Privacy Policy


OSU Foundation Privacy Policy, last updated February 27, 2020

PRIVACY STATEMENT

The Oklahoma State University Foundation is committed to protecting the confidentiality of the private, non-public information of donors, constituents, and alumni (collectively, “Constituent” or “Constituents”). Respect for a Constituent's right to privacy is a standard of integrity for all Oklahoma State University Foundation activities. This policy is issued by the Oklahoma State University Foundation Board of Trustees and is intended to provide information regarding the collection, use and release of Constituent information. The Oklahoma State University Foundation created this policy in accordance with the Generally Accepted Privacy Principles (“GAPP”).

GUIDELINES ON COLLECTION, USE AND RELEASE OF OKLAHOMA STATE UNIVERSITY FOUNDATION INFORMATION

A. The Oklahoma State University Foundation (the “Foundation”) collects and retains certain information that is private, non-public, confidential, and/or proprietary in nature (the “Confidential Information”), including but not limited, personal information, including identification information; trade secrets; proprietary methods; financial, business and marketing information; personnel data; data regarding Constituents; and other data that is the property of and integral to the operation and success of the Foundation; including but not limited to the specific following examples:

  1. Information pertaining to Constituents (whether personal, financial, biographical or gift related) other than publicly available information or information authorized to be released by the Constituent, including but not limited to, donations, Constituent lists, contact information, financial information, estate planning information, bank account numbers, credit card numbers, social security numbers, information stored and maintained in the Foundation’s development database, and all electronic and telephonic communications related to planned or charitable giving between the Foundation and Constituents;
  2. All non-public information relevant to the Foundation’s financial and operational affairs, including but not limited to, the Foundation’s fundraising practices, goals, and achievements; investment practices; past, current, and planned campaigns and developmental activities; current or planned operational methods and processes; and any specialized know-how related to the above activities;
  3. Current and anticipated fundraising or other types of organizational projections, including financial studies, financial and fundraising plans, and computer software and programs specifically developed for or by the Foundation to conduct its activities;
  4. Electronic data including, but not limited to, electronic data used to provide a positive website experience; to offer programs, products and services; and to report on user activity, as more particularly set forth in the Electronic Data Information page, posted on the www.osugiving.com website; and
  5. Non-public information concerning the Foundation’s affairs, however documented, and all material derived therefrom such as notes, e-mails, correspondence, analysis, compilations, studies, and summaries, whether prepared by or for the Foundation, that contain or are based, in whole or in part, on any Confidential Information.

B. The Confidential Information is received from various sources including, but not necessarily limited to, the Constituent; Oklahoma State University (the “University”) pursuant to a development services agreement; third parties; and other information gathered from the Foundation Board of Trustees members, University affiliates, volunteers, Constituents, and Foundation staff. The Confidential Information is maintained, corrected and updated as necessary.

C. The Foundation retains the Confidential Information for purposes of, among other things, aiding the University and University affiliates in furtherance of achieving excellence; operating, maintaining, and providing the services of the Foundation; and communicating with Constituents. To succeed in this support, the Foundation must earn and maintain the trust of past, present, and future Constituents. A Constituent’s trust in the Foundation is enhanced when there is openness and communication. For this reason, the Foundation voluntarily makes public the following types of information (the “Voluntary Disclosures”):

  1. Annual report,
  2. Gift club guidelines,
  3. Mission and vision statements,
  4. Names of Board of Governors and Board of Trustees,
  5. Audited financial statements, and
  6. Endowment, investment and spending policies.

D. The Voluntary Disclosures are in addition to all materials the Foundation is required to disclose by law, such as:

  1. IRS form 990 (without schedule attachments),
  2. IRS form 1023 (tax determination letter), and
  3. Articles of Incorporation.

E. To respect the expectation of privacy held by Constituents with regard to Confidential Information, unless otherwise allowed by this Privacy Policy, the Foundation does not share Confidential Information with third parties unless authorized by this Privacy Policy.

F. Notwithstanding the foregoing, Confidential Information may be made available on an as-needed basis to Foundation Board of Trustees members, University affiliates, volunteers and Foundation staff. The information made available for such internal uses may include, but is not necessarily limited to, giving history, as well as other information necessary for gift processing, cultivation, solicitation and stewardship purposes. Furthermore, Confidential Information may be otherwise released to other third parties in any of the following situations: if consent is obtained from the constituent, if otherwise required by law, for the purposes of advancing the Foundation through resource development efforts that require certain Confidential Information to develop strategies and present gift proposals, for the purposes of providing names and addresses of memorial fund donors to family members, or for purposes of publishing an alumni directory as more particularly set forth in the Alumni Directory Policies and Procedures adopted by the University, the Foundation and the Oklahoma State University Alumni Association (the “Alumni Directory Policy”).

