The Oklahoma State University Foundation is committed to protecting the confidentiality of the private, non-public information of donors, constituents, and alumni (collectively, “Constituent” or “Constituents”). Respect for a Constituent's right to privacy is a standard of integrity for all Oklahoma State University Foundation activities. This policy is issued by the Oklahoma State University Foundation Board of Trustees and is intended to provide information regarding the collection, use and release of Constituent information. The Oklahoma State University Foundation created this policy in accordance with the Generally Accepted Privacy Principles (“GAPP”).
A. The Oklahoma State University Foundation (the “Foundation”) collects and retains certain information that is private, non-public, confidential, and/or proprietary in nature (the “Confidential Information”), including but not limited, personal information, including identification information; trade secrets; proprietary methods; financial, business and marketing information; personnel data; data regarding Constituents; and other data that is the property of and integral to the operation and success of the Foundation; including but not limited to the specific following examples:
B. The Confidential Information is received from various sources including, but not necessarily limited to, the Constituent; Oklahoma State University (the “University”) pursuant to a development services agreement; third parties; and other information gathered from the Foundation Board of Trustees members, University affiliates, volunteers, Constituents, and Foundation staff. The Confidential Information is maintained, corrected and updated as necessary.
C. The Foundation retains the Confidential Information for purposes of, among other things, aiding the University and University affiliates in furtherance of achieving excellence; operating, maintaining, and providing the services of the Foundation; and communicating with Constituents. To succeed in this support, the Foundation must earn and maintain the trust of past, present, and future Constituents. A Constituent’s trust in the Foundation is enhanced when there is openness and communication. For this reason, the Foundation voluntarily makes public the following types of information (the “Voluntary Disclosures”):
D. The Voluntary Disclosures are in addition to all materials the Foundation is required to disclose by law, such as:
F. Notwithstanding the foregoing, Confidential Information may be made available on an as-needed basis to Foundation Board of Trustees members, University affiliates, volunteers and Foundation staff. The information made available for such internal uses may include, but is not necessarily limited to, giving history, as well as other information necessary for gift processing, cultivation, solicitation and stewardship purposes. Furthermore, Confidential Information may be otherwise released to other third parties in any of the following situations: if consent is obtained from the constituent, if otherwise required by law, for the purposes of advancing the Foundation through resource development efforts that require certain Confidential Information to develop strategies and present gift proposals, for the purposes of providing names and addresses of memorial fund donors to family members, or for purposes of publishing an alumni directory as more particularly set forth in the Alumni Directory Policies and Procedures adopted by the University, the Foundation and the Oklahoma State University Alumni Association (the “Alumni Directory Policy”).
G. Confidential Information will only be released to third parties upon receipt of a signed nondisclosure and confidentiality agreement by the receiving party, unless otherwise required to be disclosed by law or unless otherwise set forth in the Alumni Directory Policy for purposes of publishing an alumni directory. All Foundation staff shall sign confidentiality agreements and will be subject to Foundation hiring procedures and performance appraisals relating to the protection of Confidential Information. In addition, all Foundation staff shall complete a privacy and security awareness course within the first month following employment and shall thereafter complete such course on an annual basis in order to retain access privileges. Furthermore, the Foundation applies security safeguards for Confidential Information and shall undergo periodic risk assessments.
H. From time to time the Foundation will provide a Constituent with endowment reports when appropriate. Without requiring a confidentiality agreement, the Foundation may provide the following person(s) or entity(ies) with an endowment report, including but not limited to the name, spending, and balance of the relevant fund(s) (“Fund”): (1) any person or entity designated by the Constituent in writing to receive such information; (2) any person or entity properly granted power of attorney for the Constituent; and/or (3) upon the Constituent’s death, (a) any spouse, child or heir of the Constituent; (b) any person or entity who has been identified in writing to receive such information by a person or entity empowered to act on behalf of the Constituent’s estate and/or trust; (c) any person for whom the Fund is named; and/or (d) any spouse, child, heir or successor of a person or entity entitled herein to receive the endowment report and other endowment related information.
I. The Confidential Information collected may be stored and processed in the United States, or any other country in which the Foundation’s service providers maintain facilities. The Foundation may transfer information that it collects and processes, including personal information, to affiliated entities, or to other third parties across borders and from a Constituent’s respective country or jurisdiction to other countries or jurisdictions around the world. If a Constituent is located in the European Union or other regions with laws governing data collection and use that may differ from United States law, please note that the Foundation will not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as the Constituent’s jurisdiction.
