Join us for the Virtuous User Summit

August 19-21, 2025

📣 Responsive Nonprofit Summit • Free + Virtual 🎉

June 4-5, 2025

Practical Strategies. Real Results. Free to Attend.

The Responsive Nonprofit Summit June 4-5, 2025

Responsive Nonprofit Summit • Free + Virtual

March 11-12, 2026

Already a Virtuous customer? Our Professional Services help with Data and Report Clean-Up, Custom Training, Consulting and Giving Page Optimization.

GDPR Compliance

Virtuous Software, Inc.

Last Modified: June 20, 2025

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive privacy law enacted by the European Union (EU), effective as of May 25, 2018. Its primary goal is to give individuals more control over their personal data and unify data privacy laws across Europe.

GDPR applies to any organization that processes the personal data of individuals in the EU, regardless of where the organization itself is located.

2.Does GDPR Apply to You?

Regardless of your organization’s location, you may be required to comply with GDPR if you collect, process, or store personal data of individuals residing in or visiting the EU. This includes activities such as offering goods or services to EU-based individuals or monitoring their behavior through technologies like analytics platforms, tracking tools, or cookies.

👉 If your organization interacts with anyone in the EU, you likely have GDPR obligations.

3. Individual Rights Under GDPR

  1. Right to Be Informed
    1. Individuals have the right to be informed about the collection and use of their personal data. This typically requires a transparent privacy notice or policy.
  2. Right to Access
    1. Individuals can request access to their personal data and obtain information about how it is being processed, including the purposes, categories, recipients, and retention periods.
  3. Right to Rectification
    1. Individuals have the right to have inaccurate personal data corrected or completed if it is incomplete.
  4. Right to Erasure (“Right to Be Forgotten”)
    1. Individuals can request deletion of their data in certain circumstances, such as when the data is no longer necessary or they withdraw consent.
  5. Right to Restrict Processing
    1. Individuals can request the restriction of the processing of their data under certain conditions, such as contesting its accuracy or objecting to its processing.
  6. Right to Data Portability
    1. Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
  7. Right to Object
    1. Individuals can object to the processing of their data in certain situations, including direct marketing or processing based on legitimate interests or public tasks.
  8. Rights in Relation to Automated Decision-Making and Profiling
    1. Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, if it significantly affects them.

4. How Virtuous Helps to Support GDPR Compliance

Virtuous supports you in maintaining compliance with GDPR as follows:

  • Tools to Support Individual Rights
    • Features that help you fulfill data access, correction, deletion, and objection requests.
  • Data Processing & Sub-processors
    • We maintain a clear list of sub-processors and only partner with vendors that uphold strict data privacy standards and can be found at trust.virtuous.org.
  • Consent Management
    • Virtuous supports consent tracking within donor and constituent profiles, making it easy to manage communication preferences and obtain valid consent.
  • Data Security
    • We implement industry best practices, including:
      • Encryption in transit and at rest
      • Role-based access controls
      • Regular audits, security testing, and monitoring
  • Data Retention & Deletion
    • You decide how long to retain data based on your organization’s individual data retention needs.

5. Disclaimer

This page is provided for informational purposes only and does not constitute legal advice or create any contractual commitment. The content is intended to help customers understand how Virtuous can help support GDPR compliance, but should not be used as a substitute for professional legal guidance.

Each organization is responsible for ensuring its own compliance with GDPR and any other applicable data privacy laws. We recommend consulting with your legal counsel to evaluate your specific obligations.

Grow generosity with Virtuous

Virtuous is the responsive fundraising software platform proven to help nonprofit organizations increase generosity by serving all donors personally, no matter their gift size.

“Virtuous truly understands nonprofits and the importance of our mission. And their open access to data and built-in custom reports gave us access to the data we need.”
Todd Shinabarger
Chief Information Officer