may submit prior to entering into a contract with us (for example, to provide you with event tickets).
- For our legitimate interests, including to operate our organization and provide the services. We will not process Personal Information pursuant to our legitimate interests where we believe such interests are overridden by the interests or fundamental rights and freedoms of the individual. Our legitimate interests include, but are not limited to:
- Charity governance, including delivery of our charitable purposes, statutory, and financial reporting and other regulatory compliance purposes and intergroup transfers of Personal Information between our organization and our Affiliates;
- Administration and operational management, including responding to solicited inquiries, providing information that you have requested, research, events management, and the administration of volunteers and related requirements.
- Fundraising and campaigning, including administering campaigns and donations, and sending direct marketing by post and social media, sending thank you letters, analysis, profiling (including our supporter research as set out in the "Advertising and Social Media" section), targeting and segmentation to develop communication strategies (including our use of social media as set out in the "Advertising and Social Media" section) and maintaining communication preferences. You can see our legitimate interest assessment for this activity at this link: https://www.smiletrain.org.uk/legitimate-interests-assessment.
- To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
- To protect the vital interests of you or of another person.
- With consent, where we are not already authorized to process the Personal Information under applicable law (for example, to collect special categories of personal information or, in certain cases, to send you direct marketing by e-mail or SMS).
11. Updating Your Communications Preferences And Withdrawing Consent
Please note that if you do not provide consent, if you withdraw your consent or object to processing, or if you choose not to provide certain Personal Information, we may be unable to provide some or all of the services.
Opting-Out of Direct Marketing Communications
If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications, or you may contact us at the information in the "How To Contact Us" section to opt-out of direct marketing. Individuals in the UK can also opt-out of receiving marketing communications from us by signing up to the Fundraising Preference Service. Please be advised that you may not be able to opt-out of receiving certain service or transactional messages from us, including legal notices and communications in connection with administering donations.
Opting Out of Third-Party Marketing Communications (Non-UK Donors)
As noted above, from time to time, Smile Train may allow other organizations to send mail to our Donors, subject to applicable law. If you do not wish to receive these mailings, or if you would like to change the frequency or types of communications you receive from us, you can opt-out of such sharing by contacting us at the information in the "How To Contact Us" section.
12. Links To Other Sites
13. Data Retention
We will retain your Personal Information for as long as is necessary to fulfill the purposes for which we obtained the Personal Information, including to provide the services, or for such longer period as may be required or permitted by applicable law, in accordance with our internal data retention policy. The length of time that Personal Information will be kept may depend on the reasons for which we are processing the information and on the law or regulations that the information falls under, such as financial regulations, statute of limitations, health and safety regulation, or any contractual obligation we might have (for example, under grant funding agreements).
Subject to the above, we will typically retain Personal Information relating to Donors for seven (7) years after their last donation or interaction with us, after which time it will either be deleted, archived, de-identified, or anonymized. Please note if you request to receive no further contact from us, we may need to retain certain basic information about you in order to avoid sending you unwanted materials in the future or to comply with our legal obligations.
14. Data Security
We implement technical and organizational security measures designed to secure and protect Personal Information. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Personal Information.
15. Transfer of Data
The Personal Information we collect from you may be transferred to and processed and/or stored at a destination outside of your country, including in the U.S. Some countries may have a lower standard of protection for Personal Information, including lower security requirements and fewer rights for individuals, than your jurisdiction. If you are located outside of the United States, the transfer of Personal Information may be necessary to provide you with the requested information and services and/or to perform any requested transaction. By accessing or using any portion of the Sites, you acknowledge and consent to the transfer of your information to our facilities in the United States.
If we send your Personal Information outside the UK and EU, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information (such as entering into the EU approved standard contractual clauses). If you have any questions about the international data transfers we make, please get in touch with us using the details in the "How To Contact Us" section below.
16. Updates to This Policy
How to Contact Us
633 3rd Ave
New York, New York