L. The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). One-time gifts or recurring gifts may be made online through the Foundation’s website (www.osugiving.com), by calling the Foundation (800-622-4678), or by mailing to the Foundation’s lockbox or physical locations. Online donations are processed through the Foundation’s secure online website, which does not store credit card information. Gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or merchant services online terminal. Once the Constituent’s credit card information is entered online, the Foundation immediately redacts the credit card number.
M. The OSU Foundation Privacy Incident and Breach Management Program, as implemented, updated and amended from time to time by the OSU Foundation, shall be followed in the event of a privacy incident or breach.
N. Refusal of a Constituent to provide certain Confidential Information to the Foundation may result in the inability of the Foundation to provide certain benefits to the Constituent, such as naming recognition and gift receipts. In the event a Constituent’s Confidential Information needs to be updated, or in the event a Constituent does not wish to receive marketing or other solicitation materials from the Foundation or does not want the Foundation to store their personal data, such Constituent may make such a request by contacting firstname.lastname@example.org or 800-622-4678. Upon authentication of the identity of the requesting Constituent, the Constituent’s record may be updated, flagged, or deleted according to the Constituent’s request and applicable law, until receipt of further notice by the Constituent. A Constituent may also have a right under applicable law to request that the Foundation refrain from processing any of their personal data in the future, on legitimate grounds. The Foundation does not use government-issued identifiers (for example, Social Security numbers) for authentication of the requesting Constituent’s identity. Comments, inquiries or disputes relating to privacy related issues may be directed to the Foundation’s Legal Department by calling 800-622-4678.
Q. The GDPR Constituent may have the right to withdraw their consent or update their contact preferences at any time by contacting the email or phone number in paragraph N above.
R. The GDPR Constituent may have additional rights under the GDPR, including the following:
If a GDPR Constituent would like to exercise one of his/her rights, the Foundation has one month to respond to the request. Please direct all questions and requests to the Foundation’s Legal Department or to the Foundation’s data controller at:
|Oklahoma State University Foundation
Attn: GDPR (Legal)
P.O. Box 1749
Stillwater, OK 74076-1749
S. The Foundation may use an automated process to obtain and analyze a GDPR Constituent’s personal data. The results of that automated process may highlight certain attributes of a GDPR Constituent, such as their financial information, that the Foundation may use to provide services and fulfill its mission.
U. The Foundation will retain Confidential Information on a GDPR Constituent, including all personal data collected and processed, for as long as the GDPR Constituent is engaged with the Foundation or for the period of time necessary to fulfill the purposes for which the Foundation initially collected the information, unless otherwise required by law.
The Oklahoma State University Foundation (the “Foundation”) collects electronic data in order to provide a positive website experience, offer programs, products and services and report on user activity. Please be aware that none of these tools provide the Foundation with the ability to read any data residing on your computer.
The Foundation adheres to accepted industry security standards that are designed to protect any non-public personal information on this website against accidental or unauthorized use, access or disclosure. The technology we use is specifically designed for web servers. All of your personal information resides in the United States of America in a secure database behind a firewall where it cannot be accessed without proper authorization. Secure Sockets Layer ("SSL") technology encrypts your personal information as well as your history if it is transmitted over the Internet. In addition, we periodically subject this website to simulated intrusion tests.
You also have a responsibility in keeping the personal information that is available on the Foundation site secure by keeping your account name and password confidential. This will help prevent any potential unauthorized access to your account.
This site uses third-party click tracking analytics tools (such as Google Analytics) to capture click through statistics.
You have the option to register with osugiving.com and secure.osugiving.com. The site registration form requires you to provide your full name, address, city, state, country, zip code, email address, school name, date of birth, and create a username and password. You may also choose to provide additional optional information, such as, maiden name and graduation year. You may update this information at any time. You may opt out of receiving email communications from the Foundation.
Cookies are used on websites to gather information about how individuals use and navigate the Foundation website. Cookies cannot extract any personal information about you, nor can they read any data that resides on your personal computer or device. The data collected from these sources are used to recognize repeat users and track usage patterns. Specifically, the Foundation uses “cookies” which are small pieces of information sent by a web server and stored by a member’s web browser. Cookies allow a web server to preserve state with an individual user, or session, across page requests. The following are examples of how we use the information collected from these cookies:
We may combine any of this information with other information that we have about you for data analytics, marketing and reporting, but only as permitted by law.
