Privacy policy



TOL takes your privacy seriously. Here's a rundown of how we handle your personal information. This privacy policy is effective as of July 7, 2016.

1. What information we collect

Only that information we need to conduct a transaction with you, to service your account, or to better accommodate our site to users’ behavior. That could include your name, email address, credit card information, or certain information about whatever device you use to access our site, explained in our cookie policy, below. We do this in order to register you or allow you to sign into the website or make a donation; to respond to your customer-service queries or complaints; to send you electronic newsletters or marketing materials; to track your use of our site in order to make it more responsive or to guard against fraud or other illegal activity; or to send you fundraising premiums, such as ebooks or donor “badges.” We may also collect personal information from you as a result of your email communications with us.

We may obtain address information about you from third party sources, such as LexisNexis, for fraud prevention or for legal compliance. We may also collect personal information from you as a result of your email communications with us.

2. Where the information is stored

Though we collect this information, we will not store it on our server. We have arranged with Heroku.com to store and secure the information. Heroku.com permits access to its business customers’ databases only via industry-standard SSL-encrypted connections and runs constant checks for vulnerabilities on those databases. However, there is no guaranteed safe method of storing or transmitting information electronically, and we encourage you to take sensible precautions, such as not divulging and periodically changing your password. If you have any questions about security or privacy, please contact us at marketing@tol.org.

3. Who has access to your information

We contract with other companies to conduct some business for us, including processing payments and storing personal information. We have authorized these companies to use your information only as necessary to perform these functions, and they are obligated to keep your information confidential. When you visit some pages on our website, such as the donation page, you will be transfered to a site administered by one of our partners, although it will look like a TOL Payments page.

4. Sharing of your information with anyone not employed by TOL

When you are on the payment page you will be entering your information on a site administered by a TOL business partner, in this case Stripe, a widely used, international payments administrator. Stripe uses SSL encryption technology.

Also, we may share your personal information when legally required to do so, in the case, for instance, of a law-enforcement investigation or subpoena.

5. Other communications

We will send out newsletters or marketing communications from time to time. You may opt not to receive these by following the unsubscribe instructions included in these emails.

6. How long we hold your information

We will store your information (on our partner’s site) as long as your account is active or as long as needed to provide you services, comply with legal obligations, resolve disputes, or enforce agreements.

7. Our procedures in case of a data breach

In the event your personal information is compromised, we will notify you promptly. TOL accepts no liability for any unintentional disclosure or a disclosure that occurs due to a security breach of our systems or facilities.

Cookies

We use cookies to gather information about visitors to our website in order to customize your experience or to track our performance. The information gathered may include your IP address, browser, Internet sevice provider, operating system, referring or exit page, date/time stamp, or clickstream data.

Cookies are used by TOL Payments and our service providers to remember users’ settings and authentication, to analyze traffic and use patterns, and to gain a clearer picture of our users. We may receive reports with individual or aggregate visitor information resulting from the use of these technologies by our service providers. If you reject cookies, your ability to use some features or areas of our site may be limited.

Our service providers may use Local Storage Objects (LSOs) such as HTML5 or Flash cookies to store users’ state (user data and settings). Most browsers allow you to clear your cache and cookies, or you can find and delete Flash cookies at the Adobe website.

Changes to our privacy policy

If we make a material change to our privacy policies and procedures regarding the collection, use, or disclosure of your personal information, we will post a notice of those changes on our website or send an email to the email address linked to your account. Your use of the site after such changes have been posted constitutes agreement to those changes.

Contact us

If you have any questions about this privacy policy, the practices of this site, or your dealings with this website, please contact us at marketing@tol.org. For technical issues, please send an email to marketing@tol.org.