Privacy and Data Usage Policy (Final Draft)

Phillips University Legacy Foundation is committed to protecting the privacy and security of our donors, alumni, participants, volunteers, and related stakeholders. This Privacy and Data Usage Policy outlines how we collect, use, store, and protect your personal information, including sensitive personal information and financial data.

  1. Information We Collect

We collect the following types of information:

  • Personal Information: Name, address, email address, phone numbers, emails, date of birth, anniversaries, and other contact details.
  • Financial Information: Credit card numbers, bank account details, and other payment information for donations or sales.
  • Donor Information: This may include donation history, pledged amounts, payment methods, donor interests, and any preferences regarding how their contributions are used or acknowledged.
  • Participation Information: Event attendance, demographics, volunteer hours, roles performed, and feedback provided.
  • Participant-Shared Media: Stories, photographs, videos, and other media voluntarily submitted by participants to document program experiences, events, or volunteer activities.
  • Digital Information: Cookies, IP addresses, browser type, and digital analytics data to improve our website and services.
  • Educational Information: Attendance, enrollment, transcripts, degrees, training records, or applications.
  • Applicant Information: Information collected from individuals applying for programs, scholarships, volunteer positions, or employment, including resumes, application forms, references, and eligibility criteria.
  1. Sensitive Personal Information

The Phillips University Legacy Foundation recognizes the importance of protecting Sensitive Personal Information (SPI)—data that requires heightened security measures due to its confidential nature.  This information includes social security numbers or taxpayer ID numbers, credit or debit card details, and other financial data necessary for transactions and identity verification. Additionally, we collect dates of birth, medical or health information, and student-related data, ensuring compliance with privacy regulations and secure handling of sensitive personal records.

We take measures to protect Sensitive Personal Information (SPI) by using encryption and secure storage, restricting access to authorized personnel, and limiting data collection to only what is necessary. SPI is never shared with third parties, except as legally required, and is securely disposed of when IRS retention policies allow or when no longer needed.

  1. Financial Information

When you make a donation or purchase, the Phillips University Legacy Foundation collects your billing address and payment details in addition to your contact information. To ensure secure processing, we work with trusted third-party payment processors that utilize Secure Socket Layer (SSL) encryption and a minimum of SHA-256 encryption to protect your financial data during transactions. Our payment processor verifies your credit card or bank information using a secure server. The Phillips University Legacy Foundation does not retain your credit card number.

Access to personal financial data is strictly limited to employees who require it to perform essential duties. Additionally, neither our organization nor our payment processor share your credit card or banking information with third parties, except as required by law or payment regulations. Donation data is shared with the IRS as required by law.

  1. Student Data

The Phillips University Legacy Foundation is committed to protecting the privacy and security of student education and medical information. While our organization is not subject to the Family Educational Rights and Privacy Act (FERPA), we voluntarily implement strong data protection measures to ensure the responsible handling of student-related records.

We collect and securely maintain student educational records and medical information only as necessary to support our programs and services. Student education and medical information are never shared, sold, or disclosed to third parties, except as required by law or in cases of immediate health or safety concerns. Access to such data is restricted to authorized personnel, and all employees handling student records undergo privacy training to ensure compliance with best practices.

  1. How We Use Your Information

We use your information to:

  • Communicate with you about programs, events, volunteer opportunities, and requested services.
  • Respond to inquiries and manage applicants, programs, and volunteer activities.
  • Process donations, issue receipts, issue public donor acknowledgements, and ensure legal and regulatory compliance.
  • Improve programs and tailor communications based on interests.
  • Analyze website usage to optimize user experience and digital resources.
  1. Consent and Opt-Out

By providing your personal information, you consent to our collection and use of this data as outlined in this policy. You may opt out of receiving communications from us at any time by contacting us at info@pulf.org. You can also manage your cookie preferences through your browser settings.

  1. Data Security & Retention

We maintain physical, electronic, and procedural safeguards to protect your personal information from unauthorized access, misuse, loss, alteration, destruction, or misuse.  We protect the security of credit card transactions in partnership with third-party processing companies, utilizing various measures, including encryption, access controls, network firewalls, and physical security.

Although the Legacy Foundation maintains up-to-date procedures and tools to safeguard information, no website or electronic storage system can ever be completely secure, and we cannot guarantee the safety of all personal information. We periodically audit our systems to ensure we process your data securely and accurately.

In the event of a data breach, we will promptly notify affected individuals within 72 hours when legally required and take immediate steps to mitigate the breach while preventing further unauthorized access. A thorough investigation will be conducted to determine the cause and impact of the breach, ensuring appropriate corrective actions are taken. Additionally, we will report the breach to relevant authorities as required by law, maintaining transparency and compliance with all applicable regulations.

  1. Data Retention

The Legacy Foundation will keep your data for as long as it is necessary to fulfill the purpose for which it was collected. We may also retain your records to fulfill a legitimate interest or if legally required to do so.

  1. Access and Correction

You have the right to access and correct your personal information. To request access or make corrections, please contact us at info@pulf.org. To request removal of personal data, subject to legal retention requirements, or to opt out of certain uses of personal data such as marketing communications, please contact info@pulf.org.

  1. Sharing of Information

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted partners and service providers who assist us in operating our organization (such as for mailing services or special projects), provided they agree to keep this information confidential and follow. We do disclose information as required by law. In the case of alumni data, we may ask at times if you would like your information shared with other Phillips University-related organizations as part of a mutual information exchange between organizations.

  1. CoLaws

We comply with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR).

  1. Third-Party Data Processors

We may engage third-party data processors to handle personal information on our behalf. These processors are carefully selected and required to comply with our data protection standards and policies and with GDPR. They are only permitted to use your data for the specific purposes outlined in our agreements with them and must ensure the confidentiality and security of your information.

  1. Cookies and Digital Analytics

We use cookies and digital analytics tools to:

  • Track website usage and performance.
  • Personalize your experience on our website.
  • Improve our website and services based on user behavior and preferences. You can manage your cookie preferences through your browser settings.

 

  1. Children Under the Age of 13

We will not knowingly solicit, collect, or otherwise process any Personal Information from children under the age of 13 without parental consent. Children under 13 are not authorized to make a donation or purchase, sign up for an event or program, or otherwise provide any personally identifiable information without consent from a parent or legal guardian. If a child under 13 does so, their data is removed from the system.

  1. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website, and we will notify you of significant changes via email or other communication methods.

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at info@pulf.org

By using our services, you agree to the terms of this Privacy Policy. Thank you for your trust and support.

 

 

 

 

 

 

 

 

Privacy Policy