G. Confidential Information will only be released to third parties upon receipt of a signed nondisclosure and confidentiality agreement by the receiving party, unless otherwise required to be disclosed by law or unless otherwise set forth in the Alumni Directory Policy for purposes of publishing an alumni directory. All Foundation staff shall sign confidentiality agreements and will be subject to Foundation hiring procedures and performance appraisals relating to the protection of Confidential Information. In addition, all Foundation staff shall complete a privacy and security awareness course within the first month following employment and shall thereafter complete such course on an annual basis in order to retain access privileges. Furthermore, the Foundation applies security safeguards for Confidential Information and shall undergo periodic risk assessments.

H. From time to time the Foundation will provide a Constituent with endowment reports when appropriate. Without requiring a confidentiality agreement, the Foundation may provide the following person(s) or entity(ies) with an endowment report, including but not limited to the name, spending, and balance of the relevant fund(s) (“Fund”): (1) any person or entity designated by the Constituent in writing to receive such information; (2) any person or entity properly granted power of attorney for the Constituent; and/or (3) upon the Constituent’s death, (a) any spouse, child or heir of the Constituent; (b) any person or entity who has been identified in writing to receive such information by a person or entity empowered to act on behalf of the Constituent’s estate and/or trust; (c) any person for whom the Fund is named; and/or (d) any spouse, child, heir or successor of a person or entity entitled herein to receive the endowment report and other endowment related information.

I. The Confidential Information collected may be stored and processed in the United States, or any other country in which the Foundation’s service providers maintain facilities. The Foundation may transfer information that it collects and processes, including personal information, to affiliated entities, or to other third parties across borders and from a Constituent’s respective country or jurisdiction to other countries or jurisdictions around the world. If a Constituent is located in the European Union or other regions with laws governing data collection and use that may differ from United States law, please note that the Foundation will not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as the Constituent’s jurisdiction.

J. All requests for access to Confidential Information will be directed to the Foundation’s Legal Department, which will provide guidance on interpretation of this Privacy Policy and arrange for access to the requested information after all necessary Confidentiality Agreements have been executed. The Foundation’s Legal Department will also respond and arrange for access to information made available for public inspection, as described in paragraphs “C” and “D” of the policy. If an information request requires the retrieval and reproduction of documents, a reasonable per-page reproduction fee applies in most cases. The per-page reproduction fee shall not exceed the actual cost to the Foundation of satisfying the request. The requesting party shall pay all fees to the Foundation prior to the receipt of requested information. If the requested information is available on the Foundation web site, the requester will be so notified.

K. The Foundation’s Legal Department will review all contracts and service-level agreements for consistency with this Privacy Policy and Foundation procedures.

L. The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). One-time gifts or recurring gifts may be made online through the Foundation’s website (www.osugiving.com), by calling the Foundation (800-622-4678), or by mailing to the Foundation’s lockbox or physical locations. Online donations are processed through the Foundation’s secure online website, which does not store credit card information. Gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or merchant services online terminal. Once the Constituent’s credit card information is entered online, the Foundation immediately redacts the credit card number.

M. The OSU Foundation Privacy Incident and Breach Management Program, as implemented, updated and amended from time to time by the OSU Foundation, shall be followed in the event of a privacy incident or breach.

N. Refusal of a Constituent to provide certain Confidential Information to the Foundation may result in the inability of the Foundation to provide certain benefits to the Constituent, such as naming recognition and gift receipts. In the event a Constituent’s Confidential Information needs to be updated, or in the event a Constituent does not wish to receive marketing or other solicitation materials from the Foundation or does not want the Foundation to store their personal data, such Constituent may make such a request by contacting info@osugiving.com or 800-622-4678. Upon authentication of the identity of the requesting Constituent, the Constituent’s record may be updated, flagged, or deleted according to the Constituent’s request and applicable law, until receipt of further notice by the Constituent. A Constituent may also have a right under applicable law to request that the Foundation refrain from processing any of their personal data in the future, on legitimate grounds. The Foundation does not use government-issued identifiers (for example, Social Security numbers) for authentication of the requesting Constituent’s identity. Comments, inquiries or disputes relating to privacy related issues may be directed to the Foundation’s Legal Department by calling 800-622-4678.

O. This Privacy Policy is adopted by the OSU Foundation Board of Trustees, and shall be reviewed annually and updated from time-to-time as deemed necessary.

EUROPEAN UNION RESIDENTS

P. In addition to the above, this portion of the OSU Foundation’s Privacy Policy, entitled “European Union Residents,” will apply in situations where the General Data Protection Regulation (“GDPR”) is applicable to a Constituent (“GDPR Constituent”) and the Foundation is storing or processing the GDPR Constituent’s personal information.

Q. The GDPR Constituent may have the right to withdraw their consent or update their contact preferences at any time by contacting the email or phone number in paragraph N above.

