Skip to main content

Privacy policy

How Together Giving Pty Ltd (ABN 69 696 704 604) collects, uses, stores and discloses personal information.

Together Giving Pty Ltd (ABN 69 696 704 604) (we, us, our) operates the Together fundraising platform at alltogether.giving (the Platform). While making our Platform available and conducting our business, we may collect, store, use and disclose personal information. This policy explains what personal information we collect, why we collect it, and how we handle it.

1. About this policy

We are an Australian business and handle personal information in accordance with our applicable obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2. Personal information we collect

We may collect and hold the following types of personal information about our clients and their personnel, visitors to our website, and individuals who interact with our clients through the Platform - including donors and supporters who engage with client campaigns.

  1. Identity and contact information. This includes information such as names, addresses, emails, phone numbers, organisational roles, employer/job information, and other authentication and identity verification details.
  2. Transaction information. This includes information about transactions made through our Website, including payment type, transaction amounts, transaction purposes, recipient information, and dates of transactions. We use a third-party payment processor, and therefore do not collect or store sensitive payment information such as card numbers or bank account details ourselves.
  3. Technical information. We also collect technical data, including IP address, browser type, device, and page views.
  4. Other information. We may also collect information you choose to provide during communications with us, including emails, calls, meetings or forms submitted through our website, as well as information provided through online interactions such as enquiries, live chat or social media messages.

3. Sensitive information

By engaging with our Platforms, we may collect or be able to infer sensitive information about individuals - in particular, political opinions or political associations. Where this occurs, Together handles that information for the same purposes it handles and uses personal information, but also in accordance with the requirements for sensitive information under the Privacy Act 1988 (Cth).

4. How we collect personal information

We collect personal information in the following ways:

  1. Directly from you, when you create an account, communicate with us, or submit information through our website or the Platform, including through any forms.
  2. From our clients, when they upload, sync, or input data about their customers, donors, members, supporters, or personnel into the Platform. Where this applies, the client is the primary data controller and Together processes the data on their behalf.
  3. From publicly available sources, such as LinkedIn, company websites, or industry directories, where relevant to our business relationships.

If you choose not to provide certain personal information, we may be unable to provide the relevant service or respond to your enquiry.

5. How we use personal information

We may use personal information for the following purposes.

  1. To deliver and operate the Platform and our business. This may include authenticating users, processing donations, generating receipts, assessing and reporting on compliance, and producing reports for our clients.
  2. To improve and secure our Platform. This may include product development and benchmarking, monitoring, debugging, fraud and abuse prevention.
  3. To communicate with users of our Platform and our Website, including you. This includes communications about our Website, Platform, accounts, and/or material changes to this policy.
  4. For administrative purposes. This includes for our and/or our clients' record-keeping and planning purposes.
  5. For legal and regulatory purposes. This includes to comply with legal and regulatory obligations under applicable laws.

We do not sell personal information. We will only use or disclose personal information for a secondary purpose if that secondary purpose is directly related to the primary purpose for which we collected it, and you would reasonably expect it in the circumstances, or if permitted by applicable law.

6. Sharing and disclosure

We may share personal information with third parties as follows.

  1. Third party providers (including sub-processors and service providers). This includes third parties who help us run the Platform, such as payment processors (such as Stripe), hosting (such as Vercel, Neon), email delivery (such as Resend), and error monitoring (such as Sentry). The above are examples only and are not an exhaustive list. Some third-party providers are located outside Australia. We take reasonable steps to ensure they handle data consistently with the Australian Privacy Principles.
  2. Embedding sites. Forms on our Website may be embedded into a third-party website, and the operator of that website may have access to data entered into or generated through the form by virtue of how it is embedded. We do not control how third-party websites embed our form or what data they collect in that context. We encourage you to review the privacy policy of any website through which you access our Platform.
  3. Our clients who we collected your information on behalf of or from. If you are a supporter or donor and wish to exercise your privacy rights in relation to data held by a client organisation, please contact that organisation directly. Where appropriate, we will co-operate with requests routed through us.
  4. Law enforcement or regulators where we are required by Australian law to disclose.

7. Storage and security

Data is stored in managed databases inside Australia or in jurisdictions with comparable protections. We use encryption in transit (TLS) and at rest, role-based access controls within the application, and audit logging for sensitive operations.

We take reasonable steps to ensure the security and integrity of personal information we collect and hold. Personal information is retained only for as long as it remains necessary for the purposes for which it was collected, or as required by applicable laws and regulations.

8. Your rights

You may contact us to:

  1. Confirm what personal information we hold about you and ask us to access it.
  2. Correct information that is inaccurate or out of date.
  3. Delete information, where we are not required to retain it for the purposes that we collected it for and/or legal or compliance reasons.

We will respond to access or correction requests within 30 days, or such other reasonable period.

If you are a supporter or donor and wish to exercise your privacy rights in relation to data held by a client organisation, please contact that organisation directly. Where appropriate, we will co-operate with requests routed through such clients.

9. Complaints

If you believe we have breached any applicable privacy laws, please contact our privacy officer at privacy@alltogether.giving in the first instance. If you do not consider our response satisfactory, you may contact the Australian Privacy Commissioner at www.oaic.gov.au or by telephone on 1300 363 992.

10. Cookies

We use a small number of cookies for authentication and to remember your preferences. We do not run third-party advertising or tracking cookies on the Platform.

11. Changes to this policy

We will update this page when our practices change. Material changes will be notified by email to account holders. The date at the top of this policy indicates when it was last updated.

12. Contact

Privacy questions, requests, or complaints can be sent to privacy@alltogether.giving.