Some features of this website enable credit card transactions. This feature is completely voluntary for users. The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). One-time gifts or recurring gifts may be made online through the Foundation’s website (www.osugiving.com), by calling the Foundation (800-622-4678), or by mailing to the Foundation’s lockbox or physical locations. Online donations are processed through the Foundation’s secure online website, which does not store credit card information. Gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or merchant services online terminal. Once the constituent’s credit card information is entered online, the Foundation immediately redacts the credit card number.
The Foundation complies with the laws and regulations related to both the length of time that it retains your electronic personal information and its proper destruction.
By visiting this site and by providing your personally identifiable information to us, you understand and consent to the collection, use, processing, transfer, and disclosure of your personally identifiable and non-personally identifiable information globally – including to the United States – in accordance with this privacy statement. Therefore, by visiting this site and by providing such information, you consent to the transfer of such information across country borders, and to the use, processing, and disclosure of such information in global locations. Unless you are subject to the General Data Protection Regulations, your consent shall be deemed to include your consent to transfer of the personally identifiable or non-personally identifiable information to locations that may have different levels of privacy protection than in your own country.
This site may contain links to other sites. This site is not responsible for the privacy practices or the content of any such sites.
The Foundation may change this statement from time to time. When updates are made, the date at the bottom of the statement will be updated to reflect that a revision has occurred. We encourage you to periodically reread this statement to see if there have been changes that may affect you.
Oklahoma State University (the “University”), the Oklahoma State University Alumni Association (the “Alumni Association”) and the Oklahoma State University Foundation (the “Foundation,” and together with the University and Alumni Association, the “University Affiliates”), all recognize that alumni directories are an important tool in alumni relations and provide a valuable benefit to alumni of Oklahoma State University. The Foundation maintains a database of constituent information for gift processing, cultivation, solicitation and stewardship purposes (the “Development Database”) for the benefit of the University Affiliates. Because the information in the Development Database may be used by the Alumni Association for creation and publication of alumni directories, the University Affiliates need certain policies and procedures in order to best protect the confidentiality and proprietary information contained in the Development Database to the fullest extent provided by law.
Through the Alumni Association’s access to the Development Database, the Alumni Association may use certain information (the “Alumni Information”) pertaining to all living and deceased alumni, including individuals who attended the University but did not graduate (collectively, “Alumni” or individually, an “Alumnus”) to publish an alumni directory in accordance with this policy and the Alumni Directory Procedures, which procedures shall be created from time to time by and among the University Affiliates.
The Alumni Association shall have the first right to publish an alumni directory. The Alumni Association shall notify the University and the Foundation of its plans to publish an alumni directory. All proposed directory plans are subject to review and approval by the University Affiliates, including, without limitation, for compliance with policies and procedures, methodology, vendor contracts, and coordination of the downloading and uploading of data from the Development Database. The Alumni Association will also consult with the University and the Foundation regarding Alumni contact and marketing methods.
All Alumni – meaning all living and deceased alumni of the University, including individuals who attended the University but did not graduate – may be included in the alumni directory. Alumni Information relating to any particular Alumnus shall only be included in the directory after such Alumnus has received proper notice of the intent to publish that Alumnus’ Alumni Information (see below). Once properly notified, the following Alumni Information will be published for such Alumnus, depending on how the Alumnus responds to the notice:
Proper notice for purposes of this policy means a multi-medium notification approach for each Alumnus, with a minimum of three (3) notification attempts over a period of ninety (90) days, before any Alumni Information may be included in a directory. Such notice may be through at least two (2) of the following mediums, if available: regular mailings, post-cards, emails, telephone calls and other forms of notice approved by the University Affiliates. The Alumni Association’s proposed mailing or other notifications must be submitted to the University and the Foundation for approval prior to any mailing or other notification to Alumni.
All information should be excluded for Alumni who elect to be excluded from the directory, whose mailing is returned as non-deliverable, who missed the deadline due to returned mail, or who are listed in any University Affiliates’ records as “Do Not Give Out Information,” “Do Not Include in Directory,” “Do Not Solicit,” or words to similar effect.
The alumni directory in whatever form produced must be distributed only to Alumni or Alumni Association members. The alumni directory must not be placed or be accessible in a library or in any other facility that is generally available to the public or anyone other than authorized employees of the University Affiliates and persons described above who are eligible to receive a copy of or have access to the alumni directory.
Failure to comply with this policy and the Alumni Directory Procedures may result in denial of future access to Alumni Information and other disciplinary action.
This policy is jointly adopted by the University Affiliates.