R. The GDPR Constituent may have additional rights under the GDPR, including the following:

  1. The right to access – the right to request from the Foundation copies of the GDPR Constituent’s personal data. The Foundation may charge a small fee for this service.
  2. The right to rectification – the right to request that the Foundation correct any information a GDPR Constituent believes is inaccurate, and the right to request the Foundation to complete the information a GDPR Constituent believes is incomplete.
  3. The right to erasure – the right to request that the Foundation erase a GPDR Constituent’s personal data, under certain conditions.
  4. The right to restrict processing – the right to request that the Foundation restrict the processing of a GPDR Constituent’s personal data, under certain conditions.
  5. The right to object to processing – the right to object to the Foundation’s processing of a GDPR Constituent’s personal data, under certain conditions.
  6. The right to data portability – the right to request that the Foundation transfer the data that the Foundation has collected to another organization, or directly to a GDPR Constituent, under certain conditions.

If a GDPR Constituent would like to exercise one of his/her rights, the Foundation has one month to respond to the request. Please direct all questions and requests to the Foundation’s Legal Department or to the Foundation’s data controller at:

Phone Number: 1(800)622-4678
Email: GDPR@osugiving.com
Address: Oklahoma State University Foundation
Attn: GDPR (Legal)
P.O. Box 1749
Stillwater, OK 74076-1749

S. The Foundation may use an automated process to obtain and analyze a GDPR Constituent’s personal data. The results of that automated process may highlight certain attributes of a GDPR Constituent, such as their financial information, that the Foundation may use to provide services and fulfill its mission.

T. Please see the Foundation’s Electronic Data Information page, posted on the www.osugiving.com website, regarding the Foundation’s use of Cookies.

U. The Foundation will retain Confidential Information on a GDPR Constituent, including all personal data collected and processed, for as long as the GDPR Constituent is engaged with the Foundation or for the period of time necessary to fulfill the purposes for which the Foundation initially collected the information, unless otherwise required by law.

ELECTRONIC DATA INFORMATION

OSUGIVING.COM AND SECURE.OSUGIVING.COM

The Oklahoma State University Foundation (the “Foundation”) collects electronic data in order to provide a positive website experience, offer programs, products and services and report on user activity. Please be aware that none of these tools provide the Foundation with the ability to read any data residing on your computer.

DATA SECURITY AND STORAGE

The Foundation adheres to accepted industry security standards that are designed to protect any non-public personal information on this website against accidental or unauthorized use, access or disclosure. The technology we use is specifically designed for web servers. All of your personal information resides in the United States of America in a secure database behind a firewall where it cannot be accessed without proper authorization. Secure Sockets Layer ("SSL") technology encrypts your personal information as well as your history if it is transmitted over the Internet. In addition, we periodically subject this website to simulated intrusion tests.

You also have a responsibility in keeping the personal information that is available on the Foundation site secure by keeping your account name and password confidential. This will help prevent any potential unauthorized access to your account.

SERVICE PROVIDER AND PARTNER COLLECTION OF INFORMATION

This site uses third-party click tracking analytics tools (such as Google Analytics) to capture click through statistics.

PERSONALLY IDENTIFIABLE INFORMATION

You have the option to register with osugiving.com and secure.osugiving.com. The site registration form requires you to provide your full name, address, city, state, country, zip code, email address, school name, date of birth, and create a username and password. You may also choose to provide additional optional information, such as, maiden name and graduation year. You may update this information at any time. You may opt out of receiving email communications from the Foundation.

COOKIES

Cookies are used on websites to gather information about how individuals use and navigate the Foundation website. Cookies cannot extract any personal information about you, nor can they read any data that resides on your personal computer or device. The data collected from these sources are used to recognize repeat users and track usage patterns. Specifically, the Foundation uses “cookies” which are small pieces of information sent by a web server and stored by a member’s web browser. Cookies allow a web server to preserve state with an individual user, or session, across page requests. The following are examples of how we use the information collected from these cookies:

  1. Tracking resources and data accessed on the site
  2. Recording general site statistics and activity
  3. Troubleshooting website problems
  4. Tracking what tools users are accessing on the site
  5. Determine when and if a user completed a questionnaire
  6. Evaluating and reporting on a user’s activity or participation in an event

We may combine any of this information with other information that we have about you for data analytics, marketing and reporting, but only as permitted by law.

CREDIT CARD TRANSACTIONS

Some features of this website enable credit card transactions. This feature is completely voluntary for users. The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). One-time gifts or recurring gifts may be made online through the Foundation’s website (www.osugiving.com), by calling the Foundation (800-622-4678), or by mailing to the Foundation’s lockbox or physical locations. Online donations are processed through the Foundation’s secure online website, which does not store credit card information. Gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or merchant services online terminal. Once the constituent’s credit card information is entered online, the Foundation immediately redacts the credit card number.

