Data Subject Requests
1. What is a Data Subject Request (DSR)?
Under data protection laws like the European Union’s General Data Protection Law (GDPR) and the California Consumer Privacy Act (CCPA), as well as a number of other U.S. state privacy laws, data subjects have certain rights regarding their personal data. A Data Subject Request (DSR) is a request made by an individual (or “data subject”) to learn whether an organization processes their personal data, how the personal data is used or shared, and to exercise their rights to access, correct, delete, obtain a copy of their personal data, or to object to certain uses and sharing of their information. We are committed to providing you tools and offering you choices that allow you to manage your data easily and in compliance with all applicable laws.
2. How can I submit a Data Subject Request?
You can submit a Data Subject Request on our website by filling out this form, or by sending an email to privacy-requests@gofundme.com. If you choose to email us, please provide a description of your request to help us process it efficiently.
3. Can I request to access my personal data?
Yes, you can request access to your personal data. We will review and validate your request to ensure it complies with our authentication and confidentiality policies and legal requirements for disclosing personal data.
Please note that by law and policy, we cannot disclose information about one data subject to another unless we can verify that the person making the request is an authorized agent, guardian, or similarly authorized representative.
Please also note that if you have an account with us, after signing in, you can review and update your profile and account information, review your transaction history, and manage your contact preferences. If you no longer have an account with us, you can still request copies of your donation receipts by following instructions in this Help Center article.
4. Can I request to delete my personal data?
Yes, you can request the deletion of your personal data. We will review and validate your request to ensure it complies with applicable legal requirements, and our identity verification and retention policies. However, please note that if your goal is to delete your account, you can follow the steps provided in this Help Center article.
The legal right of deletion under the GDPR, CCPA and similar consumer privacy laws is not meant to substitute an existing account offboarding process.
If you would like to use the account offboarding process for an account you currently have with us, you can delete your account from the Settings page after you sign in. Deleting your account will remove all of your activity and campaigns, and you will no longer be able to sign in with this account.
Regardless of how we offboard your account and personal data, there may be reasons for us to retain some data in line with our retention policy, as required or permitted by law. These reasons include us meeting legal and financial services regulatory compliance obligations, to address ongoing or potential legal claims, for operational and technical reasons, and for our data security and compliance records.
5. What information do I need to provide when making a Data Subject Request?
We only need the information requested in our form. Alternatively, when making a request by emailing us, we only ask that you provide the information needed to process your request, so please include your full name, email associated with your account, and a description of the data or rights you are requesting. Do not provide any additional personal data. This information helps us verify your identity and locate the information needed to complete your request. You do not need to provide us this information to use our cookie consent tool to opt-out of data “shares” and control advertising-related cookies.
6. How long does it take to process a Data Subject Request?
In accordance with applicable law, we aim to respond to all Data Subject Requests within 30 to 45 days. However, if your request is complex or involves large amounts of data, it may take a bit longer. We will keep you updated on any delays and their reasons.
7. What if I don't receive a response?
If you do not receive a response, please follow up with us at privacy-requests@gofundme.com. We will provide an update on the status of your request.
8. How do I know if my Data Subject Request has been processed?
Once your request is processed, we will notify you via email with the outcome and any relevant information. If any data has been deleted or rectified, we will confirm these changes.
9. What should I do if my request is not handled correctly?
If you believe your request has not been handled properly, please contact us at privacy-requests@gofundme.com, You can also escalate your concerns to our Data Protection Officer at dpo@gofundme.com. Your concerns will be reviewed and appropriate action will be taken to resolve the issue.
10. Can I withdraw my Data Subject Request once submitted?
Yes, you can withdraw your request at any time by contacting us at privacy-requests@gofundme.com. If your request has already been processed, please note that we may not be able to undo any actions that have been taken.
11. How do you protect my personal data during the request process?
We take data protection seriously and implement strict security measures to safeguard your personal data during the request process. This includes encryption, secure access controls, and confidentiality agreements with our staff.
12. Why do I receive a 404 error when opening my access link?
The verification link can only be clicked once and will expire automatically after seven (7) days.
13. What happens if my access request link expires?
If the link expires, you can request a new link by filling out this form.
14. What should I do if I have issues downloading my access request report?
Access request result links can only be used once, and results are provided in a .zip file format. You may need to use different software depending on your device to open the file.
15. Do you retain any of my data after a deletion request is completed?
Once your deletion request is processed, we will delete your personal data. Under certain circumstances, there may be reasons to retain some of your personal data, as required or permitted by law. These purposes include legal and regulatory compliance, ongoing or potential legal claims, operational and technical reasons, and for our data security and compliance records.
16. Can GoFundMe submit requests on my behalf?
Yes, GoFundMe can submit data requests on your behalf. If you are unable to use the form or do not want to, please email privacy-requests@gofundme.com and we will submit it for you.
17. How long does GoFundMe retain personal information?
We retain your information as long as necessary for the purposes it was collected, considering our business operations and legal obligations, which include maintaining records of the data subject requests. For more details, please refer to our Privacy Notice.
1. How do I opt out of GoFundMe's data collection?
You can manage your data and privacy preferences by learning more about your opt-out rights here. This page provides you with control over your personal data in compliance with applicable laws.
2. How can I unsubscribe from marketing?
If you want to unsubscribe from marketing emails, you must click unsubscribe in the footer of a marketing email you have received.
3. Can I request to opt-out of the “sale” or "sharing" of my personal data?
Yes, please see our Your Privacy Choices page for information about how to opt-out of the “sale” or “sharing” of your personal data.
4. How can I manage my cookie preferences on GoFundMe?
You can learn how to manage your cookie preferences, as defined under applicable laws, by clicking here.
5. Does GoFundMe collect biometric information?
GoFundMe does not collect or maintain any biometric information directly. However, we work with vendors for identity verification, regulatory compliance, and fraud prevention purposes. These vendors may collect biometric data, such as scans of government-issued IDs and facial recognition technology, with your consent. For more details, please refer to our Privacy Notice.
Questions or Concerns
1. Who can I contact with questions or concerns about my personal data or privacy?
Your trust is vital to us, and we’re committed to being transparent about our privacy practices and listening to our community’s feedback. If you have questions related to privacy, please contact us at privacy-requests@gofundme.com or at dpo@gofundme.com for escalations.
2. Who should I contact for customer service issues not related to my personal data or privacy?
If your inquiry is unrelated to privacy, please contact our Customer Care team by visiting our Help Center and clicking on “Contact us” for personalized support.