Search
Close this search box.

ClickBid Data Protection Policy

Last Updated: July 2021

Summary

This document outlines the data collected by ClickBid LLC (ClickBid hereafter) for the purpose of running online auction services. Questions or comments can be directed to our technical support team at support@clickbidonline.com

Personal Data Collected by ClickBid

Bidder Personal Data: ClickBid collects identifiable data from Organization donors (Bidders) and stores it securely in our Virtual Private Cloud (VPC) service provided by Amazon Web Services (AWS). This data may include the following information:

  • First Name
  • Last Name
  • Phone (mobile) Number
  • Email Address
  • Address
  • City
  • State Zip
  • Password
  • Phone & Email Notification Preferences
  • Credit Card Token
  • Last 4 Digits of Credit Card

ClickBid maintains this data within their database and one-way encrypts password information. This data is available to the Bidder so long as they are required to provide a password to bid on auction items. If no password is required, the ability to view and change personal information is not available. This data is also available to the Organization conducting the event and ClickBid Administration.

Bidder Bid Data: ClickBid collects bid information from registered Bidders and stores it securely in the same manner as Bidder Personal Data. This data may include the following information:

  • Bidder Identification ID
  • Auction Item Identification ID
  • Desired Bid Amount
  • Desired Maximum Bid Amount
  • Time Bid was Placed 

This data is available to a bidder who is successfully logged into the platform. It is also available to the Organization conducting the event and ClickBid Administration.

Bidder Receipt/Invoice Data: ClickBid collects and processes winning bids, donation and purchases from an auction. This data may include the following information:

  • Winning Bid Amount
  • Bidder Identification ID
  • Payment Type ID
  • Payment Date 

This data is available to a bidder who is successfully logged into the platform. It is also available to the Organization conducting the event and ClickBid Administration.

Organization Data: ClickBid collects information from an Organization who wishes to use ClickBid Mobile Bidding. We store this data in the same manner as listed above. This data may include the following:

  • Organization Name
  • Contact First Name
  • Contact Last Name
  • Event Name
  • Event Keyword
  • Signup Date
  • Address
  • City
  • State
  • Zip
  • Organization Phone
  • Organization Email
  • Password (one-way encrypted)
  • Event ID
  • Software Purchase Record(s)
  • Software Add-on Record(s)
  • Checking Account Routing Number
  • Checking Account Number 

This data is available to the Organization conducting the event and ClickBid Administration.

Purpose of Data Collected by ClickBid

Bidder Personal Data: ClickBid captures this data to assist the Organization in keeping accurate data on their donors. This data also allows a bidder to receive important updates from the software via automated alerts and from the Organization. Bidders who provide this information agree to ClickBid terms and conditions.

Bidder Bid Data: ClickBid captures this data to manage bid histories and current bids on silent auction items created by the charity. These histories allow ClickBid to determine winners, and items necessary for payment. This data is also available to the Organization so that they can see Bidder histories, statistics across the entire event to help build better auctions.

Bidder Receipt/Invoice Data: ClickBid captures this data to show the Bidder that they have yet to pay or have paid for their auction totals. This data is a list of auction items, donations and purchases that the Bidder has made during the auction. The Organization can also use this data to check on the status of a Bidder in the payment process as well as pull statistics on the entire event to see where there was success and potential improvements for future events.

Organization Data: ClickBid captures this data to assist in overall communication with the Organization using ClickBid. The data is used to send emails, invoices, ACH payments (where applicable) and link to external services like payment processors. This data is also used to organize auction items, Bidders, bids and other data relevant to the Organization.

Third Parties Access to User Data

BidKit Payments (powered by Stripe): ClickBid will provide Stripe with bidder name, phone and email data in addition to organizational name, phone and email data. This data is then stored on Stripe vaults.

SendGrid: ClickBid will provide SendGrid email addresses and email content to this service for the purpose of sending emails through a reliable service. In some of the cases the content of the email will contain names, bidder numbers, address information, etc.

Twilio: ClickBid will provide Twilio phone numbers and sms content to this service for the purpose of sending text messages through a reliable service. In some of the cases the content of the message will contain names, bidder numbers, address information, etc.

A note on credit card numbers: In an effort to maintain the highest level of security, ClickBid leverages hosted fields in iFrames. This means that credit card data is never transmitted through ClickBid’s network. Data is sent directly to the credit processor and token data is sent back to ClickBid for storage. Therefore, a Bidder or Organization entering credit card data on any ClickBid site is transmitting it directly to the card processor and bypassing any ClickBid web service.

User Consent Processes

All Organizations and Bidders must agree to our terms and conditions which include data consent. If a record is on file in our platform, they have agreed to and consented with our terms and conditions.

Data Protection Strategies

To protect all data at ClickBid, we leverage Virtual Private Cloud (VPC) services from Amazon Web Services. In the case of our data, we do not allow outside access to our database layer. Only approved machines are allowed access along with services located within the VPC.  Data is also encrypted at rest to ensure privacy protection in the event of a breach.

In addition, all our data is organized using indexes to avoid data corruption or data duplication. We also employ data filtering methods on our web layer to avoid malicious data from being executed on our database and compromising information. 

At any time, a Bidder or Organization can request to have their information removed from our system and we will comply within 1 business day of the request. Upon request, we will remove the data from our system and it will no longer be available to be presented within our platform.