DATA RETENTION AND DESTRUCTION

The Foundation complies with the laws and regulations related to both the length of time that it retains your electronic personal information and its proper destruction.

CONSENT

By visiting this site and by providing your personally identifiable information to us, you understand and consent to the collection, use, processing, transfer, and disclosure of your personally identifiable and non-personally identifiable information globally – including to the United States – in accordance with this privacy statement. Therefore, by visiting this site and by providing such information, you consent to the transfer of such information across country borders, and to the use, processing, and disclosure of such information in global locations. Unless you are subject to the General Data Protection Regulations, your consent shall be deemed to include your consent to transfer of the personally identifiable or non-personally identifiable information to locations that may have different levels of privacy protection than in your own country.

LINKS TO OTHER SITES

This site may contain links to other sites. This site is not responsible for the privacy practices or the content of any such sites.

CHANGES TO PRIVACY STATEMENT

The Foundation may change this statement from time to time. When updates are made, the date at the bottom of the statement will be updated to reflect that a revision has occurred. We encourage you to periodically reread this statement to see if there have been changes that may affect you.

ALUMNI DIRECTORY JOINT POLICY

I. POLICY

Oklahoma State University (the “University”), the Oklahoma State University Alumni Association (the “Alumni Association”) and the Oklahoma State University Foundation (the “Foundation,” and together with the University and Alumni Association, the “University Affiliates”), all recognize that alumni directories are an important tool in alumni relations and provide a valuable benefit to alumni of Oklahoma State University. The Foundation maintains a database of constituent information for gift processing, cultivation, solicitation and stewardship purposes (the “Development Database”) for the benefit of the University Affiliates. Because the information in the Development Database may be used by the Alumni Association for creation and publication of alumni directories, the University Affiliates need certain policies and procedures in order to best protect the confidentiality and proprietary information contained in the Development Database to the fullest extent provided by law.

II. GUIDELINES

Through the Alumni Association’s access to the Development Database, the Alumni Association may use certain information (the “Alumni Information”) pertaining to all living and deceased alumni, including individuals who attended the University but did not graduate (collectively, “Alumni” or individually, an “Alumnus”) to publish an alumni directory in accordance with this policy and the Alumni Directory Procedures, which procedures shall be created from time to time by and among the University Affiliates.

The Alumni Association shall have the first right to publish an alumni directory. The Alumni Association shall notify the University and the Foundation of its plans to publish an alumni directory. All proposed directory plans are subject to review and approval by the University Affiliates, including, without limitation, for compliance with policies and procedures, methodology, vendor contracts, and coordination of the downloading and uploading of data from the Development Database. The Alumni Association will also consult with the University and the Foundation regarding Alumni contact and marketing methods.

All Alumni – meaning all living and deceased alumni of the University, including individuals who attended the University but did not graduate – may be included in the alumni directory. Alumni Information relating to any particular Alumnus shall only be included in the directory after such Alumnus has received proper notice of the intent to publish that Alumnus’ Alumni Information (see below). Once properly notified, the following Alumni Information will be published for such Alumnus, depending on how the Alumnus responds to the notice:

  1. a. NO RESPONSE. If the Alumnus does not respond to the notice, only the following Alumni Information may be included in the alumni directory: first and last name, city, state, degree(s), school(s), and year(s) attended will be included in an alumni directory.
  2. b. RESPONSE. If the Alumnus responds to the notice with instructions on what Alumni Information can or cannot be included in the directory for the Alumnus, the directory shall include only the information authorized by the Alumnus, if any.

Proper notice for purposes of this policy means a multi-medium notification approach for each Alumnus, with a minimum of three (3) notification attempts over a period of ninety (90) days, before any Alumni Information may be included in a directory. Such notice may be through at least two (2) of the following mediums, if available: regular mailings, post-cards, emails, telephone calls and other forms of notice approved by the University Affiliates. The Alumni Association’s proposed mailing or other notifications must be submitted to the University and the Foundation for approval prior to any mailing or other notification to Alumni.

All information should be excluded for Alumni who elect to be excluded from the directory, whose mailing is returned as non-deliverable, who missed the deadline due to returned mail, or who are listed in any University Affiliates’ records as “Do Not Give Out Information,” “Do Not Include in Directory,” “Do Not Solicit,” or words to similar effect.

The alumni directory in whatever form produced must be distributed only to Alumni or Alumni Association members. The alumni directory must not be placed or be accessible in a library or in any other facility that is generally available to the public or anyone other than authorized employees of the University Affiliates and persons described above who are eligible to receive a copy of or have access to the alumni directory.

Failure to comply with this policy and the Alumni Directory Procedures may result in denial of future access to Alumni Information and other disciplinary action.

This policy is jointly adopted by the University Affiliates.